[7.504] MTU/MSS problems

Hi,
using the red i encountered some MTU/MSS problems.

as i discovered my maximum Usable MTU size at the moment is 1472 Trough the RED (whitch is normal ) but mtu path discovery seems to fail. currently i have some problems reaching several sites.

i found that i could solve the problem by changing the MSS size field on forwarded traffic.

to change the MSS i use this command:
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

what is the expected behavior ? because i think some other customers will have problems with this.

Parents

0 BertJanssen over 14 years ago

ok, i have the rules but i will do a reboot ASAP to check without me messing with it.

there is one thing that could be different, i currently do VLAN tagging and the problem is happening on a vlan, could it be that the standard rules are not matching the vlan traffic, because of the physdev-in/out option.

-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m physdev --physdev-out reds1 -j TCPMSS --set-mss 1300
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m physdev --physdev-in reds1 -j TCPMSS --set-mss 1300
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 BertJanssen over 14 years ago

ok, i have the rules but i will do a reboot ASAP to check without me messing with it.

there is one thing that could be different, i currently do VLAN tagging and the problem is happening on a vlan, could it be that the standard rules are not matching the vlan traffic, because of the physdev-in/out option.

-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m physdev --physdev-out reds1 -j TCPMSS --set-mss 1300
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m physdev --physdev-in reds1 -j TCPMSS --set-mss 1300
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data