Having thought I'd cracked the MTU/MSS issues in my previous post, it turns out that I've been missing a lot of emails. I've now implemented the following IPTABLES rule and I have received an influx of emails from sites from which I haven't received emails in a good number of months:
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
This clamps the maximum segment size to the MTU of the connection. Perhaps the cause of the previous command not working properly was invalid values. However, I'm not particularly interested in modifying the old command when this one seems to work perfectly.
| ShALLaX on August 29 2011 11:41:37