On Wed, 2005-01-12 at 23:50, Askar wrote: > Hello, > > can someone help mevto understand these rules... > > $iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 > $iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j > TCPMSS --set-mss 128 > MSS == Maximum Segment Size in english--it's the maximum amount of data that can be contained in a TCP packet. normal MSS calculation is: MSS = MTU - 40 so--for example on an ethernet interface; where MTU = 1500, the MSS would be 1460. a common reason to mess around with "-j TCPMSS --set-mss" is when you're tunneling your traffic over IPsec, and/or when PMTU discovery is broken. maybe i'm missing something, but 128 seems like an *awfully* low value to be forcing your MSS to. > Secondly is there any benefit of changing TOS of packets going out i-e... > > $iptables -A OUTPUT -t mangle -p tcp --dport http -j TOS --set-tos > Maximize-throughput i doubt it. -j -- "We only get thirty sweet noggy days. Then the government takes it away again." --The Simpsons
