I have a stupid problem (I hope) that is driving me crazy I've created a network, drawn below.
-------------+ ROUTER 1 ROUTER 2
| +-----------------+ +------------------+
| | | | |
internet | | eth0 | | eth0 |
| | 192.168.2.50/24 | | 192.168.5.100/24 |-----+
router |----+----| | | | |
IP (LAN) | | | | | | |
192.168.2.1 | | | | | | |
(/24) | | | sl0 | | sl0 | |
| | | 192.168.22.1 |-----| 192.168.22.2 | |
-------------+ | +-----------------+ +------------------+ |
| |
+-----------------+ +-----------------+
| 192.168.2.2/24 | | 192.168.5.10/24 |
| GW 192.168.2.254| | GW 192.168.5.100|
| CLIENT A | | CLIENT B |
+-----------------+ +-----------------+
On both routers I have enabled IP_FORWARD and Debian as OS.
The goal is:
-Ensure that Client B can surf the Internet and access to 192.168.2.0/24 network.
-Client A must be able to reach the 192.168.5.0/24 network (and this is done by adding a simple route rule on client A) and obviously Internet.
The SLIP (sl0) connection is made via a 3-wire connection, with 2 USB-RS232 adapters (FT232 - FTDI chipset). With the configurations below it is actually possible to do what I ask. MTU of Sl0 it’s intentionally setting lower.
If from client B I try to open a web page, with TSHARK enabled on the sl0 interface, I see a high number of errors on TCP packets.
I see so many:
TCP Dup ACK
Time-to-live exceeded
TCP Retransmission
Which make it impossible to open a web page.
If instead I open the web page from router 2, the errors drop dramatically and it is possible (slowly) to navigate.
Start config of Sl0
## ROUTER 1
stty -F /dev/ttyUSB0 115200 raw
modprobe slip
slattach -L -s 115200 -p cslip /dev/ttyUSB0 &
ifconfig sl0 192.168.22.1 dstaddr 192.168.22.2 mtu 296 txqueuelen 3
echo 0 > /proc/sys/net/ipv4/tcp_fastopen
route add -net 192.168.22.0 netmask 255.255.255.0 gw 192.168.22.1
route add -net 192.168.5.0 netmask 255.255.255.0 gw 192.168.22.2
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 296
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
## ROUTER 2
stty -F /dev/ttyUSB0 115200 raw
modprobe slip
slattach -L -s 115200 -p cslip /dev/ttyUSB0 &
ifconfig sl0 192.168.22.2 dstaddr 192.168.22.1 mtu 296 txqueuelen 3
echo 0 > /proc/sys/net/ipv4/tcp_fastopen
route add -net 192.168.5.0 netmask 255.255.255.0 gw 192.168.5.100
route add -net 192.168.22.0 netmask 255.255.255.0 gw 192.168.22.2
ip route add default via 192.168.22.1
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 296
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
Where am I wrong?
I have some doubts about the configuration of IPTABLES and/or the routing map. I suspect that the packages bounce between the various interfaces
I’ve also tried this: Change MSS in iptables And there is a reduction a bit of error.
Thanks in advance for any suggestions!
#### Router 1 - routing table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.2.1 0.0.0.0 UG 202 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.5.0 192.168.22.2 255.255.255.0 UG 0 0 0 sl0
192.168.22.0 192.168.22.1 255.255.255.0 UG 0 0 0 sl0
192.168.22.2 0.0.0.0 255.255.255.255 UH 0 0 0 sl0
#### Router 2 – routing table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.22.1 0.0.0.0 UG 0 0 0 sl0
192.168.5.0 0.0.0.0 255.255.255.0 U 200 0 0 eth0
192.168.22.0 192.168.22.2 255.255.255.0 UG 0 0 0 sl0
192.168.22.1 0.0.0.0 255.255.255.255 UH 0 0 0 sl0
