From: Julian Gomez <kluivert@tm.net.my>
To: netfilter@lists.netfilter.org
Subject: Re: TCM MSS control over OUTPUT chain
Date: Sat, 3 May 2003 13:31:55 +0800 [thread overview]
Message-ID: <20030503053155.GA27503@floyd> (raw)
In-Reply-To: <000101c3111c$db9d9540$100aa8c0@bwhwangnotepc>
On Sat, May 03, 2003 at 11:36:53AM +0900, Hwang, Byoung Woo spoke thusly:
>Hi, all
>I tried to control the size of TCP MSS but failed by
>following command. I have a reason to contorl TCP MSS size on OUPUT
>chain
>not FORWARD chain.
>
>iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss
>1400
Works fine for me, on a RH errata 2.4.18-27.8.0 kernel, all patched up.
iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
--set-mss 700
wget http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.0.tar.gz
[root@floyd sysconfig]# tcpdump -i ppp0 -n -vvv port 80 and host
www.kernel.org
tcpdump: listening on ppp0
13:19:38.943278 219.94.59.140.33071 > 204.152.189.116.http: S [tcp sum ok]
3437729883:3437729883(0) win 5808 <mss 700,sackOK,timestamp 919615
0,nop,wscale 0> (DF) (ttl 64, id 36964, len 60)
13:19:39.183301 204.152.189.116.http > 219.94.59.140.33071: S [tcp sum ok]
3432899063:3432899063(0) ack 3437729884 win 5792 <mss 1412,sackOK,timestamp
141630295 919615,nop,wscale 0> (DF) (ttl 53, id 0, len 60)
[ snip the rest of 3-way handshake output gibberish ]
13:19:39.499854 204.152.189.116.http > 219.94.59.140.33071: . 689:1377(688)
ack 142 win 5792 <nop,nop,timestamp 141630322 919639> (DF) (ttl 53, id
64152, len 740)
The above is return traffic from kernel.org -> my PPPoE connection. Based
on another tcpdump trace from another webserver download, I am presuming
the 12 bytes difference (700-688 bytes) is actually overhead (PPPoE ?).
References : Section 18.4 Maximum Segment Size; TCP/IP Illustrated, Volume
1, Richard Stevens.
next prev parent reply other threads:[~2003-05-03 5:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-03 2:36 TCM MSS control over OUTPUT chain Hwang, Byoung Woo
2003-05-03 5:31 ` Julian Gomez [this message]
2003-05-03 11:18 ` Hwang, Byoung Woo
2003-05-03 11:36 ` Cedric Blancher
2003-05-03 12:07 ` leolistas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030503053155.GA27503@floyd \
--to=kluivert@tm.net.my \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.