router problems

Hi. I was hoping someone could help me out. I just purchased a new router
for our home DSL line and it has been behaving kind of stangely. For some
reason, we can not access certain secure websites without changing the MTU
setting to about 1440 or 1460. Also, ssh and scp under linux constantly
hang. I guess I should mention that I am running a dual boot with redhat
2.4.30-8 (its something like that)and XP. The thing is that when i plug
directly into the DSL modem everything works fine. I disabled all the
firewall settings on my router and on my laptop and I still am getting these
problems. The router is a wireless/ethernet 4-port made by Belkin. We
payed like 20 bucks for this router. Could it be that this router is just a
piece of crap or am I doing something wrong? Thanks for the help.

-Scott Betzel (gtg678m@mail.gatech.edu)

On Don, 20 Mai 2004 at 23:57 GMT, Scott Betzel wrote:
> Hi. I was hoping someone could help me out. I just purchased a new router
> for our home DSL line and it has been behaving kind of stangely. For some
> reason, we can not access certain secure websites without changing the MTU
> setting to about 1440 or 1460. Also, ssh and scp under linux constantly
> hang. I guess I should mention that I am running a dual boot with redhat
> 2.4.30-8 (its something like that)and XP. The thing is that when i plug
> directly into the DSL modem everything works fine. I disabled all the
> firewall settings on my router and on my laptop and I still am getting these
> problems. The router is a wireless/ethernet 4-port made by Belkin. We
> payed like 20 bucks for this router. Could it be that this router is just a
> piece of crap or am I doing something wrong? Thanks for the help.
>
> -Scott Betzel (gtg678m@mail.gatech.edu)
>
>

For me an MTU of 1492 on the DSL-Interface works with no problems. I
think it is possible, that your provider uses another MTU.
There have already been some threads about MTU-settings. Probably you
will find further hints in the archives.

HTH

--

Robert...

Scott Betzel <gtg678m@mail.gatech.edu> wrote:
> Hi. I was hoping someone could help me out. I just purchased a new router
> for our home DSL line and it has been behaving kind of stangely. For some
> reason, we can not access certain secure websites without changing the MTU
> setting to about 1440 or 1460. Also, ssh and scp under linux constantly
> hang. I guess I should mention that I am running a dual boot with redhat
> 2.4.30-8 (its something like that)and XP. The thing is that when i plug
> directly into the DSL modem everything works fine. I disabled all the
> firewall settings on my router and on my laptop and I still am getting these
> problems. The router is a wireless/ethernet 4-port made by Belkin. We
> payed like 20 bucks for this router. Could it be that this router is just a
> piece of crap or am I doing something wrong? Thanks for the help.

A host directly connected to the modem sets it's interface MTU to
accommodate the MSS advertised by the remote host during negotiation
of the TCP connection, and the remote host does the same in reverse.
The host then does PMTU Discovery as needed but, since it's interface
MTU is already appropriate for the MSS advertised by the remote host,
only the MTU of routers along the path between the two hosts can cause
it's MTU to be reset.

Now if the host is behind a NATing router then same negotiation of
the TCP connection occurs, *except* the router replaces the private
IP of the host with it's own (routable) IP address, and forwards the
negotiation datagrams on to the remote host. Those datagrams are
small and the router's MTU is almost never a consideration; the TCP
negotiation should complete without any problem.

Now comes the problem: the host attempts send a datagram larger than
the MSS of the router, the router drops the datagram, and sends an ICMP
message back to the host notifying it that the datagram was too large.
The host adjusts it's MTU downward and the datagrams eventually start
getting through the router to the remote host.

Now, if the router's MTU is smaller than the remote host's MTU (which
was set to accommodate the (local) host's advertised MSS _before_ the
host's MTU was adjusted downward), *and* the remote host blocks the
ICMP message from the router that is essential to PMTU Discovery then
the remote host never "discovers" the router's smaller MTU and doesn't
reduce it's MTU. So the router drops all the oversized datagrams from
the remote host.

Such a remote host is commonly referred to as brain-dead.

How to correct it? One way in this case, where you appear not to have
many hosts behind the router, is to determine the MTU of the router and
set the MTU of all the hosts behind the router to the same value.

If the router was a Linux iptables router then a read of

http://lartc.org/howto/lartc.cookbook.mtu-mss.html

would help.

Or you could set the MTU of all the hosts behind the router to 576 and
that should work, period.

--
Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
PPP-Q&A links, downloads: http://ckite.no-ip.net/
/* Speak softly and carry a sucker rod (See man syslogd, footnote to
recommendation 4 under SECURITY THREATS). */

have you heard of clampmss?

If your Internet connection uses a non-standard MTU and you are having
problems with downloading large files or web pages, then you should
try using this option if your software/hardware permits.

It clamps the Maximum Segment Size (MSS) to the Maximum Transfer Unit
(MTU) determined by Path MTU Discovery. This helps when there is a
router between your end and the remote host that is dropping ICMP
packets incorrectly.

hth

raqueeb hassan
congo

have you heard of a term clampmss?

If your Internet connection uses a non-standard MTU and you are having
problems with downloading large files or web pages, then you should
try turning this option on, should that be provided my
software/hardware.

It clamps the Maximum Segment Size (MSS) to the Maximum Transfer Unit
(MTU) determined by Path MTU Discovery. This helps when there is a
router between your end and the remote host that is dropping ICMP
packets incorrectly.

have you heard of a term clampmss?

If your Internet connection uses a non-standard MTU and you are having
problems with downloading large files or web pages, then you should
try turning this option on, should that be provided by
software/hardware.

It clamps the Maximum Segment Size (MSS) to the Maximum Transfer Unit
(MTU) determined by Path MTU Discovery. This helps when there is a
router between your end and the remote host that is dropping ICMP
packets incorrectly.