In <m1CxYca-0024g3C@building.weird.com>, Greg A. Woods <woods@weird.com> wrote:
>One of the suggested work-arounds for this aspect of the issue is MSS
>clamping to reduce the size of bulk traffic packets (ATM uses very small
>packets for this very same reason).  I thought I might try IPF's
>"mssclamp" feature, but it only works when the connections are NATed
>and I can't seem to find any way to set up a transparent NAT that
>doesn't actually translate anything.

This is actually very easy.  Simply use 0/0 for both internal and
external addresses.  From my ipnat.conf, with gre0 the external
interface in my case:

# To make packets over the tunnel keep under the right size
map gre0 0/0 -> 0/0 mssclamp 1280

(If you're then running this traffic through IPSEC, you'll need to do
a little tweak to sys/netinet/ip_output.c to make the PFIL_HOOKS
processing occur before IPSEC, but if you're not using IPSEC, a stock
kernel will work fine.)

jdarrow

-- 
John Darrow - Senior Technical Specialist
Computing Services, Wheaton College, Wheaton, IL 60187
Email: John.P.Darrow@wheaton.edu (plain text please, no HTML or proprietary)
Neither spammers nor cold-callers will ever get my business, so don't bother.