Re: [rlug] Problema acces site-uri prin tunel ip_gre intre linux si cisco 831

Tatulescu Andrei Sat, 12 Apr 2008 13:46:04 -0700

Salut,
Multumesc pentru ajutorul acordat. Am jonglat putin cu tcpmss-ul si acum totul 
functioneaza corespunzator. am setat tcpmss la 1400 si am pus si 
clamp-mss-to-pmtu, dar nu in mangle ci in forward.



----- Original Message ----
From: Radu Oprisan <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]; Romanian Linux Users Group <rlug@lists.lug.ro>
Sent: Friday, April 11, 2008 7:23:44 PM
Subject: Re: [rlug] Problema acces site-uri prin tunel ip_gre intre linux si 
cisco 831

Claudiu CISMARU wrote:
>> Va rog sa ma ajutati sa pot accesa si acele site-uri prin gre. Daca 
>> incerc sa pun mtu 1476 imi da urmatoarea eroare :  
>>
>> GREv0, length 1456: IP truncated-ip - 24 bytes missing! 
>> 86.107.224.2.2382 > 64.156.47.210.3002 
>>     
>
> Wrap la 72 ca ne zgarie pe ochi !!!
>
> Cine da mesajul ala? De UNDE incerci sa accesezi? De pe acel Linux, de 
> pe o statie legata prin el etc? UNDE incerci sa pui mtu la 1476? Pe 
> Linux, pe cisco, pe statie?
>   

Citat din manualul iptables:

   TCPMSS
       This target allows to alter the MSS value of TCP SYN packets,  
to  con-
       trol  the maximum size for that connection (usually limiting it 
to your
       outgoing interface's MTU minus 40).  Of course, it can only be 
used  in
       conjunction with -p tcp.  It is only valid in the mangle table.
       This  target  is  used to overcome criminally braindead ISPs or 
servers
       which block ICMP Fragmentation Needed packets.  The  symptoms  
of  this
       problem are that everything works fine from your Linux 
firewall/router,
       but machines behind it can never exchange large packets:
        1) Web browsers connect, then hang with no data received.
        2) Small mail works fine, but large emails hang.
        3) ssh works fine, but scp hangs after initial handshaking.
       Workaround: activate this option and add a rule to your  
firewall  con-
       figuration like:
        iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
                    -j TCPMSS --clamp-mss-to-pmtu

       --set-mss value
              Explicitly set MSS option to specified value.

       --clamp-mss-to-pmtu
              Automatically clamp MSS value to (path_MTU - 40).



_______________________________________________
RLUG mailing list
RLUG@lists.lug.ro
http://lists.lug.ro/mailman/listinfo/rlug





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
RLUG mailing list
RLUG@lists.lug.ro
http://lists.lug.ro/mailman/listinfo/rlug

Re: [rlug] Problema acces site-uri prin tunel ip_gre intre linux si cisco 831

Raspunde prin e-mail lui