[Openswan Users] Problems with RDP over IpSec

MarekGreško gresko at thr.sk
Thu Apr 6 11:19:57 CEST 2006


Dňa Št 6. Apríl 2006 03:19 Andy napísal:
>   iptables -A FORWARD -s <IP1> -d <IP2> -p tcp \
>        -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1360

Maybe good practice is to put this

iptables -A FORWARD -p icmp --icmp-type 3 -j ACCEPT

at the beginning of the forward table, because

iptables -A FORWARD -m state --state INVALID -j DROP

will drop frag needed icmp responses.

M.

-- 
Marek Greško


More information about the Users mailing list