# mss setting in iptables, this laptop [solved]

## poly_poly-man

I have a sheevaplug acting as my router - it has a usb network adapter over which I do pppoe (so I have a ppp0 with a public address). Because of this, the mtu needs to be 1492 for internet-bound packets. To avoid having to manually set this on clients, I threw in an iptables TCPMSS rule to set 1452 in iptables. This makes my ps3, n810, and a few linux computers work.

This windows 7 computer displayed all the troubles of incorrect mtu. I manually set the wired mtu down to 1492, and it works great, and left the wireless at 1500 for debugging purposes. WHY is windows 7 having trouble with MTU where other systems on the same network do not?

EDIT: see below, it seems to be this laptop in general, not just win7.

EDIT2: see below - -I makes rules go to the top of the chain in iptables - necessary.

----------

## Jaglover

Dammit, I was just saving money to buy Windows, someone told me it is a leading operating system ... having second thoughts now ... will buy some beer.   :Wink: 

----------

## poly_poly-man

hmm, it's not just windows 7 - sysresccd on the same laptop has the same problems...

I have nforce ethernet and a b43 wireless card - haven't tested the wireless in sysresccd - needs broadcom-wl and the prop firmware. The forcedeth simply will not drop down on MTU, and the same with the wireless in windows.

What could possibly be causing this? Can a network expert tell me what's supposed to happen when the kernel/iptables gets a packet with too large an mss?

----------

## Hu

To restate the problem and ensure I understand it: despite having the TCPMSS target on the Sheevaplug adjusting the value used by all internal machines, the laptop that runs SysRescCD/Windows 7 still exhibits MSS-like failures, but other systems are correctly modified by the Sheevaplug and work?  If you remove the TCPMSS target, do the other internal systems break?  If you set the TCPMSS target to a ridiculously low value, such as 1000, does that make the laptop work?  Have you checked a tcpdump on the internal and external interfaces to see what MSS is being set in each of these cases: Sheeva-outbound of working system, Sheeva-outbound of laptop, actual-sent from working system, and actual-sent from laptop?  If you are willing to share it, a pastebin of a base64-encoded pcap (the raw file, not a Wireshark decoding of it) showing both the internal and external interfaces for those four cases may let us examine the problem in more detail.

----------

## poly_poly-man

Heh, I was actually working on responding to you - I didn't know exactly how to delete iptables rules, so I asked #gentoo-chat... Halcy0n picked up on the fact that I should be using -I, not -A for the TCPMSS rules so that they hit the top of the chain... replacing that made it work!

----------

