Salut, Multumesc pentru ajutorul acordat. Am jonglat putin cu tcpmss-ul si acum totul functioneaza corespunzator. am setat tcpmss la 1400 si am pus si clamp-mss-to-pmtu, dar nu in mangle ci in forward.
----- Original Message ---- From: Radu Oprisan <[EMAIL PROTECTED]> To: [EMAIL PROTECTED]; Romanian Linux Users Group <rlug@lists.lug.ro> Sent: Friday, April 11, 2008 7:23:44 PM Subject: Re: [rlug] Problema acces site-uri prin tunel ip_gre intre linux si cisco 831 Claudiu CISMARU wrote: >> Va rog sa ma ajutati sa pot accesa si acele site-uri prin gre. Daca >> incerc sa pun mtu 1476 imi da urmatoarea eroare : >> >> GREv0, length 1456: IP truncated-ip - 24 bytes missing! >> 86.107.224.2.2382 > 64.156.47.210.3002 >> > > Wrap la 72 ca ne zgarie pe ochi !!! > > Cine da mesajul ala? De UNDE incerci sa accesezi? De pe acel Linux, de > pe o statie legata prin el etc? UNDE incerci sa pui mtu la 1476? Pe > Linux, pe cisco, pe statie? > Citat din manualul iptables: TCPMSS This target allows to alter the MSS value of TCP SYN packets, to con- trol the maximum size for that connection (usually limiting it to your outgoing interface's MTU minus 40). Of course, it can only be used in conjunction with -p tcp. It is only valid in the mangle table. This target is used to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets. The symptoms of this problem are that everything works fine from your Linux firewall/router, but machines behind it can never exchange large packets: 1) Web browsers connect, then hang with no data received. 2) Small mail works fine, but large emails hang. 3) ssh works fine, but scp hangs after initial handshaking. Workaround: activate this option and add a rule to your firewall con- figuration like: iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ -j TCPMSS --clamp-mss-to-pmtu --set-mss value Explicitly set MSS option to specified value. --clamp-mss-to-pmtu Automatically clamp MSS value to (path_MTU - 40). _______________________________________________ RLUG mailing list RLUG@lists.lug.ro http://lists.lug.ro/mailman/listinfo/rlug __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ RLUG mailing list RLUG@lists.lug.ro http://lists.lug.ro/mailman/listinfo/rlug