Wednesday, June 10, 2009 with D-Link DSL-520T Routers.

Today my boss asked me why did he cannot accept the invitation of his friend on ''. And I said to him that I had no account on, I would make one and see what's causing the problem.

After sign up process I was asked to confirm via email, and when process start, the confirmation page couldn't load at all. It was because the confirmation page was using HTTPS, and some how only ''' that cannot load. Other 'https' pages was load without any problem.

After googling for about an hour, I've found that my router which is D-Link 520T has a default firewall rules that change the TCPMSS. Now I don't want to explain what is TCPMSS, but that was the cause why page could not be loaded.

I login to the router using my linux box. This is how to do i :

1. $telnet
2. Login using the same account as the web interface.
3. then you had the root shell of the D-Link router.
4. #iptables -L FORWARD (remember that Linux IS case sensitive.)
5. You will see something like this
#iptables -L FORWARD
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- tcp flags:0x06/0x02 TCPMSS set 1360
DROP tcp -- tcp dpt:23
DROP tcp -- tcp dpt:21
DROP tcp -- tcp dpt:20
ACCEPT udp -- udp dpt:500
DROP tcp -- tcp dpt:53
DROP udp -- udp dpt:53
DROP udp -- udp dpt:67
DROP udp -- udp dpt:520
DROP icmp -- icmp type 8 state NEW
DROP all --

6. Find and delete the this line :
TCPMSS tcp -- tcp flags:0x06/0x02 TCPMSS set 1360
Using command :
#iptables -D FORWARD .
on the example above.
#iptables -D FORWARD 1

7. Try to login to and it will load without problem.

There's still one problem, this is my prediction only, but the firewall rules will be reset everytime the router restart. This mean that we have to do it everytime after the router is restarted.

Good Luck.

Read more!