On Sat, 23 Aug 2003, Hugues Belanger wrote:

> I had to stop using m0n0 this week and went back to Bering. I have a few
> commercial  customer's  and decided to try m0no at one of them, to my
> dessapoitment m0n0 didn't not perform well ...! For some strange reason m0n0
> on a adsl +pppoe + MTU = 1492 stopped all internal users to access sites like
> google + apple.com + 3com.com + cnn.com + msn.com to name and few.

What? Tell you what - I have ADSL with PPPoE, too, so I had my fair share
of MTU problems when I started using FreeBSD/ipfilter instead of a ZyXEL
router. If you use PPPoE on m0n0wall's WAN interface, it will
automatically add a "mssclamp 1452" statement to each NAT rule, so the MSS
clamping that all commercial ADSL routers with PPPoE do should be in
effect.

Beware of /cgi-bin/status.cgi - it seems like ipnat -l doesn't display the
mssclamp option correctly on map rules - only on rdr.

I have absolutely and totally no MTU related problems here (stupid PPPoE
bridge mode Ethernet ADSL modem connected to m0n0wall - works great).

Maybe you could give us some more details on your setup, too? We could
also try reducing the mssclamp some more (e.g. to 1414); some people
suggest a lower value (may be needed if your machines use TCP options, I
guess).

P.S. to all of the readers of this list - we know that path MTU discovery
would make the world a better place, but for now we're stuck with MSS
clamping, so no stories about this, please.

- Manuel