[Gllug] Re: hello, and a NAT problem
Bruce Richardson
itsbruce at uklinux.net
Mon Mar 8 11:56:34 UTC 2004
On Mon, Mar 08, 2004 at 12:43:38AM +0000, lists wrote:
> Bruce Richardson writes:
> >You shouldn't need to do this with iptables, though. It should really
> >be sorted at the connection level. What hardware/software are you using
> >to connect?
>
> Im using pppoe for the dsl connection, and did see it mentioed here
> http://www.linuxforum.com/linux-ip-masquerade/mtu-issues.html
> that the mtu problem can be resolved by setting
> CLAMPMSS=1412
> in pppoe.conf
>
> Im glad you mentioned this -- I was wondering if this is a better place to
> apply this fix, than in iptables.
It is definitely a better place. Firstly, it's the most appropriate
place: your firewall scripts should not have to be concerned with the
mundane physical details of the connection. Fixing it here means you
only have to fix it once. Secondly, your iptables solution only fixes
it for forwarded, NATted connections, not for any direct connections
made the gateway box.
> Is this the case? Is the 4092 MTU a problem that is unique to dsl?
It's an issue for PPPoE, because the PPP connection requires extra
information that has to be placed into the Ethernet frames (which have a
max mtu of 1500). It isn't an issue for PPPoA, because ATM works quite
differently.
--
Bruce
A problem shared brings the consolation that someone else is now
feeling as miserable as you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20040308/b7325f75/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list