On Fri, Sep 09, 2005 at 03:18:24PM +0200, Stephan A. Rickauer wrote: > That's probably a quick one: > > mtu - IPheader - TCPheader = max-mss? > > E.g. for ethernet: > > 1500 - 20 - 20 = 1460?
<nod> i use the max-mss like this: scrub on $t all fragment reassemble reassemble tcp no-df random-id max-mss 1200 as $t is used on this machine for VPN to work, which is a cisco concentrator(that might not matter). some things between me and it choke royally if the mss the endpoints agree on is greater than something between 1200-1300 ( segments greater than that never arrive at the other destination ). smells like something at the remote end is setting DF, and then it goes through a hop who wants to fragment it but honours the DF. me cinching down my mss is the only way i've been able to make everything work consistently. > Thanks! BTW: What's a good value for max-ttl? I do understand what it > does but I don't see the reason behind it ... you could set max-ttl to a very high number if you'd like traceroutes to become very unuseful :P i'm not certain of a good reason to restrict max-ttl to a lower-than-typical number other than enforcing a local policy where for one reason or another, it is the case that you have a machine who should never be talking to machines more than X hops away.. i've thought about it for trivia's sake, but haven't been exposed to a scenario where it was a factor in a solution ( tho am interested in examples ). jared - [ openbsd 3.7 GENERIC ( sep 1 ) // i386 ]
