[Firehol-support] PPPoE TCP MSS clamping / match
Daniel Pittman
daniel at rimspace.net
Wed Dec 10 13:00:19 GMT 2003
In order to use my ADSL connection, I need to clamp the MSS value on TCP
connections to something slightly lower than a standard Ethernet value.
Anyway, the "standard" way of achieving this for the in-kernel PPPoE
driver is to issue the following iptables command:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
Now, I can obviously stick that in using the 'iptables' command, but
that is a bit less selective than I will want to be in the near future.
So, any chance of seeing an action to implement this? I would suggest:
tcpmss ( 'pmtu' | <number> ) <optional rule parameters>
If the argument is 'pmtu', pass the '--clamp-mss-to-pmtu' option,
otherwise pass '--set-mss <number>'.
Having it match on the 'router' statement, etc, would be ideal.
That way I don't need to fiddle with the interface matching and so on
when I have a PPPoE link and an 802.11 link heading out of the same box,
and I need to clamp the MSS on only one of them.
Daniel
--
Reality is not as strong as perception. Perception all too often swallows
reality and spits it out in a new, unrecognizable form.
-- Maytee Aspuro
More information about the Firehol-support
mailing list