From mboxrd@z Thu Jan  1 00:00:00 1970
From: sebastien Robart <robart@h3d.com>
Date: Sun, 23 Sep 2001 22:35:42 +0000
Subject: Re: [LARTC] Firewall+NAT: only succeeds for SOME external sites??
Message-Id: <marc-lartc-100128448124349@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-100102468021752@msgid-missing>
In-Reply-To: <marc-lartc-100102468021752@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

With rp-pppoe, mss clamping doesn't seem working. I have same problem 
with the 2 sites.

With iptables, i have add the tcpmss target and add a rule as indicate 
in kernel doc
"iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
--clamp-mss-to-pmtu"
and it work perfectly now. I can change mtu and mru (still don't know 
what is mru) without problem.

thx

seb


bert hubert wrote:

>On Fri, Sep 21, 2001 at 11:43:10AM +0200, sebastien Robart wrote:
>
>>i use pppoe and nat too. I have problems with 2 sites (63.238.77.237 and 
>>195.101.41.250) only when i change the mru option (rp-pppoe), not the 
>>mtu. And problem are only for box behind the gateway, directly from the 
>>gateway i have no problem.
>>seem a masq + mru bug. (don't ask me what is mru, i didn't have found 
>>something on it)
>>
>
>When using pppoe with masquerading, or any networking at all, use MSS
>Clamping, either in the pppoe-daemon or in iptables itself. This solves a
>lot or problems with path MTU discovery.
>
>Regards,
>
>bert
>



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/