Jason Opperisano wrote:
On Thu, Oct 14, 2004 at 06:15:22PM +0200, Luigi Corsello wrote:
Hello everybody,
My DSL router (very bad firmwares) wants me to force the MTU (buggy MTU auto-setting). The firewall has a public IP and mtu 1500:
---snip #route to the router net ip route add 192.168.1.0/24 dev eth1 mtu 1440 # default to the router (mtu not needed here) ip route add default via 192.168.1.1 mtu 1440 --snip
the firewall itself NATs one client back-to-back connected
---snip
#mss clamping 1)
iptables -A FORWARD -d $net1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440
iptables -A FORWARD -s $net1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440
try not to confuse MTU with MSS, as they are not the same. if you're going for an MTU of 1440--you should be setting MSS to 1400 (MSS = MTU - 40).
Ykes! that was it. Too many sleepless nights flashing crappy firmwares. Thanks a lot!
/lc
-j
