Community discussions

MUM Europe 2020
 
noir
newbie
Topic Author
Posts: 31
Joined: Wed Dec 15, 2004 8:43 am
Location: South Africa

Secure Websites

Wed Dec 15, 2004 8:46 am

We are running a wis, with clients connecting to the high site via pppoe, the problem is that they cannot connect to any secure website ie like online banking sites. Everything else is working like a dream.

Our firewall on the highsite mangle everything through the firewall, so its not that, we have V 2.8.91, had 2.8.21, but we though that its was causing problems.

Any help would be appreciated.
 
nhalachev
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Fri May 28, 2004 4:41 pm
Location: Bulgaria

Wed Dec 15, 2004 9:08 am

If a mangle for pppoe connections is setup right way and still have a problem, checkout src-nat rules if you have.
I have experienced same problem when have src-nat to range of external IP's.
The solution was to do masquarade or src-nat secure web sites to 1 external IP.
 
noir
newbie
Topic Author
Posts: 31
Joined: Wed Dec 15, 2004 8:43 am
Location: South Africa

Wed Dec 15, 2004 9:30 am

um, i have no scr-nat rules setup, also it will be difficult to add the ip's of the secure websites, due to the fact the mikrotik is sitting behind a server. The server is running suse 9.1 and we tested the interface thorugh which the high site come in to and it doesnt block the sites.

Will try that , but it didnt do it before, after I upgraded the hardware and the router os then it started this. So i downgraded again and the problem still persists
 
User avatar
[ASM]
Member Candidate
Member Candidate
Posts: 285
Joined: Sun Jun 06, 2004 12:59 am
Location: Sofia, Bulgaria
Contact:

Wed Dec 15, 2004 11:05 am

Problem is in TCP MSS.. don't change it and it will work
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Wed Dec 15, 2004 4:43 pm

Problem is in TCP MSS.. don't change it and it will work
could you please explain this? if the MTU was set to a smaller value by a mangle rule, i thought the MSS has to be adjusted also.

thx.
   matthias
 
User avatar
[ASM]
Member Candidate
Member Candidate
Posts: 285
Joined: Sun Jun 06, 2004 12:59 am
Location: Sofia, Bulgaria
Contact:

Wed Dec 15, 2004 5:56 pm

Just test and you'll see that :) I just change the MSS of client interfaces to 1400, and everithing is working fine
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Wed Dec 15, 2004 6:28 pm

Just test and you'll see that :) I just change the MSS of client interfaces to 1400, and everithing is working fine
but MSS should be MTU - 40. usually i set MTU for pppoe-links to 1480 bytes, MRU also. the dynamic mangle rule (created by choosing change tcp-mss in the ppp profile) sets MSS to 1420, which seems to small, but works for me.

ok, these valuas are all maxima, so using a smaller one will work, but cost bandwith.

regards.
   matthias

Who is online

Users browsing this forum: codebreaker, eworm, martix77, MSN [Bot] and 57 guests