Asbest Posted March 24, 2010 Posted March 24, 2010 Произвел замену 2621 на 2821, подключение по pppoe+nat, все работает, но перестало заходить на http://rutracker.org (остальные сайты вроде работают) Вырезки конфига: interface GigabitEthernet0/0 ip address 10.128.0.11 255.255.255.0 ip nat inside ip virtual-reassembly no ip mroute-cache duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 fair-queue interface Dialer1 mtu 1480 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache policy ip route-cache flow ip tcp adjust-mss 1452 no ip mroute-cache dialer pool 1 dialer-group 1 no cdp enable ip nat translation timeout 60 ip nat translation tcp-timeout 900 ip nat translation udp-timeout 45 ip nat translation syn-timeout 15 ip nat translation dns-timeout 5 ip nat translation icmp-timeout 5 ip nat translation port-timeout tcp 80 30 ip nat inside source list 10 interface Dialer1 overload Дампим пакеты с клиентской машины при попытке зайти на сайт: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 14:19:26.337373 00:0f:38:6c:19:a8 > 00:1a:e2:5e:32:60, ethertype IPv4 (0x0800), length 66: 10.128.1.133.56584 > 195.82.146.114.80: S 97970897:97970897(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 6> 14:19:26.467867 00:19:5b:f2:2c:00 > 00:0f:38:6c:19:a8, ethertype IPv4 (0x0800), length 60: 195.82.146.114.80 > 10.128.1.133.56584: S 370561435:370561435(0) ack 97970898 win 5840 <mss 1452> 14:19:26.467877 00:0f:38:6c:19:a8 > 00:1a:e2:5e:32:60, ethertype IPv4 (0x0800), length 54: 10.128.1.133.56584 > 195.82.146.114.80: . ack 1 win 5840 14:19:26.468109 00:0f:38:6c:19:a8 > 00:1a:e2:5e:32:60, ethertype IPv4 (0x0800), length 208: 10.128.1.133.56584 > 195.82.146.114.80: P 1:155(154) ack 1 win 5840 14:19:26.598604 00:19:5b:f2:2c:00 > 00:0f:38:6c:19:a8, ethertype IPv4 (0x0800), length 60: 195.82.146.114.80 > 10.128.1.133.56584: . ack 155 win 6432 14:19:26.598872 00:19:5b:f2:2c:00 > 00:0f:38:6c:19:a8, ethertype IPv4 (0x0800), length 833: 195.82.146.114.80 > 10.128.1.133.56584: P 1:780(779) ack 155 win 6432 14:19:26.598878 00:0f:38:6c:19:a8 > 00:1a:e2:5e:32:60, ethertype IPv4 (0x0800), length 54: 10.128.1.133.56584 > 195.82.146.114.80: . ack 780 win 7011 14:19:27.600201 00:0f:38:6c:19:a8 > 00:1a:e2:5e:32:60, ethertype IPv4 (0x0800), length 255: 10.128.1.133.56584 > 195.82.146.114.80: P 155:356(201) ack 780 win 7011 14:19:27.992820 00:0f:38:6c:19:a8 > 00:1a:e2:5e:32:60, ethertype IPv4 (0x0800), length 255: 10.128.1.133.56584 > 195.82.146.114.80: P 155:356(201) ack 780 win 7011 14:19:28.123265 00:19:5b:f2:2c:00 > 00:0f:38:6c:19:a8, ethertype IPv4 (0x0800), length 60: 195.82.146.114.80 > 10.128.1.133.56584: . ack 356 win 7504 14:19:33.851232 00:0f:38:6c:19:a8 > 00:1a:e2:5e:32:60, ethertype IPv4 (0x0800), length 54: 10.128.1.133.56584 > 195.82.146.114.80: F 356:356(0) ack 780 win 7011 14:19:34.021822 00:19:5b:f2:2c:00 > 00:0f:38:6c:19:a8, ethertype IPv4 (0x0800), length 60: 195.82.146.114.80 > 10.128.1.133.56584: . ack 357 win 7504 и тишина.... Если подампить с машины, которая подключена в инет напрямую видим такие пакеты: 14:13:55.488048 00:15:17:ab:6a:7f > 00:14:22:1a:21:34, ethertype IPv4 (0x0800), length 1514: 195.82.146.114.80 > x.x.x.x.38811: . 780:2240(1460) ack 416 win 7504 За кошконатом такого размера пакеты не замечены. При подключении по пппое не кошкой а лин-вин, сайт этот тоже открывается нормально. Вставить ник Quote
Diman Posted March 24, 2010 Posted March 24, 2010 interface GigabitEthernet0/0 no ip virtual-reassembly Вставить ник Quote
Asbest Posted March 25, 2010 Author Posted March 25, 2010 no ip virtual-reassembly не помогло ;( Вставить ник Quote
AlexSatter Posted March 25, 2010 Posted March 25, 2010 похоже на проблемы с MTU некоторые сайты не пускают к себе не стандартные мту, например mail.ru (раньше по крайней мере не пускало..как сейчас не знаю) Вставить ник Quote
Asbest Posted March 25, 2010 Author Posted March 25, 2010 C mtu игрался - бестолку. mtu 1480 ip tcp adjust-mss 1452 не просто так стоят, на 2621 без них были проблемы с посещением многих сайтов. Вставить ник Quote
Asbest Posted March 25, 2010 Author Posted March 25, 2010 Снял дамп соединения с роутера, смотрящего в инет (к нему подключен пппое-сервер, к которому подключена кошка): x.x.x.x - кошка y.y.y.y - пппое-сервер 12:53:32.225367 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 66: x.x.x.x.60863 > 195.82.146.114.80: S 2784157706:2784157706(0) win 5840 <mss 1452,nop,nop,sackOK,nop,wscale 6> 12:53:32.354814 00:1f:12:14:e6:36 > 00:15:17:ab:6a:7e, ethertype IPv4 (0x0800), length 60: 195.82.146.114.80 > x.x.x.x.60863: S 264825784:264825784(0) ack 2784157707 win 5840 <mss 1460> 12:53:32.356508 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 54: x.x.x.x.60863 > 195.82.146.114.80: . ack 1 win 5840 12:53:32.357101 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 212: x.x.x.x.60863 > 195.82.146.114.80: P 1:159(158) ack 1 win 5840 12:53:32.486757 00:1f:12:14:e6:36 > 00:15:17:ab:6a:7e, ethertype IPv4 (0x0800), length 60: 195.82.146.114.80 > x.x.x.x.60863: . ack 159 win 6432 12:53:32.487048 00:1f:12:14:e6:36 > 00:15:17:ab:6a:7e, ethertype IPv4 (0x0800), length 833: 195.82.146.114.80 > x.x.x.x.60863: P 1:780(779) ack 159 win 6432 12:53:32.489188 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 54: x.x.x.x.60863 > 195.82.146.114.80: . ack 780 win 7011 12:53:33.490568 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 259: x.x.x.x.60863 > 195.82.146.114.80: P 159:364(205) ack 780 win 7011 12:53:33.623224 00:1f:12:14:e6:36 > 00:15:17:ab:6a:7e, ethertype IPv4 (0x0800), length 1506: 195.82.146.114.80 > x.x.x.x.60863: . 780:2232(1452) ack 364 win 7504 12:53:33.623268 00:1f:12:14:e6:36 > 00:15:17:ab:6a:7e, ethertype IPv4 (0x0800), length 1506: 195.82.146.114.80 > x.x.x.x.60863: . 2232:3684(1452) ack 364 win 7504 12:53:33.623854 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 590: y.y.y.y > 195.82.146.114: ICMP x.x.x.x unreachable - need to frag (mtu 1480), length 556 12:53:33.623860 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 590: y.y.y.y > 195.82.146.114: ICMP x.x.x.x unreachable - need to frag (mtu 1480), length 556 12:53:33.884220 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 259: x.x.x.x.60863 > 195.82.146.114.80: P 159:364(205) ack 780 win 7011 12:53:34.013850 00:1f:12:14:e6:36 > 00:15:17:ab:6a:7e, ethertype IPv4 (0x0800), length 60: 195.82.146.114.80 > x.x.x.x.60863: . ack 364 win 7504 12:53:34.018615 00:1f:12:14:e6:36 > 00:15:17:ab:6a:7e, ethertype IPv4 (0x0800), length 1506: 195.82.146.114.80 > x.x.x.x.60863: . 780:2232(1452) ack 364 win 7504 12:53:34.019080 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 590: y.y.y.y > 195.82.146.114: ICMP x.x.x.x unreachable - need to frag (mtu 1480), length 556 12:53:34.810497 00:1f:12:14:e6:36 > 00:15:17:ab:6a:7e, ethertype IPv4 (0x0800), length 1506: 195.82.146.114.80 > x.x.x.x.60863: . 780:2232(1452) ack 364 win 7504 12:53:34.810919 00:15:17:ab:6a:7e > 00:1f:12:14:e6:36, ethertype IPv4 (0x0800), length 590: y.y.y.y > 195.82.146.114: ICMP x.x.x.x unreachable - need to frag (mtu 1480), length 556 почему они упорно шлют размер 1506, хотя запрашиваем 1480? Вставить ник Quote
darkagent Posted March 25, 2010 Posted March 25, 2010 попробуйте mtu 1480 заменить на ip mtu 1480. Вставить ник Quote
Asbest Posted March 25, 2010 Author Posted March 25, 2010 ip tcp adjust-mss 1420 Помогло. Спасибо! Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.