On Thu, 2003-05-15 at 09:40, Jeff S Wheeler wrote: > Dear List, > > I have a GRE tunnel setup between a debian linux/zebra router at my > co-lo and my home office. This allows me to have a /27 without coughing > up $7/IP to the local cable monopoly. There are no other broadband IP > options available. > > My problem is I can't raise the MTU on the intermediate links over which > the tunneled packets must travel, thus the MTU of my GRE tunnel is less > than 1500. Many popular Internet sites, including paypal, hotmail, > portions of Yahoo, and my beloved friendster, have utterly broken Path > MTU Detection. The problem is wide-spread, and I don't think these > sites are going to correct their problem or disable PMTUd on their > servers, load balancers, and whatnot. > > Cisco routers have the ability to fragment and reassemble IP packets > traversing GRE tunnels in order to effectively increase the tunnel MTU. > The command syntax is e.g. `ip mtu 1500` in interface configuration. > > Is similar functionality available on linux? If not, can someone with > iptables clue give me an example of how to disable the IP Don't-Fragment > bit on ip packets that are being routed to my tunnel, allowing them to > be fragmented even though the transmitting TCP stack has set DF? > > Kind thanks,
Hi, I use a GRE tunnel between my DSL connection at home and the network of the ISP I work for. I use this iptables line in my setup, which fixes the MTU for all outgoing packets: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp Works just fine... grtz, Teun Vink -- BOFH excuse #382: Someone was smoking in the computer room and set off the halon systems.
