Hi everybody
I have a little issue with MSS clamping on a DSL connected Bering System, maybe someone can enlighten me.
Shorewall release is 1.4.8 and yes, I have set CLAMPMSS to Yes
I see outgoing ftp connections to a remote site fail during a store operation, the remote site sets MSS to 1460, my outgoing connection sets it to 1452 (MTU less 40).
When the client on the internal network sends ftp data it gets back a ICMP type 3 code 4 , I assume it's because the external interface set it's size shorter than the internal interface.
I can see the MSS size of the incoming SYN,ACK at 1460 at the external and internel interface, so the client assumes 1460 is OK. I can see the outgoing MSS size reduced in the SYN packet to 1452, the incoming reply though is not modified to the shorter value.
BTW, reducing the MTU on the internal interface to the size of the external interface solves this problem. Should the value in the incoming SYN,ACK be reduced by CLAMPMSS?
thanks
Erich
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
