Hi guys!
I got an issue with MSS Clamp for PPPoE FTTH connection.
This is my configuration
set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name LAN_IN default-action 'accept'
set firewall name LAN_IN rule 10 action 'drop'
set firewall name LAN_IN rule 10 destination address '192.168.0.0/16'
set firewall name LAN_IN rule 10 source address '192.168.0.0/16'
set firewall name WAN_IN default-action 'drop'
set firewall name WAN_IN rule 10 action 'accept'
set firewall name WAN_IN rule 10 state established 'enable'
set firewall name WAN_IN rule 10 state related 'enable'
set firewall name WAN_LOCAL default-action 'drop'
set firewall name WAN_LOCAL rule 10 action 'accept'
set firewall name WAN_LOCAL rule 10 state established 'enable'
set firewall name WAN_LOCAL rule 10 state related 'enable'
set firewall name WAN_LOCAL rule 20 action 'accept'
set firewall name WAN_LOCAL rule 20 icmp type-name 'echo-request'
set firewall name WAN_LOCAL rule 20 protocol 'icmp'
set firewall name WAN_LOCAL rule 20 state new 'enable'
set firewall name WAN_LOCAL rule 40 action 'drop'
set firewall name WAN_LOCAL rule 40 destination port '47463'
set firewall name WAN_LOCAL rule 40 protocol 'tcp'
set firewall name WAN_LOCAL rule 40 recent count '4'
set firewall name WAN_LOCAL rule 40 recent time '60'
set firewall name WAN_LOCAL rule 40 state new 'enable'
set firewall name WAN_LOCAL rule 41 action 'accept'
set firewall name WAN_LOCAL rule 41 destination port '47463'
set firewall name WAN_LOCAL rule 41 protocol 'tcp'
set firewall name WAN_LOCAL rule 41 state new 'enable'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces bridge br0 address '192.168.1.1/24'
set interfaces bridge br0 member interface eth1
set interfaces bridge br0 member interface eth2
set interfaces bridge br0 member interface eth3
set interfaces ethernet eth0 description 'BELL_FIBER'
set interfaces ethernet eth0 hw-id '00:c0:b7:e0:0b:28'
set interfaces ethernet eth0 mtu '1500'
set interfaces ethernet eth0 offload gro
set interfaces ethernet eth0 offload gso
set interfaces ethernet eth0 offload sg
set interfaces ethernet eth0 offload tso
set interfaces ethernet eth0 vif 35 description 'BELL_VLAN'
set interfaces ethernet eth0 vif 35 mtu '1500'
set interfaces ethernet eth1 hw-id '00:c0:b7:e0:0b:29'
set interfaces ethernet eth1 offload gro
set interfaces ethernet eth1 offload gso
set interfaces ethernet eth1 offload sg
set interfaces ethernet eth1 offload tso
set interfaces ethernet eth2 hw-id '00:c0:b7:e0:0b:2a'
set interfaces ethernet eth2 offload gro
set interfaces ethernet eth2 offload gso
set interfaces ethernet eth2 offload sg
set interfaces ethernet eth2 offload tso
set interfaces ethernet eth3 hw-id '00:c0:b7:e0:0b:2b'
set interfaces ethernet eth3 offload gro
set interfaces ethernet eth3 offload gso
set interfaces ethernet eth3 offload sg
set interfaces ethernet eth3 offload tso
set interfaces loopback lo
set interfaces pppoe pppoe0 authentication password '***'
set interfaces pppoe pppoe0 authentication user '***@virginmobile.ca'
set interfaces pppoe pppoe0 default-route 'force'
set interfaces pppoe pppoe0 firewall in name 'WAN_IN'
set interfaces pppoe pppoe0 firewall local name 'WAN_LOCAL'
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 policy route 'MSS'
set interfaces pppoe pppoe0 source-interface 'eth0.35'
set nat source rule 100 outbound-interface 'pppoe0'
set nat source rule 100 translation address 'masquerade'
set policy route MSS description 'TCP MSS clamping for PPPoE'
set policy route MSS rule 5 protocol 'tcp'
set policy route MSS rule 5 set tcp-mss '1452'
set policy route MSS rule 5 tcp flags 'SYN'
set service dhcp-server global-parameters 'option option-138 code 138 = ip-address;'
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router '192.168.1.1'
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease '86400'
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 name-server '1.1.1.1'
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 name-server '8.8.8.8'
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 start '192.168.1.10'
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 stop '192.168.1.254'
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 subnet-parameters 'option option-138 omada.wenetwork.cloud;'
set service dns dynamic interface pppoe0 service noip host-name ***'
set service dns dynamic interface pppoe0 service noip login '***'
set service dns dynamic interface pppoe0 service noip password '***'
set service ssh port '47463'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '***'
set system login user vyos authentication plaintext-password ''
set system name-server '1.1.1.1'
set system name-server '8.8.8.8'
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system time-zone 'America/Montreal'
I got internet but some websites are not viewable… Does I missed something in configuration?
Thanks!