Hi, On Saturday 21 January 2006 17:06, Jozsef Kadlecsik wrote: > On Sat, 21 Jan 2006, SainTiss wrote: > > As you are possibly behind an *DSL line, there might be that someone drops > ICMP fragmentation needed packets. Read TCPMSS target in the iptables > manpage and add the appropriate rule(s) to the firewall. Now that seems to help a lot, provided I put this rule as the FIRST one in the FORWARD chain, if I put it at the end, it doesn't change anything, probably because then -j ACCEPT gets priority: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu So thanks a lot! Hans > > Another possibility is an ECN hole somewhere between you and the > destinations: try disabling TCP ECN on the client and give a try. > > Best regards, > Jozsef > - > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : KFKI Research Institute for Particle and Nuclear Physics > H-1525 Budapest 114, POB. 49, Hungary -- If we cannot live so as to be happy, let us at least live so as to deserve it -- Immanuel Hermann Fichte People are promoted up to their level of incompetence -- Peter's Principle Ark Linux - Linux for the Masses (http://arklinux.org) Hans Schippers Aspirant FWO - Vlaanderen Formal Techniques in Software Engineering (FoTS) University of Antwerp Middelheimlaan 1 2020 Antwerpen - Belgium Phone: +32 3 265 38 71 Fax: +32 3 265 37 77
Attachment:
pgpll3st0HF0h.pgp
Description: PGP signature
