Adam Hardy <adam....@cyberspaceroad.com> wrote: > Chain FORWARD (policy ACCEPT) > target prot opt source destination > TCPMSS tcp -- anywhere anywhere tcp > flags:SYN,RST/SYN TCPMSS set 1460
So you're clamping TCPMSS at 1460? What if the MSS needs to be lower, i.e. your MTU has dropped? (I'm not sure how iptables handles this situation as I don't usually need to fiddle MSS and MTU.) Would you remove this rule and retest, please? > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > DROP icmp -- anywhere anywhere icmp > destination-unreachable > DROP icmp -- anywhere anywhere state INVALID I'm nervous of these two rules, too. Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ort2p7xl2t....@news.roaima.co.uk
