pppoe and mss clamping via iptables
Hi,
pppoeconf has arranged for the following iptables rule to be
added when my Debian (sarge) firewall connects to the Internet
via my ADSL modem:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss
--mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
This rule clamps the mss regardless of which interface the packet
will be transmitted out through (ie not just the Internet ppp0
interface). Seeing as the firewall needs to "port forward" some
TCP services from the Internet to servers on my internal LAN, is
this appropriate ? Or should the clamping be applied ONLY to
packets going out to the Internet through ppp0 ? Ie would the
following rule be more appropriate ?
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss
--mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
-o ppp0
Guess if I new more about TCP/IP I'ld know the answer, but I don't :(
Regards,
Declan
Reply to: