Re: lug-bg: Проблем с DNS (вероятно)... някои сайтове не се отварят

[Delian Krustev <krustev@xxxxxxxxxxx>]

On Wednesday 05 April 2006 22:23, Alexander N wrote:
> Пробвах доста неща но неще и неще.....
>
> Можеби има нещо във firewall-a, но немога да разбера
> каква е логиката някои сайтове да не се зареждат .....

   TCPMSS
       This target allows to alter the MSS value of TCP  SYN  packets,
       to control the maximum size for that connection (usually limit-
       ing it to your outgoing interface's MTU minus 40).  Of  course,
       it can only be used in conjunction with -p tcp.
       This  target  is  used to overcome criminally braindead ISPs or
       servers which block ICMP  Fragmentation  Needed  packets.   The
       symptoms  of  this  problem are that everything works fine from
       your Linux firewall/router, but machines behind  it  can  never
       exchange large packets:
        1) Web browsers connect, then hang with no data received.
        2) Small mail works fine, but large emails hang.
        3) ssh works fine, but scp hangs after initial handshaking.
       Workaround:  activate  this  option  and  add  a  rule  to your
       firewall configuration like:
        iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
                    -j TCPMSS --clamp-mss-to-pmtu

       --set-mss value
              Explicitly set MSS option to specified value.

       --clamp-mss-to-pmtu
              Automatically clamp MSS value to (path_MTU - 40).

       These options are mutually exclusive.