pppoe and mss clamping via iptables

To: debian-firewall@lists.debian.org
Subject: pppoe and mss clamping via iptables
From: Declan Mullen <declan@mullen.net.au>
Date: Thu, 26 Aug 2004 17:25:04 +1000
Message-id: <[🔎] 412D9050.5020106@mullen.net.au>

Hi,

pppoeconf has arranged for the following iptables rule to beadded when my Debian (sarge) firewall connects to the Internetvia my ADSL modem:


  iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss
           --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu

This rule clamps the mss regardless of which interface the packetwill be transmitted out through (ie not just the Internet ppp0interface). Seeing as the firewall needs to "port forward" someTCP services from the Internet to servers on my internal LAN, isthis appropriate ? Or should the clamping be applied ONLY topackets going out to the Internet through ppp0 ? Ie would thefollowing rule be more appropriate ?


  iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss
           --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
           -o ppp0

Guess if I new more about TCP/IP I'ld know the answer, but I don't :(

Regards,
Declan

Reply to:

Prev by Date: Re: All these open ports
Next by Date: Inkjet and Laser Cartridges ~ Save up to 75%
Previous by thread: Re: All these open ports
Next by thread: Inkjet and Laser Cartridges ~ Save up to 75%
Index(es):
- Date
- Thread