Hi, At 09:31 05/03/02 +0200, you wrote: >Try reducing the MTU on the internal machine to 1452, and see if the >problem goes away. If it does, you need to set a rule on iptables of the >outgoing filter to change the MSS on outgoing SYNs. I don't remeber what >it was.
As I know, this iptables thing is another way to the reducing MTU thing. If reducing MTU fixing the problem you shouldnt play with the iptables thing. Anyway, if I understand you right, here is the command to do that: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu >If you want to understand why it happens, I, as well as a few other >people, wrote a pretty detailed explanation to the list a few months ago >(search the archives). If you want, I can explain it to you over the lunch >you owe me. > > Shachar > > >Aviram Jenik wrote: > >>A question to the MTU gurus (Muli/Dani?): >> >>I'm pretty sure I have an MTU problem. However, I can't figure out: >>A. How to 'debug' it (i.e. I don't know if the problem is really MTU) >>B. What the problem is (if it exists). >> >>I think that (A) is especially important, since I'm getting the feeling I'm >>chasing ghosts; >> >>The symptoms are as follows: >>I'm have an excellent ADSL connection, but connecting to certain servers >>using timeout-sensitive protocols I am having problems. For example, when >>trying to upload files to my FTP server, either using FTP or SSH + rz, the >>connection takes forever and breaks up in the middle quite frequently. >>Pinging the server shows that my packet loss is negligible and that the >>connection is fast (~35ms, <1% packet loss). Other people can FTP with no >>problems. I have no other problems with that server or with my Internet >>connection in general (i.e SMTP, HTTP all work quite nicely). The only think >>I can think of is some strange MTU problem. >> >>For example, trying to FTP from my linux connection (the one connected to an >>ADSL) via FTP fails miserably with timeouts. The connection is done >>directly, so it's not a masquerading problem. >> >>Now the facts: >>The MTU on the ppp0 interface is: 1452 >>The MTU on the eth1 interface (the one connected to the ADSL modem) is: 1500 >> >>as far as I can tell from the how-to, that should be the right values. Any >>idea how I can debug it and/or fix the problem? >> >>Thanks, >>Aviram Jenik >>Beyond Security Ltd. >>http://www.BeyondSecurity.com >>http://www.SecuriTeam.com >> >>Know that you're safe: >>http://www.AutomatedScanning.com >> >> >> >>================================================================= >>To unsubscribe, send mail to [EMAIL PROTECTED] with >>the word "unsubscribe" in the message body, e.g., run the command >>echo unsubscribe | mail [EMAIL PROTECTED] >> >> > > > >================================================================= >To unsubscribe, send mail to [EMAIL PROTECTED] with >the word "unsubscribe" in the message body, e.g., run the command >echo unsubscribe | mail [EMAIL PROTECTED] -- Best Regards, Eran Levy. "This is Linux country. If you listen carefully, you can hear Windows reboot..." WebSite: http://levy.dyn.dhs.org ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]