Hi Using OpenBSD as a firewall and NAT box, OpenBSD 4.2:
I have this rule: 'scrub in all max-mss 1400' When when two peers on opposite sides of this firewall attempt to connect, a TCP SYN packet passes in from peer-1 though one interface, with it's MSS field set to 1360, through a bi-nat rule and the above scrub rule, and exits another interface, and onwards to peer-2, it's MSS field value having been raised to 1400. (This effect observed using tcpdump on both interfaces at the same time). This causes problems, as the packets returned from the peer-2 are often too big for peer-1 to handle. Is the raising of the MSS field value expected behavior? The man page and FAQ, and the option name itself, indicated the max-mss value should set an upper limit, not an absolute value. So what am I doing wrong? How do I use max-mss to set an upper limit, rather than an absolute value? Regards Richard Get the name you always wanted with the new y7mail email address. www.yahoo7.com.au/y7mail
