* [gentoo-user] How do I change MSS separately from MTU?
@ 2009-01-12 4:38 Walter Dnes
2009-01-14 23:16 ` Mick
0 siblings, 1 reply; 3+ messages in thread
From: Walter Dnes @ 2009-01-12 4:38 UTC (permalink / raw
To: Gentoo Users List
Seeing discussions about best MTU/MSS for MLPPP on my ISP's forum, I
asked about the optimal settings for a standard DSL connection.
Because of the way ATM cells line up, the optimal MSS is 1408. This
would normally imply MTU 1448, because MTU is normally MSS + 40. The
optimal setting is apparently MTU 1492 and MSS 1408. I tried forcing
MSS to 1408 in my routing config (/etc/conf.d/net), but that also
forces the MTU to 1448. Is there a way to do them separately?
The only suggestion I've found via Google is iptables "mangle". Does
it manage to change MSS without changing MTU? If so, what is the
invocation in the "mangle" table?
--
Walter Dnes <waltdnes@waltdnes.org>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] How do I change MSS separately from MTU?
2009-01-12 4:38 Walter Dnes
@ 2009-01-14 23:16 ` Mick
0 siblings, 0 replies; 3+ messages in thread
From: Mick @ 2009-01-14 23:16 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1457 bytes --]
On Monday 12 January 2009, Walter Dnes wrote:
> Seeing discussions about best MTU/MSS for MLPPP on my ISP's forum, I
> asked about the optimal settings for a standard DSL connection.
> Because of the way ATM cells line up, the optimal MSS is 1408. This
> would normally imply MTU 1448, because MTU is normally MSS + 40. The
> optimal setting is apparently MTU 1492 and MSS 1408. I tried forcing
> MSS to 1408 in my routing config (/etc/conf.d/net), but that also
> forces the MTU to 1448. Is there a way to do them separately?
>
> The only suggestion I've found via Google is iptables "mangle". Does
> it manage to change MSS without changing MTU? If so, what is the
> invocation in the "mangle" table?
I think it is in the OUTPUT table that you should insert a rule, but I don't
have time to search for it now. It would probably be something like:
iptables --insert OUTPUT --jump TCPMSS --protocol tcp --set-mss 1408
I think you can also set the advertised (by your machine) MSS for a network
using ip route:
ip route add 192.168.1.0/24 dev eth0 advmss 1408
PS. I am not sure if the above will break your connection because of dropped
packets, or how it will interact with the MTU set at 1492. In my case I have
just set my MTU at 1492 to cater for the PPP authentication on my ISP's ADSL
network. I leave the MSS to be at what the kernel wants it to be - typically
MSS = MTU - 40.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] How do I change MSS separately from MTU?
@ 2009-01-16 18:28 Mick
0 siblings, 0 replies; 3+ messages in thread
From: Mick @ 2009-01-16 18:28 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1769 bytes --]
On Wednesday 14 January 2009, Mick wrote:
> On Monday 12 January 2009, Walter Dnes wrote:
> > The only suggestion I've found via Google is iptables "mangle". Does
> > it manage to change MSS without changing MTU? If so, what is the
> > invocation in the "mangle" table?
> It would probably be something like:
>
> iptables --insert OUTPUT --jump TCPMSS --protocol tcp --set-mss 1408
Oops! I just checked the manual:
===========================================================
TCPMSS
This target allows to alter the MSS value of TCP SYN packets, to control
the maximum size for that connection (usually limiting it to your outgoing
interface's MTU minus 40). Of course, it can only be used in conjunction
with -p tcp. It is only valid in the *mangle* table.
===========================================================
Then the rule can be set as follows:
===========================================================
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --set-mss 1408
===========================================================
If you have forwarding disabled on your box I would try the OUTPUT chain
instead of FORWARD and see what this gets you.
> I think you can also set the advertised (by your machine) MSS for a network
> using ip route:
>
> ip route add 192.168.1.0/24 dev eth0 advmss 1408
>
> PS. I am not sure if the above will break your connection because of
> dropped packets, or how it will interact with the MTU set at 1492. In my
> case I have just set my MTU at 1492 to cater for the PPP authentication on
> my ISP's ADSL network. I leave the MSS to be at what the kernel wants it
> to be - typically MSS = MTU - 40.
Hope this helps.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-01-16 18:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-16 18:28 [gentoo-user] How do I change MSS separately from MTU? Mick
-- strict thread matches above, loose matches on Subject: below --
2009-01-12 4:38 Walter Dnes
2009-01-14 23:16 ` Mick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox