Hi,

using a setup like this

	ADSL Bridge <-> NetBSD Router <-> LAN
		      pppoe0

LAN clients were not able to connect to various sites until I enabled
MSS-clamping on the NetBSD router using ipnat. Because the router does
not do NAT (all LAN hosts have public IP addresses) , I added the
following rule:

	map pppoe0 0/0 -> 0/0 mssclamp 1440

This worked fine, clients were suddenly able to connect to all sites.
But at the same time incoming connections to the LAN mailservers were
blocked (I did not change ipfilter configuration):

	ipmon[139]: 00:12:01.037298 pppoe0 @100:6 b x,63716 -> y,25 \
	    PR tcp len 20 52 -A IN NAT 
	ipmon[139]: 00:12:04.029623 pppoe0 @100:6 b x,63716 -> y,25 \
	    PR tcp len 20 52 -A IN NAT 

Substituting `map-block' for `map' seems to fix this problem; however
I don't know why...

What is the correct solution to this problem, i.e. how do I enable
MSS-clamping on a router which is not doing NAT?


TIA, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~