Try reducing the MTU on the internal machine to 1452, and see if the
problem goes away. If it does, you need to set a rule on iptables of the
outgoing filter to change the MSS on outgoing SYNs. I don't remeber what
it was.
If you want to understand why it happens, I, as well as a few other
people, wrote a pretty detailed explanation to the list a few months ago
(search the archives). If you want, I can explain it to you over the
lunch you owe me.
Shachar
Aviram Jenik wrote:
>A question to the MTU gurus (Muli/Dani?):
>
>I'm pretty sure I have an MTU problem. However, I can't figure out:
>A. How to 'debug' it (i.e. I don't know if the problem is really MTU)
>B. What the problem is (if it exists).
>
>I think that (A) is especially important, since I'm getting the feeling I'm
>chasing ghosts;
>
>The symptoms are as follows:
>I'm have an excellent ADSL connection, but connecting to certain servers
>using timeout-sensitive protocols I am having problems. For example, when
>trying to upload files to my FTP server, either using FTP or SSH + rz, the
>connection takes forever and breaks up in the middle quite frequently.
>Pinging the server shows that my packet loss is negligible and that the
>connection is fast (~35ms, <1% packet loss). Other people can FTP with no
>problems. I have no other problems with that server or with my Internet
>connection in general (i.e SMTP, HTTP all work quite nicely). The only think
>I can think of is some strange MTU problem.
>
>For example, trying to FTP from my linux connection (the one connected to an
>ADSL) via FTP fails miserably with timeouts. The connection is done
>directly, so it's not a masquerading problem.
>
>Now the facts:
>The MTU on the ppp0 interface is: 1452
>The MTU on the eth1 interface (the one connected to the ADSL modem) is: 1500
>
>as far as I can tell from the how-to, that should be the right values. Any
>idea how I can debug it and/or fix the problem?
>
>Thanks,
>Aviram Jenik
>Beyond Security Ltd.
>http://www.BeyondSecurity.com
>http://www.SecuriTeam.com
>
>Know that you're safe:
>http://www.AutomatedScanning.com
>
>
>
>=================================================================
>To unsubscribe, send mail to [EMAIL PROTECTED] with
>the word "unsubscribe" in the message body, e.g., run the command
>echo unsubscribe | mail [EMAIL PROTECTED]
>
>
>
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
