RE: firewall script - iptables syntaxis
Problem Solved!
Thank you very much!! (Tante grazie!)
Marcelo
> -----Mensaje original-----
> De: Gian Piero Carrubba [mailto:gp-ml@rm-rf.it]
> Enviado el: Jueves, 26 de Mayo de 2005 03:24
> Para: debian-firewall@lists.debian.org
> Asunto: Re: firewall script - iptables syntaxis
>
> Il giorno mar, 24/05/2005 alle 14.59 -0300, Marcelo Lafaille
> ha scritto:
>
> > Chain FORWARD
> > TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN tcpmss match
> > 1400:1536 TCPMSS clamp to PMTU
> >
> > when i don´t have this line, i can´t download pop3 mails...
> (pppoeconf
> > adds
> > it)
> >
> > so i´d like to know what syntaxis i have to put in my
> firewall script
> > for this line to appear.. (clear?!?!.. hope so!)
>
>
> >From /usr/share/doc/ppp/README.Debian.gz:
>
> <quote>
> MSS clamping
> ~~~~~~~~~~~~
> If the computer running pppd acts as a router for other
> machines, you probably want to make it reduce the MSS field
> of outgoing packets, to avoid fragmentation and problems
> caused by path MTU blackholing.
> You may add something like this to /etc/ppp/ip-up.d/local:
>
> iptables --insert FORWARD 1 --proto tcp --tcp-flags SYN,RST SYN \
> --out-interface $PPP_IFACE --match tcpmss --mss 1400:1536 \
> --jump TCPMSS --clamp-mss-to-pmtu </quote>
>
> If you use pppoe, you can also use the -m option of pppoe.
>
> Ciao,
> Gian Piero.
>
>
>
Reply to: