Hello,
I'm using IP Filter v4.1.3 with a setup like this:
ADSL Bridge <-> Router <-> LAN
PPPoE
The router runs NetBSD 2.0.
LAN hosts are not able to connect to some sites, and mailservers in the
LAN time out while receiving messages from some sites. AFAICT I need to
enable MSS clamping on the router; at least setting
net.inet.tcp.mss_ifmtu=1
on the router seems to fix the problem for the router.
All LAN hosts have public IP addresses; that's why the router is not doing
NAT. How do I use `mssclamp' without using NAT? I tried with
map pppoe0 0/0 -> 0/0 mssclamp 1440
This made the LAN hosts able to connect to the sites they failed before,
but had the bad side effect of all incoming mail (and probably other
connections) being blocked:
ipmon[139]: 00:12:01.037298 pppoe0 @100:6 b x,63716 -> y,25 \
PR tcp len 20 52 -A IN NAT
ipmon[139]: 00:12:04.029623 pppoe0 @100:6 b x,63716 -> y,25 \
PR tcp len 20 52 -A IN NAT
Hmm, why?
Using `map-block' instead of `map' in the rule above seems to fix this
problem; however I can't explain why...
What is the correct solution to this problem, i.e. how do I enable
MSS clamping on a router which is not doing NAT?
TIA, Jukka
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
