Le lundi 26 février 2007 à 18:43 +0100, Pascal Hambourg a écrit : > Actually "clamp" means "decrease if bigger", the MSS is clamped only > when it is bigger than PMTU - 40. So it won't break anything. It will > just have no effect. Right, I didn't read the code far enough to notice that: if (tcpmssinfo->mss == IPT_TCPMSS_CLAMP_PMTU && oldmss <= newmss) return IPT_CONTINUE; > What about : > iptables -t mangle -A FORWARD -o eth1 -p tcp --tcp-flags SYN,RST SYN \ > -m tcpmss --mss 1453: -j TCPMSS --set-mss 1452 Makes sense. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
