s wrote:
I've got a problem with NAT connections on PPPOE.
My box is connected to internet via DSL, and I have some computers behind NAT.
I changed MTU on internal interfaces to 1492 and configured iptables with:
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
also I have squid cache installed for local workstations.
When I surfing net without squid everything works fine, no timeouts or something. Is good.
But when I use squid as a cache sometimes when squid uses POST method with huge amount of parameters, connection hangs. On tcpdump I see that one packet is repeated few times (5) and I got timeout message.
What's wrong ? Repeated packet has 1492 bytes lenght. But there's no answer from www server.
Pozdraviam
Przemyslaw Borkowski
I think the problem here is that squid will establish a connection locally from your box. So when your computers on the internal net surf directly, the MSS will be clamped to PMTU via your FORWARD rule. When your clients surf via your squid proxy, the SYN pakets MSS aren't clamped to PMTU.
So, you'll need the same rule to clamp the MSS for your OUTPUT rule.
Hope this helps
Sven
