|
发表于 2012-1-31 15:01:53
|
显示全部楼层
Post by faint;711405
这个好像在RFC2923里面提到。共享上网的,如果是用iptables的,可以通过设置规则来把MTU值强行减小:
解决的方法是:
1. 让icmp包通过
2. 在中间某个地方修改数据包中的MSS,强制改小.
呵呵,linux的netfilter/iptables中有个TCPMSS target就是专门干这个的.
#man iptables
TCPMSS
This target allows to alter the MSS value of TCP SYN packets, to con-
trol the maximum size for that connection (usually limiting it to your
outgoing interface's MTU minus 40). Of course, it can only be used in
conjunction with -p tcp.
This target is used to overcome criminally braindead ISPs or servers
which block ICMP Fragmentation Needed packets. The symptoms of this
problem are that everything works fine from your Linux firewall/router,
but machines behind it can never exchange large packets:
1) Web browsers connect, then hang with no data received.
2) Small mail works fine, but large emails hang.
3) ssh works fine, but scp hangs after initial handshaking.
Workaround: activate this option and add a rule to your firewall con-
figuration like:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
--set-mss value
Explicitly set MSS option to specified value.
--clamp-mss-to-pmtu
Automatically clamp MSS value to (path_MTU - 40).
These options are mutually exclusive. 我配置一台机器的pptp-vpn并做端口转发遇到mtu问题,在iptables里面设置set-mtu成功了,多谢!! |
|