| 1 |
On Wednesday 14 January 2009, Mick wrote: |
| 2 |
> On Monday 12 January 2009, Walter Dnes wrote: |
| 3 |
|
| 4 |
> > The only suggestion I've found via Google is iptables "mangle". Does |
| 5 |
> > it manage to change MSS without changing MTU? If so, what is the |
| 6 |
> > invocation in the "mangle" table? |
| 7 |
|
| 8 |
> It would probably be something like: |
| 9 |
> |
| 10 |
> iptables --insert OUTPUT --jump TCPMSS --protocol tcp --set-mss 1408 |
| 11 |
|
| 12 |
Oops! I just checked the manual: |
| 13 |
=========================================================== |
| 14 |
TCPMSS |
| 15 |
This target allows to alter the MSS value of TCP SYN packets, to control |
| 16 |
the maximum size for that connection (usually limiting it to your outgoing |
| 17 |
interface's MTU minus 40). Of course, it can only be used in conjunction |
| 18 |
with -p tcp. It is only valid in the *mangle* table. |
| 19 |
=========================================================== |
| 20 |
|
| 21 |
Then the rule can be set as follows: |
| 22 |
=========================================================== |
| 23 |
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ |
| 24 |
-j TCPMSS --set-mss 1408 |
| 25 |
=========================================================== |
| 26 |
|
| 27 |
If you have forwarding disabled on your box I would try the OUTPUT chain |
| 28 |
instead of FORWARD and see what this gets you. |
| 29 |
|
| 30 |
> I think you can also set the advertised (by your machine) MSS for a network |
| 31 |
> using ip route: |
| 32 |
> |
| 33 |
> ip route add 192.168.1.0/24 dev eth0 advmss 1408 |
| 34 |
> |
| 35 |
> PS. I am not sure if the above will break your connection because of |
| 36 |
> dropped packets, or how it will interact with the MTU set at 1492. In my |
| 37 |
> case I have just set my MTU at 1492 to cater for the PPP authentication on |
| 38 |
> my ISP's ADSL network. I leave the MSS to be at what the kernel wants it |
| 39 |
> to be - typically MSS = MTU - 40. |
| 40 |
|
| 41 |
Hope this helps. |
| 42 |
-- |
| 43 |
Regards, |
| 44 |
Mick |
Archives