On Thu, 15 Nov 2001 22:44:36 -0500 Ben Logan <[EMAIL PROTECTED]> wrote:
> On Fri, Nov 16, 2001 at 01:49:23AM +0700, AD Marshall wrote: > > I was just wondering if either (or both ;) of you could share some > > of your ppp config' files or scripts with me. Backchannel is fine. > > I'll send you a mail off-list later. It will probably be tomorrow > morning before I can, though. > > > I've no problems with the MTUs matching, at 1500, between ppp0 and > > eth0, so far -- though i'm not really clear on how this causes IP > > fragmentation... a digression for me. > > I didn't realize I had this problem for a while. If you can get to > certain websites from your gateway machine, but not from the internal > MASQed machines, you've probably got the fragmentation problem. A > couple of sites that always gave me trouble were > > http://www.staples.com > http://www.faqs.org <snip> You could try the following rule: #Workaround for ISP blocking of fragmented packets /sbin/iptables -t filter -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS\ --clamp-mss-to-pmtu Here is the kernel config help for the TCPMSS target: TCPMSS target support (CONFIG_IP_NF_TARGET_TCPMSS) [N/y/m/?] ? m - YES: (Module) This option help some people with MTU problems. Typically, most users have to set their Internet connection's MTU to 1500 as well as ALL internal machines to 1500. With this option, this whole MTU issue might be finally solved. jb _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
