[Dnsmasq-discuss] Re: using DHCP to set clients' MTU

Peter webwiz at pl.net
Sat Nov 1 00:19:42 GMT 2008

Jan 'RedBully' Seiffert wrote:
> No, this translation is your problem!

Jan you are a genius. I was so busy thinking that the modem was the bees knees I never stopped to ponder that there might be a few more bytes lost in the translation.

The actual rule that debian etch pppoeconf inserts is this:

less /etc/ppp/ip-up.d/0clampmss
# Enable MSS clamping (autogenerated by pppoeconf)

iptables -t mangle -o "$PPP_IFACE" --insert FORWARD 1 -p tcp  \
   --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu

The rule got modified several times according to various folks advice, which is how it ended up with  -mss 1412, as you say clearly in error.  But the fact remains in this case the rule does not work.

Your rule, however, works a treat. 

> And this autotranslation is br0ken (What else to expect from an embedded box).

Yes well it would be interesting to find out more about the mss ,mtu consequences of this particualar "pppoe passthrough" translation. For a start i will try increasing the mss clamp a few bytes at a time and see where it breaks.

These routers have a great reputation, and they certainly arent cheap.
And what other way is there to get dsl (pppoa) into a gateway box?

>  Maybe you want to think about using a Kernel
> very recent. Older kernel not only lowered the mss like "clamp" does, but maybe
> raised the mss (i patch that out of 2.6.23 myself) with the "--set-mss" option,
> newer kernel don't do this (2.6.26 was fine).

Hmm, the testbox kernal seems to be held back at 2.6.18-4-486. Best take a look at that too.

> hmmm, tell me more about it. Half bridged? The Modem always deencapsulte the
> traffic, so needs ppp config and may also screw the mss?

No i never had any mss issues with half bridge, and thats probably because the modem was doing mss clamping itself.

Because we cant use pppoe directly or any kind of full bridged modes, half bridge is a feature of modems here. While my understanding of it is not extensive, basically the modem does the authentication and establishes a ppp link over pppoa to the dslam. Then it runs a dhcp server and issues the public IP to the linux router via dhcp, gives itself the public IP +1, and uses really short lease times in case the link fails. I wrote a half bridge howto FWIW here:


Considering the hack, it can work ok and has on my linux router boxes for a year or so, but on rare occasions it will lose the connection and not reconnect. Something you dont want on a router. At least with pppoe you can reconnect.

Ive written a brief howto for these modems, incorporating your advice, here:


Im will also write to the pppoeconf maintainer.

Thanks again.


More information about the Dnsmasq-discuss mailing list