VLan routing issues

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
v8toilet
DD-WRT Novice


Joined: 20 Jul 2010
Posts: 10

PostPosted: Tue Jul 27, 2010 4:11    Post subject: VLan routing issues Reply with quote
I have an Asus RT-N12 with a Vlan on port 2 setup as per the wiki document on separate lan networks. I have setup my router as per the document

http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29

Weird thing is that certain websites cannot be pinged or accessed while others open fine. The second router is configured using DD-WRT and setup as a router with WAN disabled and it has an IP assigned outside of the DHCP range but in the same subnet as the VLAN setup on port 2 of the first router. For the gateway and local DNS I've tried the 192.168.10.1 (VLAN DHCP/gateway) and 192.168.1.1 for both. Both work but both still drop traffic on certain sites.

It seeems odd to me that certain pages: i.e. newegg.com or kayak.com will not load where other pages load just fine. Simply taking the router off the vlan (Port2) and plugging into Port3 or Port4 and changing the IP address of the router connected that was connected to the VLAN to something on the same subnet as the main router allows me full access to the pages that won't load via the VLAN port. I've checked the firewall commands. The only thing I have entered is

Code:
iptables -I FORWARD -i br0 -o vlan2 -j DROP


I'm confused why some traffic is coming through while other traffic seems to just get dropped.

Build on the RT-N12 is
dd-wrt.v24-14311_NEWD-2_K2.6_mini_RT-N12

Is this a bug in the release?
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Tue Jul 27, 2010 7:12    Post subject: Reply with quote
It sounds like a MTU problem. Could you post the output from this command.

iptables -vnL FORWARD

Try setting your WAN MTU manually on the basic setup page and try adding this to your firewall.

iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
v8toilet
DD-WRT Novice


Joined: 20 Jul 2010
Posts: 10

PostPosted: Tue Jul 27, 2010 20:50    Post subject: Reply with quote
Code:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    3   152 DROP       0    --  br0    vlan2   0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     47   --  *      ppp0    192.168.1.0/24       0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      ppp0    192.168.1.0/24       0.0.0.0/0           tcp dpt:1723
34719 1646K ACCEPT     0    --  vlan2  *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0           
26707 1511K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
8401K 6559M lan2wan    0    --  *      *       0.0.0.0/0            0.0.0.0/0           
8326K 6551M ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
11779  791K ACCEPT     0    --  br1    ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 TRIGGER    0    --  ppp0   br0     0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0
64036 6582K trigger_out  0    --  br0    *       0.0.0.0/0            0.0.0.0/0           
63973 6579K ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0           state NEW
   63  3039 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0       


The MTU was and is set manual with 1492 on the RT-N12

Will try the added code.
v8toilet
DD-WRT Novice


Joined: 20 Jul 2010
Posts: 10

PostPosted: Wed Jul 28, 2010 0:28    Post subject: Reply with quote
The added line to the Firewall made all the difference.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum