Using IPv4 TCPMSS target with IPv6-in-IPv4 - Networking

This is a discussion on Using IPv4 TCPMSS target with IPv6-in-IPv4 - Networking ; I have a braindead ISP that filters some ICMP but doesn't seem to realise it. (Yes, I know, but choices are few. ) With IPv4 I have to use, iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Using IPv4 TCPMSS target with IPv6-in-IPv4

  1. Using IPv4 TCPMSS target with IPv6-in-IPv4

    I have a braindead ISP that filters some ICMP but doesn't seem to
    realise it. (Yes, I know, but choices are few. ) With IPv4 I have to
    use,

    iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

    or large packets don't get through.

    Now I'm playing with IPv6, again small packets get through and large
    packets don't, so I'm guessing that exactly the same problem is
    occurring. Unfortunately, the relevant gateway machines tend to run late
    2.4 kernels, so ip6tables isn't offering a TCPMSS target.

    But, that machine uses IPv6-in-IPv4 anyway (a route for 2000::/3 via
    ::192.88.99.1) so I am wondering: is there some magic that I can use to
    make the IPv6 stuff use the IPv4 TCPMSS target, so I can get sensible
    IPv6 connectivity without having to use a very recent kernel?

    Mark.

    --
    Functional programming vacancy at http://www.aetion.com/

  2. Re: Using IPv4 TCPMSS target with IPv6-in-IPv4

    Hello,

    Mark T.B. Carroll a écrit :
    > I have a braindead ISP that filters some ICMP but doesn't seem to
    > realise it. (Yes, I know, but choices are few. ) With IPv4 I have to
    > use,
    >
    > iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    >
    > or large packets don't get through.
    >
    > Now I'm playing with IPv6, again small packets get through and large
    > packets don't, so I'm guessing that exactly the same problem is
    > occurring. Unfortunately, the relevant gateway machines tend to run late
    > 2.4 kernels, so ip6tables isn't offering a TCPMSS target.


    I have not seen that the latest stable 2.6 kernels and ip6tables offer
    an IPv6 TCPMSS target either.

    > But, that machine uses IPv6-in-IPv4 anyway (a route for 2000::/3 via
    > ::192.88.99.1) so I am wondering: is there some magic that I can use to
    > make the IPv6 stuff use the IPv4 TCPMSS target, so I can get sensible
    > IPv6 connectivity without having to use a very recent kernel?


    All I can suggest is limit the IPv6 MTU or advertised MSS of your
    machines (not only the gateway). It worked for me when I was using PPPoE.

+ Reply to Thread