I have small fast network seeing Internet through masquerading firewall (i
have only one IP address...)
I have a problem - I could not have normal telnet connection from inside
machines to outside.
Telnet from firewall works normally.
From other machines connections were established, but after some time data
stops and then nothing...
I found that MSS of internal-sourced connection is greater then MTU of outer
MTU on internal net - 1500
MTU on external inteface (modem) - 296
MSS of telnet connection from firewall - 256
MSS of telnet connection from internal machine - 1440 (and it is right,
because internal machine does not know about masquerading)
Linux firewall just copies the MSS of connection to outside, thus breaking
the RFC rules.
Decreasing MTU on internal net fixes the problem, but I DON'T WANT MTU=296
ON 100 Mbit LAN!
Exloring the ip_masq.c showed the worst - it corrects nothing.
Maybe somebody give me another solution? Or it is needed to be fixed in