Claudiu CISMARU wrote:
Va rog sa ma ajutati sa pot accesa si acele site-uri prin gre. Daca
incerc sa pun mtu 1476 imi da urmatoarea eroare :
GREv0, length 1456: IP truncated-ip - 24 bytes missing!
86.107.224.2.2382 > 64.156.47.210.3002
Wrap la 72 ca ne zgarie pe ochi !!!
Cine da mesajul ala? De UNDE incerci sa accesezi? De pe acel Linux, de
pe o statie legata prin el etc? UNDE incerci sa pui mtu la 1476? Pe
Linux, pe cisco, pe statie?
Citat din manualul iptables:
TCPMSS
This target allows to alter the MSS value of TCP SYN packets,
to con-
trol the maximum size for that connection (usually limiting it
to your
outgoing interface's MTU minus 40). Of course, it can only be
used in
conjunction with -p tcp. It is only valid in the mangle table.
This target is used to overcome criminally braindead ISPs or
servers
which block ICMP Fragmentation Needed packets. The symptoms
of this
problem are that everything works fine from your Linux
firewall/router,
but machines behind it can never exchange large packets:
1) Web browsers connect, then hang with no data received.
2) Small mail works fine, but large emails hang.
3) ssh works fine, but scp hangs after initial handshaking.
Workaround: activate this option and add a rule to your
firewall con-
figuration like:
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
--set-mss value
Explicitly set MSS option to specified value.
--clamp-mss-to-pmtu
Automatically clamp MSS value to (path_MTU - 40).
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
