clampmss only partially working on 2.6 kernelmode pppoe?
Joris
joriske at gmail.com
Sun Feb 13 08:25:26 CET 2005
On Sat, 12 Feb 2005 09:14:51 -0500, Jason Opperisano <opie at 817west.com> wrote:
> On Sat, 2005-02-12 at 09:08, Jason Opperisano wrote:
> keep in mind that "--clamp-mss-to-pmtu" relies on the fact that PMTU
> discovery works along the path of your communication--this is not always
> a valid assumption these days.
Hmmmkay, but then why does it also not work when I manually set the
mss, even to silly low settings like 500?
iptables -I FORWARD -o ppp0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--set-mss 1300
Perhaps I'm looking in a totally wrong direction to find the cause?
When I reduce the mtu of the masqueraded host (on the local network)
to the mtu of the ppp connection, all problems disappear. (and no,
that's no real solution ;)
> tcpdump -n -nn -p -i $EXTIF \
> 'icmp[icmptype] = icmp-unreach and icmp[icmpcode] = 4'
This does not match a single packet while testing the login.
I've done a tcpdump (-s0 -w), it's available at http://et.yi.org/hotmail.dump
Ethereal claims "unassembled packet" serveral times, but that may or
may not have anything to do with this problem, it doesn't seem
uncommon with ssl data.
Friendly greetings,
Joris
More information about the netfilter
mailing list