Page 1 of 1

Inconsistent access to internet

Posted: Fri Jan 16, 2009 8:40 pm
by 20BR
I can access yahoo.com and I can ping it. Then I cant access digg or msn. basically its a gamble which sites are accessible. I must have set up something incorrectly.

Anyone had any experience with this?

Thanks

Re: Inconsistent access to internet

Posted: Sat Jan 17, 2009 10:50 am
by ashish
Drop Your Configuration here

Re: Inconsistent access to internet

Posted: Wed Jan 21, 2009 1:29 am
by NetworkPro
Often when the MSS (Maximum Segment Size) value is not set properly, a lot of websites will refuse to open etc. To fix this, you should put in your MikroTik Router the following setting:

1. If you dial up with a PPPoE connection that is in MikroTik, see if the profile it's using has change-mss=yes. This will automatically create mangle rules that will set the MSS for the MTU the PPPoE connection has. Typically for a ADSL line the MTU works with the default 1480 as well as with the worldwide maximum possible and recommended - 1492. The correct MSS is automatically calculated by RouterOS.

2. The other scenario is when the change-mss=no - you set the MSS with static rules, which is my example:

/ip firewall mangle
add action=change-mss chain=forward comment="Clamp MSS to PMTU" in-interface=ADSL2 new-mss=clamp-to-pmtu protocol=tcp tcp-flags=syn tcp-mss=1453-65535
add action=change-mss chain=forward in-interface=ADSL1 new-mss=clamp-to-pmtu protocol=tcp tcp-flags=syn tcp-mss=1453-65535
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=ADSL2 protocol=tcp tcp-flags=syn tcp-mss=1453-65535
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=ADSL1 protocol=tcp tcp-flags=syn tcp-mss=1453-65535

This is in case you use PPPoE for Internet access and you have MTU and MRU 1492. I have simply copied the dynamic rules into static, changing the new-mss=something to new-mss=clamp-to-pmtu.

You can check your currently active MTU via this wbsite: http://speedguide.net:8080 The active MTU is not only set at the Router but at the end-computer, the workstation from which you are browsing, so results may be affected. Tools to configure MTU and other TCP/IP settings can be found on that site: http://speedguide.net

And for PPPoE in MT ROS - there are MTU and MRU columns in WinBox in the PPP window - Interfaces (first page) -> add columns MTU and MRU to see the currently negotiated and active MTU and MRU settings.

More on the issue: http://www.google.com/search?q=mikrotik+change+mss

Just to test if MTU/MRU/MSS settings could be the problem, you could turn on the change-mss=yes option in the ppp profile, and change the PPPoE dial-up interface settings of MTU and MRU to lower settings, like 1300.

A way to find out what your MTU is would be to ping with the don't fragment flag '-f' to see at what size the packets will need fragmenting. After you find that out, you add 28 byes for ICMP header and you get the correct MTU.

ping <gateway IP> -l 1465 -f will probably return an error that the packet need fragmenting on PPPoE so the next will work
ping <gateway IP> -l 1464 -f - adding 28 equals 1492.

Easy. Good luck.

Re: Inconsistent access to internet

Posted: Wed Feb 11, 2009 4:23 am
by davidw
NetworkPro,

I too have a site where hotspot users are complaining of a similar issue. IE can't login to messenger live or facebook or hotmail but they can when they connect to the office network.

This would indicate that there is nothing wrong with the internet connection but rather some sort of hotspot/ firewall issue ????

config is as follows

ADSL Internet connection ======> Ether3
Office network ==============> Ether1 =====> <AP1>
Hotspotnetwork =============> Ether2 =====> <AP1> <---------> <Ap2> <--------> <Ap3>

Can you explain a little more on the MSS / MTU issue ?

You mentioned speedguid.net and getting the MTU setting...Once you get the MTU Setting what should you change in the MT router ?

I can confirm that MTU on all 3 interface's are 1500 and MTU on AP1's are also set to 1500.


Cheers

david

Re: Inconsistent access to internet

Posted: Wed Feb 11, 2009 10:59 am
by sudiptakp
ether3 should have MTU=1492. At least you might check if it works