UAMALLOWED and HTTPS (to select.worldpay.com)

Wed Apr 29 17:44:31 UTC 2009

It may well be useful to test if it's an MTU issue.

In my experience, the MTU issue is only apparent when your Coova router is
doing a PPPoE dial-up, not when getting a DHCP lease.

Furthermore, the MTU issue should be apparent regardless of whether you are
adding the URL into the uamallowed var.

You can test this fairly easily by changing the MTU on your PC manually,
before implementing the rule on your router (though, the rule Johan gives
below is good to keep on your router permanently, in either case.)

To test it, in Ubuntu, issue:

sudo ifconfig eth0 mtu 1352

(where 1352 is your desired MTU in this case)

Good luck!

henk

On Wed, Apr 29, 2009 at 6:58 PM, Johan Meiring <jmeiring at amobia.com> wrote:

> Derek C wrote:
>
>> Hi Johan,
>>
>>  Best to use:
>>> tcpdump -vvntttt -s 1500 -i ath0 (-s 1500 makes it capture the whole
>>> packet, and you then get more info)
>>>
>>
>> Without using Firefox and only telnet (because my problem seems to be that
>> I don't seem to be able to establish a socket connection) here is the
>> output from tcpdump -vvntttt -s 1500 -i ath0 when I try to "telnet
>> 155.136.66.34 443".  I'll get a full dump for Firefox too but I also want
>> to see if I have this problem if I uamallow other HTTPs servers out there
>> and not just the Worldpay payment gateway.
>>
>> Results from "tcpdump -vvntttt -s 1500 -i ath0" when doing "telnet
>> 155.136.66.34 443": -
>>
>> 2009-04-29 15:10:06.083836 IP (tos 0x10, ttl 64, id 40577, offset 0, flags
>> [DF], proto TCP (6), length 60) 192.168.182.9.38910 > 155.136.66.34.443:
>> S, cksum 0x9078 (correct), 3501107707:3501107707(0) win 5840 <mss
>> 1460,sackOK,timestamp 8271738 0,nop,wscale 6>
>> 2009-04-29 15:10:06.114643 IP (tos 0x0, ttl 238, id 2, offset 0, flags
>> [none], proto TCP (6), length 44) 155.136.66.34.443 > 192.168.182.9.38910:
>> S, cksum 0xc430 (correct), 1660020786:1660020786(0) ack 3501107708 win
>> 8192 <mss 1460>
>> 2009-04-29 15:10:06.114717 IP (tos 0x10, ttl 64, id 40578, offset 0, flags
>> [DF], proto TCP (6), length 40) 192.168.182.9.38910 > 155.136.66.34.443:
>> ., cksum 0xe51d (correct), 1:1(0) ack 1 win 5840
>> 2009-04-29 15:10:06.115111 IP (tos 0x0, ttl 238, id 3, offset 0, flags
>> [none], proto TCP (6), length 44) 155.136.66.34.443 > 192.168.182.9.38910:
>> S, cksum 0xa42f (correct), 1660020787:1660020787(0) ack 3501107708 win
>> 16384 <mss 1460>
>> 2009-04-29 15:10:06.115144 IP (tos 0x0, ttl 64, id 0, offset 0, flags
>> [DF], proto TCP (6), length 40) 192.168.182.9.38910 > 155.136.66.34.443:
>> R, cksum 0x471f (correct), 3501107708:3501107708(0) win 0
>>
>>
>>
>>
> I must say, I have no idea.
> All looks good.
>
> The only other thing I can think of is MTU issues.
>
> Try issuing the following on your hotspot, and see if it helps.
>
> iptables -I FORWARD -t mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j
> TCPMSS --clamp-mss-to-pmtu
> (the above command is one line)
>
> --
>
>
> Johan Meiring
> Amobia Communications
> Tel: (0861) AMOBIA / (0861) 266242
> Fax: (0861) AMOFAX / (0861) 266329
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>
>

-- 
Henk Kleynhans
CTO & Founder
Skyrove (Pty) Ltd
Technology Top 100 - Most Promising Emerging Enterprise 2006
Tel: +27 (21) 4488843
Cell: +27 (84) 3073451
Fax: +27 (86) 6204077
henk at skyrove.com
blog: www.geekrebel.com

------

"A person with ubuntu is open and available to others, affirming of others,
does not feel threatened that others are able and good, for he or she has a
proper self-assurance that comes from knowing that he or she belongs in a
greater whole and is diminished when others are humiliated or diminished,
when others are tortured or oppressed." - Desmond Tutu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20090429/561b4c32/attachment.htm>