[Bug 443] 2.6 kernel failing in NAT with significant outbound traffic

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Thu Feb 9 23:56:54 CET 2006


https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=443





------- Additional Comments From nothingel at hotmail.com  2006-02-09 23:56 MET -------

I don't doubt that a mis-configured box is sitting in the middle.  But so far I
have not found a way to work around it (or them).  I do know that older kernels
DO work...so, from my point of view, something has changed.

I did try setting the outgoing interface MTU of "linux1" to 1000.  I've also
played around with other values less than 1500.  In all cases, the initial login
and directory listing works but the actual transfer hangs.  It actually makes
the situation "worse" than leaving the MTU at 1500.

I've also tried commands like:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

and also:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss [various
values]

I also tried:

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling



-- 
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the netfilter-buglog mailing list