"TCPMSS" target support

modulename: xt_TCPMSS.ko


Linux Kernel Configuration
└─>Networking support
└─>Networking options
└─>Network packet filtering framework (Netfilter)
└─>Core Netfilter Configuration
└─>The IPv6 protocol
└─>The IPv6 protocol
└─>"TCPMSS" target support
In linux kernel since version 2.6.21 (release Date: 2007-04-25)  
This option adds a `TCPMSS' target, which allows you to alter the
MSS value of TCP SYN packets, to control the maximum size for that
connection (usually limiting it to your outgoing interface's MTU
minus 40).

This is used to overcome criminally braindead ISPs or servers which
block ICMP Fragmentation Needed packets. The symptoms of this
problem are that everything works fine from your Linux
firewall/router, but machines behind it can never exchange large
1) Web browsers connect, then hang with no data received.
2) Small mail works fine, but large emails hang.
3) ssh works fine, but scp hangs after initial handshaking.

Workaround: activate this option and add a rule to your firewall
configuration like:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu

To compile it as a module, choose M here. If unsure, say N.

source code: