Re: broken SNAT with fixed external MTU

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: broken SNAT with fixed external MTU
Date: Thu, 14 Oct 2004 14:17:47 -0400	[thread overview]
Message-ID: <20041014181747.GA3929@bender.817west.com> (raw)
In-Reply-To: <416EA61A.9030600@lucomp.net>

On Thu, Oct 14, 2004 at 06:15:22PM +0200, Mailing List Reader wrote:
> Hello everybody,
> 
> My DSL router (very bad firmwares) wants me to force the MTU
> (buggy MTU auto-setting). The firewall has a public IP and mtu 1500:
> 
> ---snip
> #route to the router net
> ip route add 192.168.1.0/24 dev eth1 mtu 1440
> # default to the router (mtu not needed here)
> ip route add default via 192.168.1.1 mtu 1440
> --snip
> 
> the firewall itself NATs one client back-to-back connected
> (cable checked!):
> 
> ---snip
> #mss clamping 1)
> iptables -A FORWARD -d $net1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
> --set-mss 1440
> iptables -A FORWARD -s $net1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
> --set-mss 1440

try not to confuse MTU with MSS, as they are not the same.  if you're
going for an MTU of 1440--you should be setting MSS to 1400 (MSS = MTU -
40).

-j

-- 
Jason Opperisano <opie@817west.com>

next prev parent reply	other threads:[~2004-10-14 18:17 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-10-14 16:15 broken SNAT with fixed external MTU Mailing List Reader
2004-10-14 18:17 ` Jason Opperisano [this message]
2004-10-14 19:52   ` Luigi Corsello

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20041014181747.GA3929@bender.817west.com \
    --to=opie@817west.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.