what is --set-mes 128

All of lore.kernel.org
 help / color / mirror / Atom feed

* what is --set-mes 128
@ 2005-01-13  4:50 Askar
  2005-01-13  5:16 ` Jason Opperisano
  0 siblings, 1 reply; 3+ messages in thread
From: Askar @ 2005-01-13  4:50 UTC (permalink / raw)
  To: netfilter

Hello,

can someone help mevto understand these rules...

$iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128
$iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j
TCPMSS --set-mss 128

Secondly is there any benefit of changing TOS of packets going out i-e...


$iptables -A OUTPUT -t mangle -p tcp --dport http -j TOS --set-tos
Maximize-throughput

any help will be greatly appreciated.

regards

Askar

-- 
(after bouncing head on desk for days trying to get mine working, I'll make
your life a little easier)


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: what is --set-mes 128
  2005-01-13  4:50 what is --set-mes 128 Askar
@ 2005-01-13  5:16 ` Jason Opperisano
  2005-01-13  6:13   ` Askar
  0 siblings, 1 reply; 3+ messages in thread
From: Jason Opperisano @ 2005-01-13  5:16 UTC (permalink / raw)
  To: netfilter

On Wed, 2005-01-12 at 23:50, Askar wrote:
> Hello,
> 
> can someone help mevto understand these rules...
> 
> $iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128
> $iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j
> TCPMSS --set-mss 128
> 

MSS == Maximum Segment Size

in english--it's the maximum amount of data that can be contained in a
TCP packet.

normal MSS calculation is:

MSS = MTU - 40

so--for example on an ethernet interface; where MTU = 1500, the MSS
would be 1460.

a common reason to mess around with "-j TCPMSS --set-mss" is when you're
tunneling your traffic over IPsec, and/or when PMTU discovery is broken.

maybe i'm missing something, but 128 seems like an *awfully* low value
to be forcing your MSS to.

> Secondly is there any benefit of changing TOS of packets going out i-e...
> 
> $iptables -A OUTPUT -t mangle -p tcp --dport http -j TOS --set-tos
> Maximize-throughput

i doubt it.

-j

--
"We only get thirty sweet noggy days.  Then the government takes it
 away again."
	--The Simpsons

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: what is --set-mes 128
  2005-01-13  5:16 ` Jason Opperisano
@ 2005-01-13  6:13   ` Askar
  0 siblings, 0 replies; 3+ messages in thread
From: Askar @ 2005-01-13  6:13 UTC (permalink / raw)
  To: netfilter

Thank you very much simpson ..ooops imean jason :)


On Thu, 13 Jan 2005 00:16:01 -0500, Jason Opperisano <opie@817west.com> wrote:
> On Wed, 2005-01-12 at 23:50, Askar wrote:
> > Hello,
> >
> > can someone help mevto understand these rules...
> >
> > $iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128
> > $iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j
> > TCPMSS --set-mss 128
> >
> 
> MSS == Maximum Segment Size
> 
> in english--it's the maximum amount of data that can be contained in a
> TCP packet.
> 
> normal MSS calculation is:
> 
> MSS = MTU - 40
> 
> so--for example on an ethernet interface; where MTU = 1500, the MSS
> would be 1460.
> 
> a common reason to mess around with "-j TCPMSS --set-mss" is when you're
> tunneling your traffic over IPsec, and/or when PMTU discovery is broken.
> 
> maybe i'm missing something, but 128 seems like an *awfully* low value
> to be forcing your MSS to.
> 
> > Secondly is there any benefit of changing TOS of packets going out i-e...
> >
> > $iptables -A OUTPUT -t mangle -p tcp --dport http -j TOS --set-tos
> > Maximize-throughput
> 
> i doubt it.
> 
> -j
> 
> --
> "We only get thirty sweet noggy days.  Then the government takes it
>  away again."
>         --The Simpsons
> 
> 


-- 
(after bouncing head on desk for days trying to get mine working, I'll make
your life a little easier)


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2005-01-13  6:13 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-13  4:50 what is --set-mes 128 Askar
2005-01-13  5:16 ` Jason Opperisano
2005-01-13  6:13   ` Askar

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.