[LUGOS] DHCP server in MTU

Luka Marinko union at stvor.net
Mon Apr 11 14:00:40 CEST 2005 

b at aufbix.org wrote:
> Quoting Matija Grabnar <matija.grabnar at arnes.si>:
> 
> 
>>On Sat, Apr 09, 2005 at 08:17:42PM +0200, Iztok Kham wrote:
>>
>>>Mi morda lahko kdo pove, ali se da nastaviti pri DHCP3 stre?miku kak?en
>>>parameter, ki pove klientom, kak?en MTU morajo nastaviti?
>>
>>man dhcp-options:
>>      option interface-mtu uint16;
>>
>>         This option specifies the MTU to use on this interface.   The  mini-
>>         mum legal value for the MTU is 68.
> 
> 
> Super, ampak a to dejansko deluje (na windows/linux/osx/pasekaj)? DHCP
> parametrov je malo morje, je pa vprasanje, koliko jih DHCP clienti res
> upostevajo...
> 
> Sicer pa je resitev verjetno lahko tudi tole (na routerju, ce je Linux):
> 
>    TCPMSS
>        This target allows to alter the MSS value of TCP SYN packets, to control
> the maximum size for that connection (usually limiting it to your  outgo-
>        ing interface's MTU minus 40).  Of course, it can only be used in
> conjunction with -p tcp.
>        This  target is used to overcome criminally braindead ISPs or servers
> which block ICMP Fragmentation Needed packets.  The symptoms of this problem
>        are that everything works fine from your Linux firewall/router, but
> machines behind it can never exchange large packets:
>         1) Web browsers connect, then hang with no data received.
>         2) Small mail works fine, but large emails hang.
>         3) ssh works fine, but scp hangs after initial handshaking.
>        Workaround: activate this option and add a rule to your firewall
> configuration like:
>         iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
>                     -j TCPMSS --clamp-mss-to-pmtu
> 
>        --set-mss value
>               Explicitly set MSS option to specified value.
> 
>        --clamp-mss-to-pmtu
>               Automatically clamp MSS value to (path_MTU - 40).
> 

Odvisno kaj hoces naredit. Ce hoces zmansat mtu potem bi tole delovalo 
ce ga pa hoces povisat pa dejansko ne bos nc s tem naredu, saj bodo 
winsi se vedno posiljal manse pakete edin ruter bo v packet hederju 
povecal mtu.

Sicer se sam s tem nism ikol se igral, apak obstajajo neki serverji v 
okviru windows domen ki znajo pusnt upgrejde med drugim tudi regitryu 
edite.  Posisc mal po msdnju  (Remoter software instalation, installing 
software on multiple machines ...).  Naceloma kaj pol nardis je poisces 
kje v registru je to in potem to spremenjeno pusnes na vse masine, prek 
domene.


LP
Luka

More information about the lugos-list mailing list