search for: tcpmss

...ered right now... > Could you suggest me something to restrict the problem? > Currently, I think the problem can be: > > 1) on Asterisk > 2) on my Gateway/Firewall A couple of years ago I added this entry in my firewall: /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu since I had the problem downloading data from an Internet site using my tablet. I found this site explaining that: https://lartc.org/howto/lartc.cookbook.mtu-mss.html I really forgot this entry, but now I checked all entries in my Firewall, and I see it, with my remar...

current content below is annotated by some suggestions of things to add along with questions for those who know more than I do [in brackets] ================ # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu This calculates the proper MSS for your link. [If I understand the code correctly ... - expert intervention invited] More precisely, this sets the MSS option to the MTU of the outgoing link for this packet (so it must have already been routed) minus the minimal size of a T...

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4

...suggest me something to restrict the problem? >> Currently, I think the problem can be: >> >> 1) on Asterisk >> 2) on my Gateway/Firewall > > A couple of years ago I added this entry in my firewall: > > /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS  > --clamp-mss-to-pmtu > > since I had the problem downloading data from an Internet site using > my tablet. > I found this site explaining that: > >    https://lartc.org/howto/lartc.cookbook.mtu-mss.html > > I really forgot this entry, but now I checked all entries in...

Dear all, I found this command in the HOWTO: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 It resolve (almost) all my problems with the voip traffic on my linux-based router. The question is: What does it make exactly? It is safe to use it? Thanks for your attention, Luca Andreani _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a....

...suggest me something to restrict the problem? >> Currently, I think the problem can be: >> >> 1) on Asterisk >> 2) on my Gateway/Firewall > > A couple of years ago I added this entry in my firewall: > > /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > > since I had the problem downloading data from an Internet site using my > tablet. > I found this site explaining that: > > https://lartc.org/howto/lartc.cookbook.mtu-mss.html > > I really forgot this entry, but now I checked all entries in my...

just to verify basic facts: Did you cross check vie network sniff, on which SMB protocol versions Server + Win 7 clients agree ? Or did you pin down via registry ? AFAIK only starting with win 8 or win 10 clients you could ask with powershell, which protocol version is in use. Did you also cross check samba logs for a name resolution issue ( windows names, not DNS) if one of your boxes is an

What for OS is the server and windows clients? The VPN tunnel, are you lowering MTU sizes? Something like: -A FORWARD -m policy --pol ipsec --dir in -s 192.168.0.0/24 -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360 On the client PC's, have you checkout the windows firewall and are you allowing the remote subnets. The samba server on the remote site, check if replicatiosn is correct. Are the "remote" zones in the AD-DC's DNS configured? Try addi...

...- anywhere 10.0.0.0/16 state RELATED,ESTABLISHED ACCEPT tcp -- anywhere 10.0.2.4 tcp dpt:http-alt ACCEPT tcp -- anywhere 10.0.2.4 tcp dpt:1883 ACCEPT tcp -- anywhere 10.0.2.4 tcp dpt:1883 TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain OUTPUT (policy ACCEPT) target prot opt source destination Output of ifconfig: br0 Link encap:Ethernet HWaddr 00:1a:64:c1:31:2e inet addr:10.1.3.33 Bcast:10.1...

Am 22.06.2020 um 17:41 schrieb Marek Greško: Hi > try pinging your sip peer ip address following way: > > ping -n -M do -s 1300 -i 0.1 -c 100 ${ipaddress} > > Post several lines and the statistics. root at bpi:/etc/asterisk# ping -n -M do -s 1300 -i 0.1 -c 100 tel.t-online.de PING tel.t-online.de (217.0.128.133) 1300(1328) bytes of data. 1308 bytes from 217.0.128.133:

...erated by iptables-save v1.4.12 on Wed Apr 30 08:32:15 2014 *mangle :PREROUTING ACCEPT [120268:39582217] :INPUT ACCEPT [97074:20313634] :FORWARD ACCEPT [23188:19268180] :OUTPUT ACCEPT [78654:99152988] :POSTROUTING ACCEPT [102502:118656625] -A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu COMMIT # Completed on Wed Apr 30 08:32:15 2014 # Generated by iptables-save v1.4.12 on Wed Apr 30 08:32:15 2014 *nat :PREROUTING ACCEPT [1969:200322] :INPUT ACCEPT [1521:108728] :OUTPUT ACCEPT [3534:337479] :POSTROUTING ACCEPT [1075:141120] :UPNP - [0:...

...to be able to also access the VPN from my VMware virtual machine, so I followed the instructions found here: <URL:http://pptpclient.sourceforge.net/routing.phtml#lan-to-lan> to set up the routing, including doing "iptables --append FORWARD - --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS - --clamp-mss-to-pmtu" to ensure that the MTU would be reduced for the traffic from my XP machine as well as the traffic from my Linux box. Note that I have only one public IP address, the Linux box -- the VMware virtual machine is on a private subnet and the Linux box does routing and masque...

Hello Tom, now here''s my dump file as .zip attachment, but named .txt, because the list-server rejected the .zip, then my second try (uncompressed) was rejected because of the size. What I was doing is connecting from remote side of an ipsec tunnel (behind gw 212.168.178.226), from a windows machine with 192.168.246.20 to the firewall-system (remote ip 217.19.188.182 / internal ip is

...gt; one of the  virtual machine is the samba VM connected via VPN > Looking to the cpu usage of this VM ist nearly zero during downloads. Did you tweak your MTU sizes? With things like : iptables -A PREROUTING --match policy --pol ipsec --dir in -i eth+ -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360 Maybe disable Path MTU discovery to prevent packet fragmentation problems. Helps alo ( net/ipv4/ip_no_pmtu_disc=1 ) Last, login on the proxymod monitor IRQ use, if you have extra cards in the server, you might have one the using a "shared IRQ"...

...zes are handled by the firewall? > This is to prevent IP packet fragmentation, so IPTables is > set to reduce the size of packets by adjusting the packets' > maximum segment size. > Something like this: iptables -A PREROUTING -i ethX -p tcp -m > tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j > TCPMSS --set-mss 1360 > > Greetz, > > Louis > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >

...like that. Are the MTU sizes are handled by the firewall? This is to prevent IP packet fragmentation, so IPTables is set to reduce the size of packets by adjusting the packets' maximum segment size. Something like this: iptables -A PREROUTING -i ethX -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360 Greetz, Louis

...:3295400546 (3142.7 Mb) TX bytes:2326957224 (2219.1 Mb) gateway root # iptables -L FORWARD Chain FORWARD (policy DROP) target prot opt source destination accounting all -- anywhere anywhere DROP !icmp -- anywhere anywhere state INVALID TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ppp0_fwd all -- anywhere anywhere eth0_fwd all -- anywhere anywhere Reject all -- anywhere anywhere reject all -- anywhere anywhere g...

...ual machine is the samba VM connected via VPN >> Looking to the cpu usage of this VM ist nearly zero during downloads. > Did you tweak your MTU sizes? No > With things like : > iptables -A PREROUTING --match policy --pol ipsec --dir in -i eth+ -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360 > Maybe disable Path MTU discovery to prevent packet fragmentation problems. Helps alo ( net/ipv4/ip_no_pmtu_disc=1 ) > > Last, login on the proxymod monitor IRQ use, if you have extra cards in the server it is a virtual machine on a proxmox root...

...ewall.conf # MSS CLAMPING # # Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU" # option. This option is most commonly required when your internet # interface is some variant of PPP (PPTP or PPPoE). Your kernel must # have CONFIG_IP_NF_TARGET_TCPMSS set. # # [From the kernel help: # # This option adds a `TCPMSS'' target, which allows you to alter the # MSS value of TCP SYN packets, to control the maximum size for that # connection (usually limiting it to your outgoing interface''s MTU # minus 40). # # This is use...

...ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/iptables/downloads.html ftp://ftp.netfilter.org/pub/iptables/ Have fun! -------------- next part -------------- Aastha Gupta (2): iptables-translate: add test file for TCPMSS extension iptables: iptables-compat translation for TCPMSS Ahmed Abdelsalam (1): extensions: add support for 'srh' match Arushi Singhal (1): iptables: extensions: Remove typedef in struct. Baruch Siach (1): utils: nfsynproxy: fix build with musl libc Dan Williams...