On Fri, 14 Feb 2003 08:55:05 -0800, you wrote: >> So I'm just wondering whether the tcp-MSS patch is actually included in the >> Bering kernel, or whether is there any extra module I should install and >> load (I looked in the Bering modules download site on sourceforge but didn't >> find anything). > >It is and the recommended way of activating it is to set CLAMPMSS=Yes in >/etc/shorewall/shorewall.conf.
I'm not using shorewall yet - first of all, I want to be sure that all the rest works, so I'm using some simple iptables rules to do NAT and forwarding - I've been using them on other firewalls so they're definitely ok. How can I see whether the firewall actually does anything about the MTU negotiation? If I intercept TCP packets on the originating machine in the internal LAN, I should see an outgoing SYN with MSS=1460, but then an incoming reply with MSS=1412, right? Also another problem I have is that ppp0 keeps getting up with MTU=1492 notwithstanding the "mtu 1452" command in /etc/ppp/peers/dsl-provider. But if I then set MTU manually with "ifconfig ppp0 mtu 1452" it then works beautifully. Thanks, -- vb. [Vittorio Bertola - vb [at] bertola.eu.org]<--- -------------------> http://bertola.eu.org/ <----------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
