On Wed, 23 Nov 2005 08:42:15 +0100
Vidar Tyldum Hansen <[EMAIL PROTECTED]> wrote:

> I realize this probably isn't related to TSL, but I'll start here.
Hmm, some random thoughts:

- does scp work? (smells like mtu issue)

- enable some more conntrack logging
  $ echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid

- try to relax tcp-window-tracking checkings
  $ echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal

- try clamp-mss-to-pmtu in netfilter mangle/forward
  $ iptables -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS 
--clamp-mss-to-pmtu

- if your NICs can do TSO (TCP Segment Offload), try do disable it
  $ ethtool -k / -K

also tcpdump (both interfaces!) from one connection until it break
would be great. 

Olaf
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss

Reply via email to