[Openswan Users] "The Internet as a big subnet" issue again
Paul Wouters
paul at xelerance.com
Wed Dec 19 13:59:17 EST 2007
On Wed, 19 Dec 2007, ????? ?????? wrote:
> I managed to fix this by issuing the following on point B:
> iptables -I FORWARD -p tcp -tcp-flags SYN,RST SYN -j TCPMSS -set-mss 1300
> For some reason (may be related only to my iptables commands) this works
> only if it's last in the iptables script.
Probably, you are using more "insert" commands (-I) after this command
in that case, making rhe above iptables entry to not be the first entry.
> I'll have to figure out if it is possible to apply the rule only for
> traffic between 0.0.0.0/0 and 10.1.10.0/24.
Yes, you should be able to add -s and -d options to the above line.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list