Log TCP Connections to WAN in OpenWrt

I have a router running OpenWrt 15.05. I would like to log all the TCP connections. To achieve this, I just need to add a line in the firewall custom rule like:

iptables -A forwarding_lan_rule -p tcp -m state --state NEW -m limit --limit 30/sec -j LOG --log-prefix "NEW Conn "

Then, login the router as root, and restart the firewall with the following command:

/etc/init.d/firewall restart

The following shows how the System Log looks like after enable the custom rule:

MTU is really a matter

Long time ago, I lower the MTU of my router to solve a networking issue (see my previous blog entry). However, it is not the end of story.
Recently, I have changed my job. My new company provides Citrix Presentation Server for employees to work at home via remote desktop.
Then, at home, I tried to connect to Citrix server and run remote desktop. I can login but the link is very unstable. It disconnected every 10 to 20 seconds.
After some investigation, I found it is the MTU problem again. The problem is fully explained at the following site:
http://www.netheaven.com/pmtu.html
I should change the MTU of my desktop at home to match the router. Finally, it works!

Is Port 25 blocked?

Port 25, default port of SMTP, is for E-mail transferring. To reduce SPAM, ISPs normally block this port, especially for those household DSL accounts. Therefore, people may think that it is impossible to setup E-mail server at home.
I have experiences of using HKBN and Netvigator, they are not really block all port 25 traffics. They only block outgoing traffics, but not incoming traffic. To setup the E-mail server, we can use the "smarthost" trick.

Speed up DNS Lookup in Linux

When I was first time to use Linux for web surfing, I found it was slower than MS Windows. Recently, I found the reason form the Internet. The difference is due to the DNS lookup speed. In Windows, it caches DNS lookup results but Linux doesn't. To improve the lookup speed in Linux, we can install dnsmasq, which is a light-weight DNS server for Linux.

Linux VPN Client for Cisco VPN Router

The desktop of my office is in private network behind a firewall. If I need to access the desktop of my office, I need to use VPN by connecting the Cisco VPN Router in my office. It is not a trivial task to connecting VPN router in Linux platform, and there are seems several ways:

1. Use the official Cisco VPN Client for Linux. During the installation, it needs the kernel headers for module complication. It should work in most cases. However, this software package is not freely available and open source.
2. VPNC is an open source VPNC client target for cisco3000 VPN Concentrator. It works well for me. However, some features are not supported, e.g. re-keying, digital certificate authentication....
3. Openswan is an implementation of IPsec for Linux. It is not only a VPN client, it can act as VPN router. I found some document about how to use Openswan for connecting Cisco VPN router. However, it fails in my Ubuntu box :<.

There is some web pages mentions that the XAuth of Cisco VPN router is non-standard. No wonder open source software packages don't support it well.

Does MTU matter?

Recently, I have changed my ISP to HKBN. I chose the plan BB10 which provide 10Mb upload and download speed. This is much better than ADSL. For such high bandwidth, I want to use my NSLU2 Linux box to setup a web server at my home.

However, there is some problems. I found that not every machine can access my web server. Ellen using Pacific Supernet cannot access the web server. Besides, a friend of mine using Netvigator faces the same problem. However, the W3C's HTML validate can access my web server to validate my HTML files. Moreover, my company can also access the server.

This is really strange. Today, I try to tackle the problem. I tried to set the server in DMZ at my router but fail. Then, I look for other setting in the router's configuration. I find the item "MTU". MTU stands for "maximum transmission unit". Currently setting is 1500 which is the maximum allowed value. I try to change the value smaller to 1400. It works! However, I want to ask, "Does MTU matter?".