Just to clarify im running this on a gateway box (like theres many other
reasons id be using pppoe)
Actually the rule(s) are there, MY MISTAKE:
iptables-save > fw.txt
less fw.txt
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1412 -j
TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:15
36 -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1452 -j
TCPMSS --clamp-mss-to-pmtu
Why theres three, i couldnt say. One for every eth1 restart i guess. Thats not
good, shouldnt it check for the rule existing before adding it again. Or remove
it at if-down. I dont know what effect the 3 rules would have, so i edit the
0clampmss file to say 1412 then reboot the box.
Now ive got one rule
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1412 -j
TCPMSS --clamp-mss-to-pmtu
But still dont know how to specify mss value in pppoeconf.
Anyway so then i remove the mtu=1492 patch from the lan client, and...
Problem recurs, http-post hangs.
Windows XP (mtu 1500) ping test:
pings ok up to 1464 bytes,
1465 - 1472 inclusive 'request timed out',
1473+ return 'needs fragment but df set'.
Do i need to go even lower with mss? Or is something else likely the cause?
Firewall maybe? Ive got ICMP type 3 allowed incoming.
Regards
Peter
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
