I am trying to setup a side router (192.168.50.5) at my home. My server has this setup.
OS:
CentOS 9 Stream
Kernel:
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.all.accept_redirects = 1
net.core.default_qdisc = fq_codel
net.ipv4.tcp_congestion_control = bbr
iptables nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
iptables mangle
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
iptables filter
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
I would expect that this server will be able to forward my packets, for those who use this server as a gateway. I noticed something strange:
When I do a mtr, it did a good job that forward the packets to the remote server fine. 172.28.16.x is the WSL IP.
e.g.
Host Loss% Snt Last Avg Best Wrst StDev
1. 172.28.16.1 0.0% 28 0.3 0.3 0.2 0.4 0.1
2. 192.168.50.5 88.9% 28 2.0 15.8 2.0 42.8 23.4
3. 192.168.50.1 0.0% 28 1.4 4.6 1.4 28.5 6.9
4. 192.168.1.1 0.0% 28 2.0 4.0 2.0 19.1 4.4
5. 100.111.16.1 0.0% 28 6.4 8.6 5.7 38.0 6.1
... skipped ...
11. 114.114.114.114 0.0% 27 17.3 18.3 16.7 26.9 2.4
When I do any http(s) request, things will get strange:
* Trying 112.80.248.75:443...
* TCP_NODELAY set
* Connected to www.baidu.com (112.80.248.75) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
(timed out here)
Router: ASUS XT8 latest firmware, server to router connection is cabled.
This bug can be re-produced via my iPhone as well, with network tool, mtr is fine, but http access is not OK.
Does anyone know how to fix this or where to debug? Thanks.
