OpenWrt Forum Archive

Topic: Strange: Timeout "www.postbank.de", other pages no problem

The content of this topic has been archived on 22 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hello everybody,

could you please try to get the webpage "www.postbank.de"?

My Asus WL-500GDeluxe works generally fine, but this page will not come! The browser ends with a timeout. But if I try it with my other router (3com), I have no problems receiving this page! So the webserver is not down what I thought in the first step.

This makes me feel really strange and I wonder if there are other pages which will not work .... What could be the reason??

Bernd

This could be a known issue with the NAT and MTU. Since the packets coming out from your host machine are generally 1500 (the MTU of 100Mbit ethernet) and they are then NATed by the WRT adding some bytes, they become fragmented. Some sites are paranoid and refuse such fragmented packets. Try reducing the MTU to 1300.

(Last edited by TemplaraPhoenix on 12 May 2006, 07:08)

what about TCPMSS which is defaultly use in S45firewall script ? are there situations in which TCPMSS does'n work ?

Thanks for your awnsers.

Setting MTU to 1300 didn't change anything :-(

I don't know what TCPMSS is, but I found this line in my S45firewall script:

  iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

check if your PCs "hosts" file has an entry "postbank.de" ^^

No, there is no entry in the hosts file - neither on my PC neither on the router.

Strange: I found some more pages, could you please check if you can receive them?

www.gulp.de
www.pinnaclesys.de

Thank you

They work fine for me (Linksys WRT54GS with RC5).
Does one of theese websites work: www.genie.de  www.wallstreet-online.de www.gmx.de ?
If not it is an MTU Problem. Try reducing the MTU from 1500 to 1492 "nvram set ppp_mtu=1492; nvram commit" and check the mtu after reboot "nvram show | grep mtu" aswell as "ifconfig ppp0".
Is your ISP Arcor? I think they use a lower standard MTU. Try "ping -f -l 1464 heise.de" on a windows machine. (1464+28=)1492 so you shouldnt get an fragmentation flag message, in case you do reduce the value untill you dont receive the message anymore, add 28 and set that value as MTU on your Router.

Hi Kasei,

you must be a real network crack! Thank you :-)

By the way, how do you find out about the maximum allowed MTU for a special website like gmx.de?

www.gmx.de works for me, but www.wallstreet-online and www.genie.de don't work. I tried the ping on heise de and reduced the packet size to 1272, then I got ping-awnser from heise.de. So I entered 1300 for the ppp_mtu, but it didn't help. I even tried to set ppp_mtu=200. Still the pages postbank.de, genie.de, wallstree-online.de don't work. Then I tried the other flag, wan_pppoe_mtu to set on 1300 (it was also 1492) - no result.

Even my provider-site www.congster.de doesn't come up!
The bizzare thing also is that I have another router (3com), and there I have MTU=1492 configured. And I do not have a problem receiving the pages...

I hope you have some more hints for me....

Thanks,
Bernd

Sorry, it's a bit different: The ping -f -l xxxx www.heise.de gives me this:

0      - 1272      normal ping awnser
1273 - 1464      ping timeout
1465 - max       fragmentation flag message

Well i guess the problem is that your Asus router fragments your packets hmm Some websites simply drop fragmented packets because there are several attacks that use fragmentated packets.
Try opening the regeditor and find HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\ Services\Tcpip\Parameters\Interfaces
you should see several folders. Browse trough them and look for an entry that matches your local ip-adress(cmd ipconfig). Right click in that folder and press add new dword-value. Name it "MTU" and set the decimal value to 1300. Restart your computer and try to reach thoose sites again(remove that entry after you are finished with testing!).
Are you using the white russian RC5 on that router?
Please post your MTU value from http://www.speedguide.net/analyzer.php before and after adding the registry key.

(Last edited by Kasei on 13 May 2006, 14:25)

Hi, sorry for highjacking this thread, but seems to fit good in here:

The Speedguide gives me (for my 2M/192k line):

Default TCP Receive Window (RWIN) = 5840
RWIN Scaling (RFC1323) = 2 bits (scale factor of 4)
Unscaled TCP Receive Window = 1460

RWIN seems to be set to a very small number. If you're on a broadband connection, consider using a larger value.
For optimum performance, consider changing RWIN to a multiple of MSS.
Other RWIN values that might work well with your current MTU/MSS:
511104 (MSS x 44 * scale factor of 8)
255552 (MSS x 44 * scale factor of 4)
127776 (MSS x 44 * scale factor of 2)
63888 (MSS x 44)

But my connection seems quite good. Should i change the rwin setting?
And if, where do i change it, in my router or my pc?
How do i change my rwin on Linux, a quick google search did not give me an answer?

It doesn´t fit in here tongue
I think the site cant detect the values correctly on a linux os. If you would have started a download with that setting youd know there was something wrong wink (something <60kbyte/s)
cat /proc/sys/net/core/rmem_max should tell you the correct value. To change it simply "echo XXXXX > /proc/sys/net/core/rmem_max" default should be 109568. I dont think it would affect your pc if the router value was wrong so you need to change it on your pc if you feel like you need to.
Check out http://www.psc.edu/networking/projects/tcptune/#Linux

gunni@gunnidesktop:~$ cat /proc/sys/net/core/rmem_max
131071

Thanks for your answer. Downloads work properly and a bandwidth check gives me 1.986 kbps/184 kbps (http://www.wieistmeineip.de/speedtest/) so everything seems to be fine.

Hi Kasei!

Now it works for me! I made the registry entry with MTU=1300 and I receive postbank.de and wallstreet-journal.de. genie.de does not work yet...

The speedGuide analysis is:

TCP options string = 020405ac01010402
   
MTU = 1492
MTU is optimized for PPoE DSL broadband. If not, consider raising MTU to 1500 for optimal throughput.
   
MSS = 1452
MSS is optimized for PPPoE DSL broadband. If not, consider raising your MTU value.
   
Default TCP Receive Window (RWIN) = 65340
RWIN Scaling (RFC1323) = 0 bits
Unscaled TCP Receive Window = 65340

RWIN is a multiple of MSS
Other RWIN values that might work well with your current MTU/MSS:
511104 (MSS x 44 * scale factor of 8)
255552 (MSS x 44 * scale factor of 4)
127776 (MSS x 44 * scale factor of 2)
63888 (MSS x 44)
   
bandwidth * delay product (Note this is not a speed test):

Your TCP Window limits you to: 2613.6 kbps (326.7 KBytes/s) @ 200ms
Your TCP Window limits you to: 1045.44 kbps (130.68 KBytes/s) @ 500ms
   
MTU Discovery (RFC1191) = ON
   
Time to live left = 119 hops
TTL value is ok.
   
Timestamps (RFC1323) = OFF   
Selective Acknowledgements (RFC2018) = ON
   
IP type of service field (RFC1349) = 00000000 (0)

In that case i hope someone else has another idea sad
If not i would pray, reset the nvram values "mtd -r erase nvram" and re-flash the router with an actual release(dont forget to backup all the stuff you need).
I had strange problems with the older RCs (like randomly added weird iptable rules). The workaround was to overclock the router big_smile But i think thoose things got fixed in RC4 or 5 so give it a try if no one comes up with a better solution.
Genie.de doesnt work for me either right now ... seems to be down.

see my entry in this thread:
http://forum.openwrt.org/viewtopic.php?id=5554

Apart from introducing and setting MTU to some lower value in windows, also the variable TCPWindowSize was added and set to a high value. That solved the problem here with identical symptoms.
Am still puzzled as to what is causing this. In the other thread it was suggested that it may be certain icmp packets that contain error messages not making it back (firewall ?), thus breaking the automatic adjustment of these TCP/IP variables via trial and error.

is there anyway to post the RWIN to 65536 in the white russian router itself. I need this setting for my wireless verizon card that fits in the top of my wrt54g3g router

Sorry, have to ask - why does NATing add bytes to the packet? Shouldn't it simply rewrite the source IP/port ? My original Motorola image seems to work without fragmenting packets.

The discussion might have continued from here.