On Sat, May 03, 2003 at 11:36:53AM +0900, Hwang, Byoung Woo spoke thusly: >Hi, all >I tried to control the size of TCP MSS but failed by >following command. I have a reason to contorl TCP MSS size on OUPUT >chain >not FORWARD chain. > >iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss >1400 Works fine for me, on a RH errata 2.4.18-27.8.0 kernel, all patched up. iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \ --set-mss 700 wget http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.0.tar.gz [root@xxxxx sysconfig]# tcpdump -i ppp0 -n -vvv port 80 and host www.kernel.org tcpdump: listening on ppp0 13:19:38.943278 219.94.59.140.33071 > 204.152.189.116.http: S [tcp sum ok] 3437729883:3437729883(0) win 5808 <mss 700,sackOK,timestamp 919615 0,nop,wscale 0> (DF) (ttl 64, id 36964, len 60) 13:19:39.183301 204.152.189.116.http > 219.94.59.140.33071: S [tcp sum ok] 3432899063:3432899063(0) ack 3437729884 win 5792 <mss 1412,sackOK,timestamp 141630295 919615,nop,wscale 0> (DF) (ttl 53, id 0, len 60) [ snip the rest of 3-way handshake output gibberish ] 13:19:39.499854 204.152.189.116.http > 219.94.59.140.33071: . 689:1377(688) ack 142 win 5792 <nop,nop,timestamp 141630322 919639> (DF) (ttl 53, id 64152, len 740) The above is return traffic from kernel.org -> my PPPoE connection. Based on another tcpdump trace from another webserver download, I am presuming the 12 bytes difference (700-688 bytes) is actually overhead (PPPoE ?). References : Section 18.4 Maximum Segment Size; TCP/IP Illustrated, Volume 1, Richard Stevens.
