On Thu, Oct 14, 2004 at 06:15:22PM +0200, Mailing List Reader wrote: > Hello everybody, > > My DSL router (very bad firmwares) wants me to force the MTU > (buggy MTU auto-setting). The firewall has a public IP and mtu 1500: > > ---snip > #route to the router net > ip route add 192.168.1.0/24 dev eth1 mtu 1440 > # default to the router (mtu not needed here) > ip route add default via 192.168.1.1 mtu 1440 > --snip > > the firewall itself NATs one client back-to-back connected > (cable checked!): > > ---snip > #mss clamping 1) > iptables -A FORWARD -d $net1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --set-mss 1440 > iptables -A FORWARD -s $net1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --set-mss 1440 try not to confuse MTU with MSS, as they are not the same. if you're going for an MTU of 1440--you should be setting MSS to 1400 (MSS = MTU - 40). -j -- Jason Opperisano <opie@xxxxxxxxxxx>
