On Sat, Jan 07, 2006 at 05:49:34PM +0100, Thomas Schoeller wrote: > hi misc, > i have installed a new firewall with my new WRAP board. and have tried the > new > in-kernel pppoe. and i had a problem with the mtu/mss. i have set the pf.conf > entry "scrub out on pppoe0 max-mss 1440". and also have put the mtu on the > internal nic to 1492. but no success. > after some googling i found http://www.pro-bono-publico.de/openbsd/pppoe/. > i put "scrub in all max-mss 1452" in my pf.conf and it works. > > have i forgot something or is the pppoe(4) manpage wrong/notcomplete? >
as noted in the man page, 1452 should work fine but 1440 is a safer bet. i use 1453 (i can't remember why). whatever, it just needs to be small enough... i don't know why 1452 would work for you and not 1440. you mention changing the "scrub out" rule to "scrub in all" so perhaps sth else in your ruleset is affecting it. you should not need to clamp max-mss on incoming packets... jmc
