Was: dsl masquerading over linux 2.4.0-test[78]pre... FTP is still no-go

To:	Marc Boucher <marc@xxxxxxx>
Subject:	Was: dsl masquerading over linux 2.4.0-test[78]pre... FTP is still no-go
From:	Hartwig Felger <hgfelger@xxxxxxxxxxx>
Date:	Sat, 30 Sep 2000 17:19:58 +0200 (CEST)
Cc:	Rusty Russell <rusty@xxxxxxxxxxxxxxxx>, netfilter-devel@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<200009120327.e8C3RVg06232@opium.mbsi.ca>
Reply-to:	hgfelger@xxxxxxxxxxx
Sender:	owner-netdev@xxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Salut folks,
thanks for the TCP-MSS patch- /suppoert in iptables; it works nice with
http for me. I use the --clamp-mss-to-pmtu option. But now I found, that
ftp is still not working. I tryed it with ISDN and it worked. So it seems
to be something like the previous problem, we dicussed early september. As
I do not understand TCP's deeper sekrets, I need the help from you friends
;-)

Thanks for suggestion - you happy tester...
hartwig 

On Mon, 11 Sep 2000, Marc Boucher wrote:
> Hi Rusty,
> > In message <200009071814.e87IEfA06978@xxxxxxxxxxxxx> you write:
> > > Rusty, what would you think of adding the missing hooks to the 'mangle'
> > > table; extending its purpose to general packet alteration, not just
> > > changing stuff that influences routing?
> > 
> > Yes; this would be a win.  Since it's generally a network hackers toy,
> > we should make it less restrictive.  But the code freeze means it will
> > remain a separate patch until 2.4.1 at least.
> 
> IMHO such a straightforward/low-risk change should go in right away.
> 
> Why not look at it as a "design bug-fix" rather than a feature addition?
> :-)
> 
> > Now: what priority should it be?  Does it matter?
> 
> You mean hook priority? I don't think it really matters in this case.
> 
> > > I am also considering implementing a --clamp-mss-to-mtu option to the
> > 
> > This would be excellent; even better to use the path mtu, so if
> > someone else has a lower MTU (causing the first TCP connection to
> > stall), the second one might succeed.
> 
> Ok, support for --clamp-mss-to-pmtu option has been implemented and
> checked-in; please review code changes.
> 
> Recommended usage is now:
> 
> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
> --clamp-mss-to-pmtu
> 
> [but wouldn't it be neater with "-t mangle" ? :-)] 
> 
> Cheers,
> Marc

- - -- 
1024D/339FD693 Hartwig Felger <hgfelger@xxxxxxxxxxx>
Key fingerprint = FB2F 3EE9 345A D55B 6FF2  0EC1 F5B0 684F 339F D693
For the pulic keys, please visit my page.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE51gSj9bBoTzOf1pMRAvxsAKDhVu5lknawb2qkjp9bBabpphqpTwCePM85
ivhpaKo3++S0SKa9z+MUMrI=
=6kl+
-----END PGP SIGNATURE-----

<Prev in Thread]	Current Thread	[Next in Thread>
dsl masquerading over linux 2.4.0-test[78]pre..., Hartwig Felger Re: dsl masquerading over linux 2.4.0-test[78]pre..., jamal Re: dsl masquerading over linux 2.4.0-test[78]pre..., Marc Boucher Re: dsl masquerading over linux 2.4.0-test[78]pre..., Marc Boucher Re: dsl masquerading over linux 2.4.0-test[78]pre..., Hartwig Felger Re: dsl masquerading over linux 2.4.0-test[78]pre..., Rusty Russell Re: dsl masquerading over linux 2.4.0-test[78]pre..., Marc Boucher Was: dsl masquerading over linux 2.4.0-test[78]pre... FTP is still no-go, Hartwig Felger <=

Previous by Date:	Re: 6to4 support, leitner
Previous by Thread:	Re: dsl masquerading over linux 2.4.0-test[78]pre..., Marc Boucher
Next by Thread:	IPv6 Router Alert in Linux 2.2.x, Daniel Elphick
Indexes:	[Date] [Thread] [Top] [All Lists]