Thank you ! It wooorks ! That clamp-mss magic worked for me, so I consider myself lucky. ^^ > iptables -I FORWARD -i $INTERNAL_IF -p tcp --syn -j TCPMSS --clamp-mss-to-pmtu Great! If it would be in the mangle table, i would dare to say i understand what it does, but this case ... how can it send a larger packet in a smaller one? magic :) I tried Anthony's mangle version also but something must be missing here to make it work: iptables -t mangle -A POSTROUTING -o EXTIF -j TCPMSS --clamp-mss-to-mtu iptables v1.2.9: Unknown arg `--clamp-mss-to-mtu' Mabbe modules? Or I misspelled it? However it works, so i'm happy. Thank you very much both of you, gurus ! :) If you come to Budapest, you are my guest for a beer ! 1 MonK
