strange behaviour
Cedric Blancher
blancher at cartel-securite.fr
Mon Feb 26 17:07:55 CET 2007
Le lundi 26 février 2007 à 07:35 -0800, angico a écrit :
> hi, buddys. thanks for your attention, but...
> nothing works, yet. and this option "--clamp-mss-to-pmtu" just send me an error: "iptables: Invalid argument".
> angico.
My mistake.
As Pascal stated, you have to specify a "-p tcp --tcp-flags SYN,RST SYN"
as well, as TCPMSS clamping only works on TCP packets with SYN flag set:
iptables -t mangle -A FORWARD -o ppp0 -p tcp \
--tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
It should work better.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
More information about the netfilter
mailing list