iptables -t filter -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
* - * - * Tzahi Fadida [EMAIL PROTECTED] Technion Email: [EMAIL PROTECTED] My Cool Site: HTTP://WWW.My2Nis.Com * - * - * - * - * - * - * - * - * - * WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Nadav Har'El > Sent: Wednesday, October 02, 2002 2:33 PM > To: Official Flamer/Cabal NON-Leader > Cc: Manor G.; My Own Private List > Subject: Re: IP-MASQ+win2000 > > > On Wed, Oct 02, 2002, Official Flamer/Cabal NON-Leader wrote > about "Re: IP-MASQ+win2000": > > Quoth Manor G.: > > > > > Does anyone use his box as an ip-masq router for win2000 > machines and > > > knows exacly how to change the mtu in win2k's regedit? > because i tried > > > > Don't change Win2k. Change TCP MSS values on the Firewall. > > > > > p.s > > > can it be related to some icmp blocks which i Dont have > in my firewall > > > rules > > > > No. > > Why not? If he didn't block ICMP Fragmentation Needed, TCP's > automatic PMTU > discovery would work and there would be no need in setting it > manually, > other than improvement of handshake time. > > And do all firewalls support fiddling with MSS values on SYNs passing > through them? Ipchains couldn't do this (as far as I know). > Can iptables? > > -- > Nadav Har'El | Wednesday, Oct 2 > 2002, 26 Tishri 5763 > [EMAIL PROTECTED] > |----------------------------------------- > Phone: +972-53-245868, ICQ 13349191 |A computer program does > what you tell it > http://nadav.harel.org.il |to do, not what you want > it to do. > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > > > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
