Re: [Fwbuilder-discussion] Clamp MSS to MTU
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] Clamp MSS to MTU
|
From: Vadim K. ✎ <va...@vk...> - 2008-07-03 13:00:50
|
On Jul 3, 2008, at 4:31 AM, Nicole Hähnel wrote: > Hi, > > I have written that this does not work for us!? > Strongswan makes it impossible to use the automatic generated rule. > > if strongswan adds new rules with "iptables -I FORWARD 1", then these rules go into the filter table and do not change order of rules in the mangle table. On the other hand if strongswan adds any rules to the mangle table using "-I", then of course order will change. I downloaded strongswan 4.2.4 and inspected script updown that updates iptables rules when vpn tunnel is established or disconnected. It does not look like they do anything with mangle table, all rules they add go into the filter table. --vk > Nicole > > > Alexander Runge schrieb: >> Right click on your firewall object -> Edit -> Firewall Settings >> check: CLAMP MSS to MTU >> >> >> Hth, Alex! >> >> On Tuesday 01 July 2008 11:02:22 Nicole Hähnel wrote: >> >>> Hi, >>> >>> I have to add this rule in fwbuilder: >>> iptables -t mangle -A POSTROUTING -p tcp -m tcp --tcp-flags >>> SYN,RST SYN >>> -j TCPMSS --clamp-mss-to-pmtu >>> >>> How can I add this? >>> >>> Activation Clamp MSS to MTU in firewall settings does not work >>> for us. >>> >>> We are running strongswan vpn on our servers, and strongswan adds >>> for >>> each vpn tunnel >>> a new rule with "iptables -I FORWARD 1", so every new rule pushes >>> the >>> ClampMSS rule down, >>> but this rule has to be on top. >>> >>> Thanks! >>> Nicole >>> >>> -------------------------------------------------------------------- >>> ----- >>> Check out the new SourceForge.net Marketplace. >>> It's the best place to buy or sell services for >>> just about anything Open Source. >>> http://sourceforge.net/services/buy/index.php >>> _______________________________________________ >>> Fwbuilder-discussion mailing list >>> Fwb...@li... >>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >>> >> >> >> >> --------------------------------------------------------------------- >> ---- >> Check out the new SourceForge.net Marketplace. >> It's the best place to buy or sell services for >> just about anything Open Source. >> http://sourceforge.net/services/buy/index.php >> _______________________________________________ >> Fwbuilder-discussion mailing list >> Fwb...@li... >> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >> >> > > > ---------------------------------------------------------------------- > --- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > |
