Stuart Henderson wrote: > On 2010-01-12, Dirk Mast <condo...@gmail.com> wrote: >> Dirk Mast wrote: >> >>> Peter N. M. Hansteen wrote: >> >>>> the problem went away. tcpdump output of successful and failing >>>> connetions would be instructive, along with the actual error messages, >>>> if any. >> >> Request to wiki (see those long timestamps), hope this helps_ >> >> Jan 12 23:22:06.181513 PPPoE >> code Session, version 1, type 1, id 0x0580, length 114 >> IP: 195.50.140.178.53 > x.x.x.x.18336: 26867 2/0/1 CNAME >> rr.esams.wikimedia.org., A 91.198.174.2 (84) >> Jan 12 23:22:06.184287 PPPoE >> code Session, version 1, type 1, id 0x0580, length 62 >> IP: x.x.x.x.51519 > 91.198.174.2.80: S 126511392:126511392(0) win >> 5840 <mss 1460,sackOK,timestamp 6393340 0,nop,wscale 7> (DF) > ^^^^^^^^ > > Your 'match in all scrub (no-df max-mss 1440)' is not affecting > the mss on these packets, take a close look at your ruleset to try > and work out why, though it might be as simple as removing 'in'..
It seems it was as simple as removing in! > 91.198.174.3.80: S 4156933704:4156933704(0) win 5840 <mss 1440,sackOK,timestamp 3758621 0,nop,wscale 7>
