On Fri, Jul 18, 2003 at 10:57:05AM -0400, Michael Glaum wrote:

> I tried several things, e.g. pathMTU, etc but in view of severe time
> constraints I decided to HACK tcp_manip_pkt() in ip_nat_proto_tcp.c
> so that when it does source and destination address translation it also
> drops the MSS on outgoing and incoming packets to be below 1360. This
> appears to work. I didn't even bother to check if the packets had
> tcphdr->syn ==1 set.
> 
> Please advise if there is a more elegant way to do this!

Use the TCPMSS target  (iptables -j TCPMSS -h).

> 								Michael Glaum
> 								KVH Industries

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie