On 03/07/2016 07:40 AM, John Candlish wrote: > On Mon, Mar 7, 2016 at 3:02 PM, Simon Hobson <li...@thehobsons.co.uk> wrote: >> but it's a well known problem in that PPPoE needs to add an additional (8 >> octet) header to the packet, so if the pack is already larger than MSS-8 >> octets long then you'll be over size. >> I think it's normal to specify MTU of 1492 for the PPP interface, and also >> specify (from memory, you'll need to check the docs) clamp_mss which will >> set a config which has the netfilter code alter any MSS values > > I've had PPPoE going for years, and also multi-ISP with a 2nd > interface that has a 1500 MTU. The problem started when trying to > configure the cablemodem interface for inbound HTTP/HTTPS traffic with > DNAT. > > Specifically, DNAT is sending alternating MSS sizes of 1460/1452 to > its target DMZ interface >
Have you set CLAMPMSS=Yes? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://makebettercode.com/inteldaal-eval
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
