Very Computer

iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

or large packets don't get through.

Now I'm playing with IPv6, again small packets get through and large
packets don't, so I'm guessing that exactly the same problem is
occurring. Unfortunately, the relevant gateway machines tend to run late
2.4 kernels, so ip6tables isn't offering a TCPMSS target.

But, that machine uses IPv6-in-IPv4 anyway (a route for 2000::/3 via
::192.88.99.1) so I am wondering: is there some magic that I can use to
make the IPv6 stuff use the IPv4 TCPMSS target, so I can get sensible
IPv6 connectivity without having to use a very recent kernel?

Mark.

--
Functional programming vacancy at http://www.aetion.com/

Mark T.B. Carroll a crit :

Quote:> I have a braindead ISP that filters some ICMP but doesn't seem to
> realise it. (Yes, I know, but choices are few. ):) With IPv4 I have to
> use,

> iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

> or large packets don't get through.

> Now I'm playing with IPv6, again small packets get through and large
> packets don't, so I'm guessing that exactly the same problem is
> occurring. Unfortunately, the relevant gateway machines tend to run late
> 2.4 kernels, so ip6tables isn't offering a TCPMSS target.

Quote:> But, that machine uses IPv6-in-IPv4 anyway (a route for 2000::/3 via
> ::192.88.99.1) so I am wondering: is there some magic that I can use to
> make the IPv6 stuff use the IPv4 TCPMSS target, so I can get sensible
> IPv6 connectivity without having to use a very recent kernel?