Re: ADSL <-> Debian Etch <-> Wi-Fi: correct MTU|MRU
На Mon, 12 Feb 2007 16:40:25 +0300
"Mike Gusev" <mike.gusev@tochka.ru> записано:
> Есть debian etch с двумя сетевухами. в одной торчит ADSL-модем, в
> другой - Wi-Fi точка доступа. Удаленная машинка с Оффтопиком XP через
> маскарадинг половину сайтов видит, половину - нет. (google видит,
> yandex не видит). Проблема решается установкой корректных mtu|mru? и
> каких именно? Спасибо.
>
TCPMSS
This target allows to alter the MSS value of TCP SYN packets, to
control the maximum size for that connection (usually limiting it to
your outgo- ing interface's MTU minus 40). Of course, it can only be
used in conjunction with -p tcp. It is only valid in the mangle table.
This target is used to overcome criminally braindead ISPs or servers
which block ICMP Fragmentation Needed packets. The symptoms of this
problem are that everything works fine from your Linux firewall/router,
but machines behind it can never exchange large packets: 1) Web
browsers connect, then hang with no data received. 2) Small mail works
fine, but large emails hang. 3) ssh works fine, but scp hangs after
initial handshaking. Workaround: activate this option and add a rule to
your firewall configuration like:
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
--set-mss value
Explicitly set MSS option to specified value.
--clamp-mss-to-pmtu
Automatically clamp MSS value to (path_MTU - 40).
These options are mutually exclusive.
iptables(8)
Оно?
Reply to: