Developing lightweight computation at the DSG edge

Commit fda7e957 authored by p4u's avatar p4u
Browse files

iptables rules modified to solve clamp-pmtu problem

parent d1e6e98e
......@@ -4,5 +4,5 @@ if cat /etc/firewall.user | grep -e "^# Clamp MSS TCP rule to fix MTU problems";
cat << EOF >> /etc/firewall.user
# Clamp MSS TCP rule to fix MTU problems
iptables -A FORWARD -p tcp -i br-lan ! -d 10.0.0.0/8 -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -p tcp -o bmx6_+ -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
EOF
#!/bin/sh
if cat /etc/firewall.user | grep -e "^# QMP Masquerade options"; then exit 0; fi
cat << QMP >> /etc/firewall.user
# QMP Masquerade options
iptables -t nat -A POSTROUTING -s 172.16.0.0/12 ! -d 172.16.0.0/12 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j MASQUERADE
QMP
#!/bin/sh
cat << QMP >> /etc/firewall.user
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 10.0.0.0/8 -j RETURN
iptables -t nat -A POSTROUTING -j MASQUERADE
QMP
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment