On Wednesday 05 April 2006 22:23, Alexander N wrote:
> Пробвах доста неща но неще и неще.....
>
> Можеби има нещо във firewall-a, но немога да разбера
> каква е логиката някои сайтове да не се зареждат .....
TCPMSS
This target allows to alter the MSS value of TCP SYN packets,
to control the maximum size for that connection (usually limit-
ing it to your outgoing interface's MTU minus 40). Of course,
it can only be used in conjunction with -p tcp.
This target is used to overcome criminally braindead ISPs or
servers which block ICMP Fragmentation Needed packets. The
symptoms of this problem are that everything works fine from
your Linux firewall/router, but machines behind it can never
exchange large packets:
1) Web browsers connect, then hang with no data received.
2) Small mail works fine, but large emails hang.
3) ssh works fine, but scp hangs after initial handshaking.
Workaround: activate this option and add a rule to your
firewall configuration like:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
--set-mss value
Explicitly set MSS option to specified value.
--clamp-mss-to-pmtu
Automatically clamp MSS value to (path_MTU - 40).
These options are mutually exclusive.
