Last Updated: Thu May 26 13:48:21 BST 2005
When I moved from a Cable Modem to an ADSL connection I wanted a simple way to just swap out the Cable Modem box and slide in some kind of ADSL Modem, so I opted for the D-Link DSL 300T, which worked fine as a drop in replacement, until I tried to do an interactive ssh connection, the connection would get set up OK, but then it would hang when entering the interactive session.
I tracked it down to the fact that ssh sets the Minimize-Delay IP_TOS flag on interactive sessions, and somewhere down the line these packets didn't seem to be routed correctly.
I also discovered (later) that the same problem applied to UDP traffic when I found that my NTP traffic was also being discarded (so my computer's clock drifted out of sync).
The solution I came up with was to add an iptables rule to reset the IP_TOS flag to Normal-Service on outgoing traffic from my PC:
Note: TOS is now superseded by DSCP within the IETF, according to "man iptables", so the following commands have been adjusted accordingly.
iptables --table mangle --append OUTPUT --jump DSCP --set-dscp 0x0
As my PC also acts as a masquerading gateway for my home network, I also added the following rule so that machines on my home network get the same fix:
iptables --table mangle --append PREROUTING --jump DSCP --set-dscp 0x0
Note: I've since discovered that the 300T is itself a Linux box running an iptables firewall, so you may be able to add rules to it's internal firewall to achieve the same thing. If you want to try to fiddle with the modem directly you can just telnet into it as the user root (default password is admin). This also lets you tweak the firewall to allow incoming connections (although you should know what you're doing if you start tweaking the modem's firewall settings - you could be making your PC and home network open to attack from the general internet), for instance you can remove the modem's internal firewall completely by running /etc/flush_firewall.
Alternatively you can flash the firmware in the modem to version V1.00B02T02.UK.20040618 which (among other things) will fix the priority routing, and also disable the NAT firewall.
All information on this site is copyright © 1994-2015 Jim Randell