Re: [Fwbuilder-discussion] Clamp MSS to MTU
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] Clamp MSS to MTU
|
From: Nicole H. <nic...@gm...> - 2008-07-03 13:19:04
|
Ok, I activated Clamp MSS to MTU in fwbuilder. If I look into the compiled rules, i see: IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu This is not mangle table?! I'm running fwbuilder 2.1.19. Nicole Vadim Kurland ✎ schrieb: > > On Jul 3, 2008, at 4:31 AM, Nicole Hähnel wrote: > >> Hi, >> >> I have written that this does not work for us!? >> Strongswan makes it impossible to use the automatic generated rule. >> >> > > > if strongswan adds new rules with "iptables -I FORWARD 1", then these > rules go into the filter table and do not change order of rules in the > mangle table. On the other hand if strongswan adds any rules to the > mangle table using "-I", then of course order will change. I > downloaded strongswan 4.2.4 and inspected script updown that updates > iptables rules when vpn tunnel is established or disconnected. It does > not look like they do anything with mangle table, all rules they add > go into the filter table. > > --vk > > > >> Nicole >> >> >> Alexander Runge schrieb: >>> Right click on your firewall object -> Edit -> Firewall Settings >>> check: CLAMP MSS to MTU >>> >>> >>> Hth, Alex! >>> >>> On Tuesday 01 July 2008 11:02:22 Nicole Hähnel wrote: >>> >>>> Hi, >>>> >>>> I have to add this rule in fwbuilder: >>>> iptables -t mangle -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST >>>> SYN >>>> -j TCPMSS --clamp-mss-to-pmtu >>>> >>>> How can I add this? >>>> >>>> Activation Clamp MSS to MTU in firewall settings does not work for us. >>>> >>>> We are running strongswan vpn on our servers, and strongswan adds for >>>> each vpn tunnel >>>> a new rule with "iptables -I FORWARD 1", so every new rule pushes the >>>> ClampMSS rule down, >>>> but this rule has to be on top. >>>> >>>> Thanks! >>>> Nicole >>>> >>>> ------------------------------------------------------------------------- >>>> >>>> Check out the new SourceForge.net Marketplace. >>>> It's the best place to buy or sell services for >>>> just about anything Open Source. >>>> http://sourceforge.net/services/buy/index.php >>>> _______________________________________________ >>>> Fwbuilder-discussion mailing list >>>> Fwb...@li... >>>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >>>> >>> >>> >>> >>> ------------------------------------------------------------------------- >>> >>> Check out the new SourceForge.net Marketplace. >>> It's the best place to buy or sell services for >>> just about anything Open Source. >>> http://sourceforge.net/services/buy/index.php >>> _______________________________________________ >>> Fwbuilder-discussion mailing list >>> Fwb...@li... >>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >>> >>> >> >> >> ------------------------------------------------------------------------- >> >> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >> Studies have shown that voting for your favorite open source project, >> along with a healthy diet, reduces your potential for chronic lameness >> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >> _______________________________________________ >> Fwbuilder-discussion mailing list >> Fwb...@li... >> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >> > |
