[ previous ] [ next ] [ threads ]
 From:  "Arnold Cavazos Jr." <abcjr at abcjr dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  MTU/MSS and PPPoE
 Date:  Fri, 27 Feb 2004 10:10:08 -0600
I am migrating a PPPoE implementation from plain vanilla FreeBSD 4.9 to 
m0n0wall.  I am used to the FreeBSD userland PPP doing MSS Clamping 
without me asking it to.  Self admittedly there is no firewall on the 
FreeBSD implementation, so I am in new territory with that aspect of the 

From the man page of PPP (8):

    Default: Enabled.  This option tells ppp to adjust TCP SYN pack-
    ets so that the maximum receive segment size is not greater than
    the amount allowed by the interface MTU.

I have tried putting several values (<empty>, 1492, 1480) into the MTU
field on the interfaces_wan.php page, but tethereal is showing that
there really is no effect.

Userland PPP on FreeBSD 4.9:
81.501176 Outside Host -> Inside Host TCP 1961 > ssh [SYN] Seq=0 Ack=0 Win=57344 Len=0 MSS=1452 WS=0
TSV=20606617 TSER=0

mpd on m0n0wall:
 5.559823 Outside Host -> Inside Host TCP 1985 > ssh [SYN] Seq=0 Ack=0 Win=57344 Len=0 MSS=1460 WS=0
TSV=21025094 TSER=0

What ultimately happens with m0n0wall in the way is that I am able to
establish a ssh session, but as soon as the "Inside Host" sends a 'full
packet' (1500 bytes), the session dies, because the packet is 8 bytes
too big, can't go through the PPPoE interface.  An artifact of this is 
that the state table for this session get's cleared as well and then 
"Inside Host" keeps trying to send this packet and m0m0wall begins to 
block it (although it would never pass anyways).

Now I can set the MTU of the ethernet Interface of 'Inside Host' to 1492
and then things work fine.  That is one way to be done and have it fixed
for good, but I would much rather figure out what I am doing, or have
done wrong.

Any ideas?

Arnold Cavazos, Jr.		abcjr at abcjr . net