Community discussions

MikroTik App
 
20BR
just joined
Topic Author
Posts: 1
Joined: Fri Jan 16, 2009 8:32 pm

Inconsistent access to internet

Fri Jan 16, 2009 8:40 pm

I can access yahoo.com and I can ping it. Then I cant access digg or msn. basically its a gamble which sites are accessible. I must have set up something incorrectly.

Anyone had any experience with this?

Thanks
 
User avatar
ashish
Long time Member
Long time Member
Posts: 550
Joined: Mon Feb 12, 2007 5:50 am
Location: Virginia, USA.

Re: Inconsistent access to internet

Sat Jan 17, 2009 10:50 am

Drop Your Configuration here
- AP - ASHISH PATEL - 757 309 0236 -
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1370
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: Inconsistent access to internet

Wed Jan 21, 2009 1:29 am

Often when the MSS (Maximum Segment Size) value is not set properly, a lot of websites will refuse to open etc. To fix this, you should put in your MikroTik Router the following setting:

1. If you dial up with a PPPoE connection that is in MikroTik, see if the profile it's using has change-mss=yes. This will automatically create mangle rules that will set the MSS for the MTU the PPPoE connection has. Typically for a ADSL line the MTU works with the default 1480 as well as with the worldwide maximum possible and recommended - 1492. The correct MSS is automatically calculated by RouterOS.

2. The other scenario is when the change-mss=no - you set the MSS with static rules, which is my example:

/ip firewall mangle
add action=change-mss chain=forward comment="Clamp MSS to PMTU" in-interface=ADSL2 new-mss=clamp-to-pmtu protocol=tcp tcp-flags=syn tcp-mss=1453-65535
add action=change-mss chain=forward in-interface=ADSL1 new-mss=clamp-to-pmtu protocol=tcp tcp-flags=syn tcp-mss=1453-65535
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=ADSL2 protocol=tcp tcp-flags=syn tcp-mss=1453-65535
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=ADSL1 protocol=tcp tcp-flags=syn tcp-mss=1453-65535

This is in case you use PPPoE for Internet access and you have MTU and MRU 1492. I have simply copied the dynamic rules into static, changing the new-mss=something to new-mss=clamp-to-pmtu.

You can check your currently active MTU via this wbsite: http://speedguide.net:8080 The active MTU is not only set at the Router but at the end-computer, the workstation from which you are browsing, so results may be affected. Tools to configure MTU and other TCP/IP settings can be found on that site: http://speedguide.net

And for PPPoE in MT ROS - there are MTU and MRU columns in WinBox in the PPP window - Interfaces (first page) -> add columns MTU and MRU to see the currently negotiated and active MTU and MRU settings.

More on the issue: http://www.google.com/search?q=mikrotik+change+mss

Just to test if MTU/MRU/MSS settings could be the problem, you could turn on the change-mss=yes option in the ppp profile, and change the PPPoE dial-up interface settings of MTU and MRU to lower settings, like 1300.

A way to find out what your MTU is would be to ping with the don't fragment flag '-f' to see at what size the packets will need fragmenting. After you find that out, you add 28 byes for ICMP header and you get the correct MTU.

ping <gateway IP> -l 1465 -f will probably return an error that the packet need fragmenting on PPPoE so the next will work
ping <gateway IP> -l 1464 -f - adding 28 equals 1492.

Easy. Good luck.
Last edited by NetworkPro on Wed Feb 11, 2009 2:56 pm, edited 2 times in total.
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
davidw
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Fri Apr 27, 2007 11:11 pm

Re: Inconsistent access to internet

Wed Feb 11, 2009 4:23 am

NetworkPro,

I too have a site where hotspot users are complaining of a similar issue. IE can't login to messenger live or facebook or hotmail but they can when they connect to the office network.

This would indicate that there is nothing wrong with the internet connection but rather some sort of hotspot/ firewall issue ????

config is as follows

ADSL Internet connection ======> Ether3
Office network ==============> Ether1 =====> <AP1>
Hotspotnetwork =============> Ether2 =====> <AP1> <---------> <Ap2> <--------> <Ap3>

Can you explain a little more on the MSS / MTU issue ?

You mentioned speedguid.net and getting the MTU setting...Once you get the MTU Setting what should you change in the MT router ?

I can confirm that MTU on all 3 interface's are 1500 and MTU on AP1's are also set to 1500.


Cheers

david
 
sudiptakp
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Thu Jan 29, 2009 2:43 pm

Re: Inconsistent access to internet

Wed Feb 11, 2009 10:59 am

ether3 should have MTU=1492. At least you might check if it works

Who is online

Users browsing this forum: Elladan, Google [Bot] and 49 guests