>>>>> "rm" == Roy Marples <roy%marples.name@localhost> writes: rm> I needed to clamp max-mss in pppoe0 to 1432. It used to be rm> 1452, which I recall was needed for my wireless rm> clients. Probably the extra overhead of IPv6. The PPPoE MTU problem should not exist on IPv6, and at my site where I have <1500 links to the internet I didn't have to change mss-scrubbing smaller for IPv6. It's possible you are creating the PPPoE problem yourself somewhere by blocking ICMPv6 'too-big' packages. You should never find you need the mss scrubbing to reach the Internet period---if you do, you must be blocking too much ICMP on your end. The symptom of needing smaller mss scrubbing is that a few of other people's misconfigured sites on the Internet don't work, just a few not all. I wish you would have a look to your ICMP rules to avoid publishing bad examples which will infect other sites and spread the PPPoE problem. The way it's documented/supposed to work, you must either pass too-big / frag-needed ICMP, *or* use 'keep state' TCP rules which pass that ICMP implicitly. The way it actually works, I'm not so sure.
Description: PGP signature