Le sam 03/05/2003 à 13:18, Hwang, Byoung Woo a écrit : [...] > but > packets from Internal LAN to Internet which are NATed by Masquerading > are > not controlled on TCP MSS size. > I have a reason why I cannot control on FORWARD chain. Problem is packets forwarded by your gateway do not cross OUTPUT chain, just FORWARD chain. Maybe you can try apply this kind of rule on mangle table* POSTROUTING chain ? * Should TCPMSS target only be available in mangle table ? -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
