[Olsr-users] Query about OpenWRT-specific firewall settings preferred for SmartGateway

Teco Boot (spam-protected)
Wed Oct 23 16:13:08 CEST 2013 

The 1440 must be my work_on_most_tunnels default.

Tunneled traffic via sgw shall use lower value, <= mtu - (sgw ipip overhead) - (other tunnel overhead). Usually I configure lower TCPMSS than allowed maximum, to be adaptive for something I am not aware of. At costs of little overhead.

Teco


Op 22 okt. 2013, om 22:29 heeft Ben West <(spam-protected)> het volgende geschreven:

> Hi Teco,
> 
> Thank you very much for sharing that.
> 
> Why MTU=1440?  README-Olsr-Extensions suggests MTU=1480.  Does the MTU preferred by SmartGateway decrease with increasing mesh hops?  E.g. 1 hop would require maximum MTU=1480, 2 hops -> MTU=1440?
> 
> 
> 
> On Tue, Oct 22, 2013 at 2:02 PM, Teco Boot <(spam-protected)> wrote:
> I use:
>   iptables -t mangle -A POSTROUTING -o tnl_+ -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440
> 
> This applies to output chain also.
> 
> Teco
> 
> Op 22 okt. 2013, om 19:19 heeft Ben West <(spam-protected)> het volgende geschreven:
> 
>> Hi Teco,
>> 
>> Thank you for the response.  I have indeed been looking for examples of current iptables syntax for TCPMSS appropriate to the default chains set up by OpenWRT (of which there are many).
>> 
>> Besides the chain named "FORWARD," as suggested in README-Olsr-Extensions, OpenWRT also has the chains "forward," and "forwarding_wan," "zone_wan_forward," et al.     If anyone else on this list has such an iptables rule working on OpenWRT AA, do certainly feel free to chime in.
>> 
>> Also, I believe I was able to answer my own question.  The olsrd.init file presently packaged with OpenWRT does now include the two iptables rules listed on the Freifunk wiki page for use with SmartGateway option.
>> 
>> https://github.com/openwrt-routing/packages/blob/master/olsrd/files/olsrd.init
>> 
>> 
>> 
>> On Tue, Oct 22, 2013 at 12:02 AM, Teco Boot <(spam-protected)> wrote:
>> The firewall filter could be needed if a catch_all DROP rule in forward chain exists.
>> I don't understand the masquerade. Maybe something with rp_filter.
>> Don't forget TCPMSS.
>> 
>> Teco
>> 
>> 
>> This could have to do with rpfilter.
>> 
>> Op 21 okt. 2013, om 19:07 heeft Ben West <(spam-protected)> het volgende geschreven:
>> 
>>> Hello,
>>> 
>>> I happened upon this 2-year-old page on the Freifunk wiki listing (in German) preferred firewall settings to use with the SmartGateway plugin:
>>> 
>>> http://wiki.freifunk.net/index.php?title=OLSR/SmartGateway
>>> 
>>> Are these suggested firewall settings still valid for OpenWRT?
>>> 
>>> The info provided in README-Olsr-Extensions is a bit more vague about suggested firewall / iptables setup for SmartGateway, i.e. to accommodate diverse linux distros.
>>> 
>>> 
>>> --
>>> Ben West
>>> http://gowasabi.net
>>> (spam-protected)
>>> 314-246-9434
>>> --
>>> Olsr-users mailing list
>>> (spam-protected)
>>> https://lists.olsr.org/mailman/listinfo/olsr-users
>> 
>> 
>> --
>> Olsr-users mailing list
>> (spam-protected)
>> https://lists.olsr.org/mailman/listinfo/olsr-users
>> 
>> 
>> 
>> --
>> Ben West
>> http://gowasabi.net
>> (spam-protected)
>> 314-246-9434
> 
> 
> --
> Olsr-users mailing list
> (spam-protected)
> https://lists.olsr.org/mailman/listinfo/olsr-users
> 
> 
> 
> -- 
> Ben West
> http://gowasabi.net
> (spam-protected)
> 314-246-9434

More information about the Olsr-users mailing list