diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org> | 2005-12-05 01:22:50 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org> | 2005-12-05 01:22:50 +0000 |
commit | 0b9f98f4fa8b757516b3a165d7a60aaf4f37ded2 (patch) | |
tree | 3d7b5ad1313598273fb715ea0a653d7a585ad830 /extensions | |
parent | ed4ed19b98bc90b23635fd1aa62b9b86e8fc84bc (diff) |
Add note that TCPMSS is only valid in the mangle table (not true today, but maybe someday)
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libipt_TCPMSS.man | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/extensions/libipt_TCPMSS.man b/extensions/libipt_TCPMSS.man index da1bce2..30668b0 100644 --- a/extensions/libipt_TCPMSS.man +++ b/extensions/libipt_TCPMSS.man @@ -3,6 +3,9 @@ the maximum size for that connection (usually limiting it to your outgoing interface's MTU minus 40). Of course, it can only be used in conjunction with .BR "-p tcp" . +It is only valid in the +.BR mangle +table. .br This target is used to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets. The symptoms of this @@ -25,7 +28,7 @@ ssh works fine, but scp hangs after initial handshaking. Workaround: activate this option and add a rule to your firewall configuration like: .nf - iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\ + iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\ -j TCPMSS --clamp-mss-to-pmtu .fi .TP |