MTU
Zdenek Prchal
prchal na vtdata.cz
Pondělí Únor 24 10:41:21 CET 2003
>
> : pak muze zmenseni PMTU dosahnout libovolny uzel po ceste,
> dokonce i ten
> : posledni -- kdyz misto prijeti paketu posle zpatky
> patricnou ICMP zpravu.
> : Ale mirne pochybuji o tom, ze to nekdo, specialne Linux, dela, je-li
> : konecnym cilem paketu.
>
> Tusi niekto, ci sa k tomu da donutit? Rychlym grepom cez zdrojaky
> sa zda, ze asi nie, ale mozno existuje nejaky trik.
>
Hmm, mozna by to castecne slo pres iptables, viz man iptables:
TCPMSS
This target allows to alter the MSS value of TCP SYN packets, to
con-
trol the maximum size for that connection (usually limiting it to
your
outgoing interface's MTU minus 40). Of course, it can only be used
in
conjunction with -p tcp.
This target is used to overcome criminally braindead ISPs or
servers
which block ICMP Fragmentation Needed packets. The symptoms of
this
problem are that everything works fine from your Linux
firewall/router,
but machines behind it can never exchange large packets:
1) Web browsers connect, then hang with no data received.
2) Small mail works fine, but large emails hang.
3) ssh works fine, but scp hangs after initial handshaking.
Workaround: activate this option and add a rule to your firewall
con-
figuration like:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
--set-mss value
Explicitly set MSS option to specified value.
--clamp-mss-to-pmtu
Automatically clamp MSS value to (path_MTU - 40).
These options are mutually exclusive.
Zdenek Prchal
Další informace o konferenci Linux