Perhaps you want to say: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
? Another simple possibility for small networks is to adjust the default MSS of every client to something about 1400. (that value fits for nearly every kind of tunnel) Christian PS: Something like a crazy workaround is to establish two tunnels and bundle them with MPP. Finally you could get 'virtual' 1500 MSS. Normally used for real time traffic solutions. -----Original Message----- From: Teun Vink [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2003 10:33 AM To: Jeff S Wheeler Cc: debian-isp@lists.debian.org Subject: Re: gre tunnel MTU adjustment ... Hi, I use a GRE tunnel between my DSL connection at home and the network of the ISP I work for. I use this iptables line in my setup, which fixes the MTU for all outgoing packets: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp Works just fine... ...
