hi, i solved this on my adsl conn and i thought you could use it.
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu basically what this command does, is tell everyone to *NERVER* send any packet with mtu size larger than it can support. ---------- Original Message ---------------------------------- From: "J�rgen" Danielsson <[EMAIL PROTECTED]> Date: Mon, 10 Jun 2002 12:49:25 -0700 (PDT) > > >> What is the MTU on the firewall interface connected >> to the ADSL ? >> >> I would have thought that if this was set to 1492, >> then things should sort >> themselves out quite transparently... >> > >ppp0 is 1492 and its "connected" to eth0 that is 1500, >and eth1 is connected to local net and it is 1500 > >> >> You *are* allowing the appropriate ICMP messages >> into / out of / through your >> firewall box, aren't you ? > >Uhmmm, no idea actually, hehe, i just configures it to >reject or accept access on certain ports, not dropping >every package coming that isn't matching a certain >port (hmm, hope anyone understands that sentence). >Why lock down everything when i know what service that >is on the linux and on ever computer behind it. > >/J�rgen > >__________________________________________________ >Do You Yahoo!? >Yahoo! Health - your guide to health and wellness >http://health.yahoo.com > >
