MTU problem - linux + windows|
Arik Baratz <arikb,AT,vidius,DOT,co,DOT,il>|
Tue, 12 Feb 2002 21:56:35 +0100|
Setting up cipe-1.5.2/linux-2.4.3 and cipe-w32-2.0-pre9/win2k has been a
once I figured out that the local PTP address has to be set from the network
control panel applet and not the cipe applet. The service doesn\'t start
automatically (yes, it is set up to start automatically in the services
but for my application it is unecessary.
However, I am having trouble with the ol\' MTU issue.
For some reason, no matter how I set the MTU on the cipe interface on the
side, I still get back packets from a TCP connection that are 1446 bytes long,
with the DF flag on. These are dropped by cipe.
When I set up ADSL sharing I\'ve used the netfilter magic mss clamp:
iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
but it doesn\'t seem like it\'s doing anything usefull to my TCP connections.
When the connection is established, the cipe interface on the linux side
SYN request with mss 1446, which is transmitted verbatim. The reply ack has
of 1460 and is converted to 1402 when sent on the cipe interface.
Has anyone else come across this problem? I have been through the archives
can\'t really make it out.
My network config:
win2k ----- linux ----- nat/firewall/router
real 10.2.0.2 10.2.0.1
ptp 10.3.0.1 10.3.1.1
the default route for the win2k machine is 10.3.1.1, and there is routing set
on the firewall so that it routes packets to the 10.3 network to the linux
4 Hamelacha St.
Tel: +972 (9) 743-9250 ext. 214
Fax: +972 (9) 743-9251
Cell: +972 (52) 354 959
eFax: +1 (978) 926-8913
ICQ: 210 8214
Privileged and / or confidential Information may be contained in this
You may not copy or deliver this message to anyone without my consent.
If you are not the addressee indicated in this message, or you feel that this
message is not intended for you, Please destroy this message and kindly notify
the sender by replying to this electronic mail.
Please advise immediately if you or your employer do not agree to the use of
Internet email for messages of this kind.
Opinions, conclusions and other information in this message that do not relate
to the official business of Vidius shall be understood as neither given nor
endorsed by it.