/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
I am using PPPoE, which means I need PMTU-clamping enabled in order to
keep connections from stalling. For a while I used the following
recommended recipe:
iptables -t mangle -A FORWARD -p tcp --syn \
-j TCPMSS --clamp-mss-to-pmtu
However, what I found is that this only clamps the MSS for connections
outbound. When connections are DNAT'd into my internal server, they
would still stall and hang when the connection attempts to stream.
I had to modify the above rule to the following:
iptables -t mangle -A FORWARD -p tcp --syn -j TCPMSS --set-mss 1452
I don't like doing this, because it seems to me that if the connecting
system uses a smaller MSS, I end up ignoring it, and forcing it to 1452.
Yet, this is the only thing that keeps INBOUND connections from stalling.
Is there a bug in the handling of "clamp-mss-to-pmtu"? Does it only
check the output interface's MTU, ignoring the MTU of the inbound
interface?
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience.
sometimes known as David DeSimone || Experience comes from bad judgment."
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
