Re: [Solved] iptables firewall and web sites not loading

[Pascal Hambourg <pascal@plouf.fr.eu.org>]

Le 10/12/2019 à 20:13, nektarios a écrit :
> > Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> > > Maybe a "MTU black hole" issue with PPPoE.
> > > Workarounds :
> > > - lower the MTU on the client side to 1492
> > > - add a "TCPMSS --clamp-to-pmtu" iptables rule on the router
(...)
> The tip you gave me really did the job! I found this page in tldp.org
> describing the mtu issue
> http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/mtu-issues.html and the I
> simply ran the iptables command
> ```
>   iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
>   --clamp-mss-to-pmtu
> ```
> and it was fixed!

Please note that
- It's a hack. It does not fix the actual issue (inbound packets bigger 
than the PMTU are silently dropped).
- It works only for TCP.
- This rule works only for IPv4. If you have IPv6 connectivity, you must 
add a similar ip6tables rule.
- It does not work inside VPNs and tunnels which hide the actual PMTU.