> Have you tried the TCPMSS target ? I think it have been created to solve this > problem. > > Brice > Yes! Of course! iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400 And it does not work! As far as I understand as man pages say, this is a workaround if you are *behind* a router that block ICMP frag needed packets, but this packets *are* received at my routerbox but *NOT* unmasked&forwarded to the source host. -- Leonardo Arena
