On 2021-12-15 17:01:54 +0000, Tim Woodall wrote: > On Wed, 15 Dec 2021, Vincent Lefevre wrote: > > I've tried > > > > iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > > --clamp-mss-to-pmtu > > > > and > > > > iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1024 > > > I think you possibly want -A OUTPUT rules too.
This doesn't change anything. > And also ip6tables rules. There are no issues with IPv6. > If you're going via a firewall then you (usually) only need -A FORWARD > But if you're trying to configure it on your laptop itself you probably > need -A OUTPUT (and possibly -A INPUT). I can't use -A INPUT: # iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables v1.8.7 (nf_tables): RULE_APPEND failed (Invalid argument): rule in chain INPUT And similar error with "-I INPUT": iptables v1.8.7 (nf_tables): RULE_INSERT failed (Invalid argument): rule in chain INPUT -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
