On Tue, 22 Feb 2005 10:55:27 +0800, Wenzhuo Zhang <wenzhuo@xxxxxxxxxx> wrote: > Yuwen Dai wrote: > > Any advice to diagnose this problem? I once thought maybe something > > wrong with the FORWARD rules, and tried to log the blocked > > packages. But there's no log info. > > Probably you're encoutering the Path MTU Discovery problem. There are > serveral solutions to this problem. > > 1. Lower the MTU of the network interface of your internal host. > > 2. Use the clamp-mss-to-pmtu feature of iptables: > # iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \ > --clamp-mss-to-pmtu Thank you. I used this rule to solved the problem. > > 3. Use the clamp MSS feature of rp-pppoe (e.g. -m 1412). > Now ppp uses a rp-pppoe.so plugin in peers/dsl-provider: plugin rp-pppoe.so eth0 instead of pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452" So I don't know if I can use an option. Best regards, Dai Yuwen
