Hi,
pppoeconf has arranged for the following iptables rule to be added when my Debian (sarge) firewall connects to the Internet via my ADSL modem:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss
--mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtuThis rule clamps the mss regardless of which interface the packet will be transmitted out through (ie not just the Internet ppp0 interface). Seeing as the firewall needs to "port forward" some TCP services from the Internet to servers on my internal LAN, is this appropriate ? Or should the clamping be applied ONLY to packets going out to the Internet through ppp0 ? Ie would the following rule be more appropriate ?
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss
--mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
-o ppp0Guess if I new more about TCP/IP I'ld know the answer, but I don't :(
Regards, Declan
