[lvs-users] another lvs-tun problem with large posts (MTU and fragmentation)

Udo Sauer udo at udosa.com
Thu Apr 17 17:30:46 BST 2008 

Hi Sandy,

thx for quick response. I have fix the problem. The tip was in the first
link of your answer ->> check your firewall !

I have add the IP-Rule that set the mss on the end of my iptable-script.
iptables -A OUTPUT -s VIRTUAL-IP -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN,ACK -j TCPMSS --set-mss 1440

... and here was perhaps the problem with other ip-tables rules before.
After i add the line in the top off my firewall script the problem with
the timeouts by large posts was fixed.

thx to all and regards
udosa munich


Sandy Harris schrieb:
> On Thu, Apr 17, 2008 at 8:36 PM, Udo Sauer <udo at udosa.com> wrote:
>
>   
>>  After i study the LVS-Howto i found the section for MTU and package
>>  fragmentation.
>>     
>
> A fairly simple explanation of pth MTU issues:
> http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/glossary.html#pathMTU
>
> A section of this paper has the best analysis I've seen:
> http://www.av8n.com/security/lisa/
>
>

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list