[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Hugues Belanger <hbelanger at 701 dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] MTU & DSL problem
 Date:  Sun, 24 Aug 2003 10:20:58 +0200 (CEST)
On Sat, 23 Aug 2003, Hugues Belanger wrote:

> I had to stop using m0n0 this week and went back to Bering. I have a few
> commercial  customer's  and decided to try m0no at one of them, to my
> dessapoitment m0n0 didn't not perform well ...! For some strange reason m0n0
> on a adsl +pppoe + MTU = 1492 stopped all internal users to access sites like
> google + apple.com + 3com.com + cnn.com + msn.com to name and few.

What? Tell you what - I have ADSL with PPPoE, too, so I had my fair share
of MTU problems when I started using FreeBSD/ipfilter instead of a ZyXEL
router. If you use PPPoE on m0n0wall's WAN interface, it will
automatically add a "mssclamp 1452" statement to each NAT rule, so the MSS
clamping that all commercial ADSL routers with PPPoE do should be in

Beware of /cgi-bin/status.cgi - it seems like ipnat -l doesn't display the
mssclamp option correctly on map rules - only on rdr.

I have absolutely and totally no MTU related problems here (stupid PPPoE
bridge mode Ethernet ADSL modem connected to m0n0wall - works great).

Maybe you could give us some more details on your setup, too? We could
also try reducing the mssclamp some more (e.g. to 1414); some people
suggest a lower value (may be needed if your machines use TCP options, I

P.S. to all of the readers of this list - we know that path MTU discovery
would make the world a better place, but for now we're stuck with MSS
clamping, so no stories about this, please.

- Manuel