3 packet flow, 1 general information, 2 packet flow – Allied Telesis AT-WR4500 User Manual

Page 210

Advertising
background image

210

AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

RouterOS v3 Configuration and User Guide

Change MSS

It is a well known fact that VPN links have smaller packet size due to incapsulation overhead. A large
packet with MSS that exceeds the MSS of the VPN link should be fragmented prior to sending it via that
kind of connection. However, if the packet has DF flag set, it cannot be fragmented and should be
discarded. On links that have broken path MTU discovery (PMTUD) it may lead to a number of
problems, including problems with FTP and HTTP data transfer and e-mail services.
In case of link with broken PMTUD, a decrease of the MSS of the packets coming through the VPN link
solves the problem. The following example demonstrates how to decrease the MSS value via mangle:

[admin@AT-WR4562] > /ip firewall mangle add out-interface=pppoe-out \
\... protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
[admin@AT-WR4562] > /ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward out-interface=pppoe-out protocol=tcp tcp-flags=syn
action=change-mss new-mss=1300

[admin@AT-WR4562] >

9.3 Packet Flow

Document revision:

2.7 (Mon Jun 05 12:0 4:15 G MT 20 06)

Applies to:

V2.9

9.3.1

General Information

Summary

This manual describes the order in which an IP packet traverses various internal facilities of the router
and some general information regarding packet handling, common IP protocols and protocol options.

Specifications

Packages required: system
License required: Level3
Submenu level: /ip firewall
Standards and Technologies:

IP

Hardware usage: Increases with NAT, mangle and filter rules count

Related Topics

IP Addresses and ARP
Routes, Equal Cost Multipath Routing, Policy Routing
NAT
Mangle
Filter

9.3.2

Packet Flow

Description

RouterOS is designed to be easy to operate in various aspects, including IP firewall. Therefore regular
firewall policies can be created and deployed without the knowledge about how the packets are
processed in the router. For example, if all that required is just natting internal clients to a public address,
the following command can be issued (assuming the interface to the Internet in named Public):

/ip firewall nat add action=masquerade out-interface=Public chain=srcnat


Regular packet filtering, bandwith management or packet marking can be configured with ease in a similar
manner. However, a more complicated configuration could be deployed only with a good understanding
of the underlying processes in the router.

Advertising
This manual is related to the following products:

AT-WR4500 Series

Popular Brands
Popular manuals