On August 10, 2004 04:22 pm, Mészáros Gergely wrote: > Thank you ! It wooorks ! > > That clamp-mss magic worked for me, so I consider myself lucky. ^^ > > > iptables -I FORWARD -i $INTERNAL_IF -p tcp --syn -j TCPMSS > > --clamp-mss-to-pmtu > > Great! > > If it would be in the mangle table, i would dare to say i understand what > it does, but this case ... how can it send a larger packet in a smaller > one? magic :) Actually we don't stuff a larger packet in a smaller one. The system that has this rule can ensure that its neighbours use the correct packet size ~~ Although I am not aware of the specifics, I believe that there (is/are) more than one mechanism for managing this. Alistair... Anyone: Does this TCPMSS in mangle table actually mangle packet contents during the TCP handshake and forcibly set the MSS in the handshake packets?? (sorry -- tired tonight and can't figure the relevant lines in the source -- other half had annual celebratory day today and we've had a nice night out) > > I tried Anthony's mangle version also but something must be missing here to > make it work: iptables -t mangle -A POSTROUTING -o EXTIF -j TCPMSS > --clamp-mss-to-mtu iptables v1.2.9: Unknown arg `--clamp-mss-to-mtu' > Mabbe modules? Or I misspelled it? > > However it works, so i'm happy. > Thank you very much both of you, gurus ! :) > If you come to Budapest, you are my guest for a beer ! > > 1 MonK
