Ok, I've got a riddle for someone. I've got my faithful Linux router chugging away on Comcast's, errr, great network. I've worked around a problem with MTU for websites and the such as I mentioned before with:
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu However, when using my Mac or Windows machines behind the router to VPN to campus, I have problems. I can connect using Cisco's VPN or PPTP to one of our VPN servers, but as soon a large requests are made, the data stops. This again looks like the same MTU problem. If I change the MTU to something like 400 (for the Cisco client I have to do it after I connect because it changes the MTU when you connect) everything work peachy. If I plug my machine stright into the cable modem, no tweeks are needed (MTU is set to 576) and everything works fine. My question, is there something in iptables that I'm missing that will help the VPN clients guess the correct MTU since Comcast is braindead and drops ICMP 3,4? I would still like to use 1500 for local LAN traffic. Is there some nifty routing that could be done on the router to change the MTU for outbound traffic (it seems that the mangle rule already tells my local computers that fragmentation is needed unlike Comcast)? As a last resort, is there a DHCP option for setting the MTU on the clients that Mac and Windows will respect? I would be interested to know if anyone of you are on Comcast and using a hardware router to see if your computer adapter's MTU is set to 1500 or something else. It seems that these hardware devices handle Comcast's quirks just fine, just to find them and get iptables to know about them. Thanks, Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
