On Wed, 23 Nov 2005 08:42:15 +0100 Vidar Tyldum Hansen <[EMAIL PROTECTED]> wrote:
> I realize this probably isn't related to TSL, but I'll start here. Hmm, some random thoughts: - does scp work? (smells like mtu issue) - enable some more conntrack logging $ echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid - try to relax tcp-window-tracking checkings $ echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal - try clamp-mss-to-pmtu in netfilter mangle/forward $ iptables -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu - if your NICs can do TSO (TCP Segment Offload), try do disable it $ ethtool -k / -K also tcpdump (both interfaces!) from one connection until it break would be great. Olaf _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
