|
Salü Per,
Long time no talk.
After many attempts, lots of research, wielding a magic wand and
uttering the odd curse, I ended up with the following iptables setup
on each of my real servers:
iptables -I OUTPUT -p tcp --tcp-flags SYN,RST,ACK SYN,ACK -j TCPMSS
--clamp-mss-to-pmtu
All,
is there any possibility, even the slightest, that the change above
could cause corruption in emails (with e.g. Word or PDF attachments) ?
Yes, there's always a chance. You check for SYN/ACK flags and clamp mss
there, probably killing fragmented packets (which could be generated
with such things like Word or PDF attachments). I would need to take a
deeper look at what you've created this time :).
After introducing the above on our mail-servers last night, I got a call
from a customer saying that several end-users had complained about
corrupted documents etc. I know it seems unlikely, but just in
case ...
The customer is always wrong! Is there a possibility that you do not fix
this using iptables but by adjusting the route mtu? Could you show us
the output of:
ip -o -s -s route show cache
or at least the relevant part involving the Word documents and LVS?
Cheers,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
|
