История изменений
Исправление
sdio,
(текущая версия)
:
man iptables
This target is used to overcome criminally braindead ISPs or servers
which block "ICMP Fragmentation Needed" or "ICMPv6 Packet Too Big"
packets.
The symptoms of this problem are that everything works fine
from your Linux firewall/router, but machines behind it can never
exchange large packets:
1. Web browsers connect, then hang with no data received.
2. Small mail works fine, but large emails hang.
3. ssh works fine, but scp hangs after initial handshaking.
Workaround: activate this option and add a rule to your firewall con‐
figuration like:
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN
-j TCPMSS --clamp-mss-to-pmtu
Исходная версия
sdio,
:
man iptables
The symptoms of this problem are that everything works fine
from your Linux firewall/router, but machines behind it can never
exchange large packets:
1. Web browsers connect, then hang with no data received.
2. Small mail works fine, but large emails hang.
3. ssh works fine, but scp hangs after initial handshaking.
Workaround: activate this option and add a rule to your firewall con‐
figuration like:
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN
-j TCPMSS --clamp-mss-to-pmtu