Re: firewall script - iptables syntaxis

To: debian-firewall@lists.debian.org
Subject: Re: firewall script - iptables syntaxis
From: Gian Piero Carrubba <gp-ml@rm-rf.it>
Date: Thu, 26 May 2005 08:24:18 +0200
Message-id: <[🔎] 1117088659.5168.8.camel@king.fdc.rm-rf.it>
In-reply-to: <[🔎] 20050524175928.A4E212DD97@murphy.debian.org>
References: <[🔎] 20050524175928.A4E212DD97@murphy.debian.org>

Il giorno mar, 24/05/2005 alle 14.59 -0300, Marcelo Lafaille ha scritto:

> Chain FORWARD
> TCPMSS  tcp  --  anywhere   anywhere   tcp flags:SYN,RST/SYN tcpmss match
> 1400:1536 TCPMSS clamp to PMTU
>
> when i don´t have this line, i can´t download pop3 mails... (pppoeconf adds
> it)
> 
> so i´d like to know what syntaxis i have to put in my firewall script for
> this line to appear.. (clear?!?!.. hope so!)


>From /usr/share/doc/ppp/README.Debian.gz:

<quote>
MSS clamping
~~~~~~~~~~~~
If the computer running pppd acts as a router for other machines, you
probably want to make it reduce the MSS field of outgoing packets, to
avoid fragmentation and problems caused by path MTU blackholing.
You may add something like this to /etc/ppp/ip-up.d/local:

iptables --insert FORWARD 1 --proto tcp --tcp-flags SYN,RST SYN \
        --out-interface $PPP_IFACE --match tcpmss --mss 1400:1536 \
        --jump TCPMSS --clamp-mss-to-pmtu
</quote>

If you use pppoe, you can also use the -m option of pppoe.

Ciao,
Gian Piero.

Reply to:

Follow-Ups:
- RE: firewall script - iptables syntaxis
  - From: "Marcelo Lafaille" <debian@limpro.com.ar>

References:
- firewall script - iptables syntaxis
  - From: "Marcelo Lafaille" <debian@limpro.com.ar>

Prev by Date: Balanceamento de trafego
Next by Date: New iptables, no server. Hmm..
Previous by thread: Re: problems with masquerade ??
Next by thread: RE: firewall script - iptables syntaxis
Index(es):
- Date
- Thread