Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

MSS clamp and Kernel Options [Solved]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
sonofwatt
n00b
n00b


Joined: 04 Jun 2008
Posts: 2
PostPosted: Wed Jun 04, 2008 9:56 am    Post subject: MSS clamp and Kernel Options [Solved] Reply with quote
I've setup up a home router as per the Gentoo Home Router guide (http://www.gentoo.org/doc/en/home-router-howto.xml). It worked wonderfully until I moved, got DSL, and had to install ppp. I'm experiencing problems that, from what I can tel,l is because of a poorly set MTU value: when I surf the internet through the router, some sites load, others do not. It seems to be a common problem.

However things are little more complicated than that. The recommended fix doesn't work: MSS-clamping, or restricting the MTU with the iptable. When I run commands like:
Code:
# iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1412

or
Code:
# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

I get this error:
Code:
# iptables: No chain/target/match by that name


My intuition tells me that this is probably because I didn't include something in my kernel that I was supposed to, or my iptables are screwy. I was hoping that someone could point me in the right direction. This is my current iptable setup:
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
REJECT     udp  --  anywhere             anywhere            udp dpt:bootps reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp dpt:domain reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       tcp  --  anywhere             anywhere            tcp dpts:0:1023
DROP       udp  --  anywhere             anywhere            udp dpts:0:1023

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             0.0.168.192.in-addr.arpa/16
ACCEPT     all  --  0.0.168.192.in-addr.arpa/16  anywhere   


Thanks for the help.

Last edited by sonofwatt on Fri Jun 06, 2008 4:11 am; edited 1 time in total
Back to top
View user's profile Send private message
massimo
Veteran
Veteran


Joined: 22 Jun 2003
Posts: 1226
PostPosted: Wed Jun 04, 2008 12:16 pm    Post subject: Reply with quote
Check your kernel config for TCPMSS.
_________________
Hello 911? How are you?
Back to top
View user's profile Send private message
sonofwatt
n00b
n00b


Joined: 04 Jun 2008
Posts: 2
PostPosted: Fri Jun 06, 2008 4:12 am    Post subject: Solved Reply with quote
TCPMSS wasn't in my kernel. I put it in, and now its fixed. Thanks a lot!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy