Patrick McHardy wrote: > Andreas Steinmetz wrote: >> Patrick McHardy wrote: >> >>> Andreas Steinmetz wrote: >>> >>>> [...] >>>> The tcpdump on the client shows that the mss of the incoming syn reply >>>> packet is *NOT* clamped to the ppp interface mtu. >>> >>> You forgot to mention *how* you're clamping the MSS. Using >>> TCPMSS? Do you have a rule for incoming packets? >>> >> >> The relevant iptables commands I do use for masquerading and clamping are: >> >> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE >> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \ >> --clamp-mss-to-pmtu > > > Two things here: > > - tcpdumps on ppp0 will show unclamped packets since they haven't > been forwarded yet >
That is true, I know this. > - assuming you have ethernet internally, the PMTU from your router > to the internal hosts is 1500, so it won't do any clamping. > Yep, internal PMTU is 1500, still the incoming packets are clamped to 1452 on the one line and not clamped on the other. > Does that explain it? > > A useful thing for TCPMSS for routers would be to clamp to the > minimum of the PMTU of both directions. But thats not supported > so far. > I wonder, as somteimes it gets clamped. If it would never have been clamped I wouldn't have asked. -- Andreas Steinmetz SPAMmers use [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
