NAT help?

William John Murray W.J.Murray at rl.ac.uk
Mon Sep 19 21:28:09 UTC 2005


> then the problem is somewhere else. You said you have MTU problems? If
> you are aDSL connected that is a more or less common problem. If unsure
> about the correct MTU size please ask your ISP. And running a NAT
> gateway it makes it necessary to lower the MSS. iptables has commands
> for that: keyword is "mss clamping":
> 
> http://iptables-tutorial.frozentux.net/chunkyhtml/x4700.html
> 
> On the other hand you can alternatively instruct the rp-pppoe to do
> that.
> 
> CLAMPMSS=1452
> 
> in ifcfg-ppp0 will cause rp-pppoe to set the MSS to 1452. This is 40
> bytes less than the MTU (max. PPPoE MTU size is 1492 - some ISPs run a
> setup which requires a smaller value of MTU and MSS). If the other side
> (target websites i.e.) have a nasty setup which prevents full PMTU
> detection, then a wrong setup on your side can cause what you face. Many
> pages are accessible, others not. Hope that helps a bit.
> 
> Alexander
> 
> 
> -- 
> Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
> legal statement: http://www.uni-x.org/legal.html
> Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
> Serendipity 14:33:00 up 19:43, 18 users, 0.04, 0.73, 1.46 
    Hi Alexander,
               Wonderful, you have solved my problem! IT was mss
clamping which rescued me.  I tried 
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp0
-j TCPMSS --set-mss 1460
as recommended by your reference, and both machines stopped working. [I
have a funny tunnel-in-a-tunnel via aol] Lower the mss to 1400 and both
work - I can access linuxtoday - and more importantly a certain airline
booking site.
      Thanks for taking the time with me; its is really good of you.
                  Bill
     
    




More information about the fedora-list mailing list