Re: Change MTU for forwarded packets

To: "George Borisov" <george@dxsolutions.co.uk>
Cc: "Debian Firewall" <debian-firewall@lists.debian.org>
Subject: Re: Change MTU for forwarded packets
From: Bazy <bazy84@gmail.com>
Date: Wed, 23 Aug 2006 13:51:39 +0300
Message-id: <[🔎] 6c2184ab0608230351t5092253fu802343ccdf789e3e@mail.gmail.com>
In-reply-to: <[🔎] 44E5835F.9020500@dxsolutions.co.uk>
References: <[🔎] 44E5835F.9020500@dxsolutions.co.uk>

George,

How did you fix the problem in the end?







On 8/18/06, George Borisov <george@dxsolutions.co.uk> wrote:

Hello,

We have an IPSec VPN link between the UK and South Africa.
Unfortunately one of the routers upstream from our South Africa
firewall mangles large packets (e.g. only 2/3 chunks of a 4000
byte ping will be received.)

This was causing problems for LAN-to-LAN communication. Things
like SSH would work, but RDP would not.

We have managed to get around the problem by setting the MTU on
the UK LAN machines to 1328 (0x530, which is why it's so random.)

The obvious problem is that this needs to be done on every
machine on the network, which is a bit of a pain (especially as
we want to avoid rebooting the Windows servers.)

Is there a way of forcing an MTU size for forwarded traffic on
the firewall?

I have tried playing with TCPMSS in iptables, but I haven't
managed to get it to work.


Thank you in advance,

--
George Borisov

DXSolutions Ltd

Reply to:

Follow-Ups:
- Re: Change MTU for forwarded packets
  - From: George Borisov <george@dxsolutions.co.uk>

References:
- Change MTU for forwarded packets
  - From: George Borisov <george@dxsolutions.co.uk>

Prev by Date: ! Video con giovane teen, che fanno sesso per farti godere come e` possibile piu` lungo.
Next by Date: Re: Change MTU for forwarded packets
Previous by thread: Re: Change MTU for forwarded packets
Next by thread: Re: Change MTU for forwarded packets
Index(es):
- Date
- Thread