Score:0

Linux Gateway Policy Routing and TCP MSS Issue(maybe)?

cn flag

I have an Ubuntu 20 machine as an internet gateway with two WANs ens160 and ens192. I switch the default route on the gateway like ip r re 0/0 dev160(or ens192) and the clients on the LAN access the web without any problem. But if I want to let a specific user through the specified WAN, such as

ip ru add from 192.168.3.60 lookup 100
ip r a 0/0 dev ens192 t 100

client 192.168.3.60 has an issue accessing some web resources like images, looks like a TCP MSS problem, but iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o ens192 -j TCPMSS --clamp-mss-to-pmtu can't fix it.

Can anyone offer some help?

A.B avatar
cl flag
A.B
Did you forget to add the gateway (and the route to the gateway) in the default route? You appear to abbreviate everything, fine, but harder to read for us especially if you omit details.
A.B avatar
cl flag
A.B
Also if there's no tunnel, even if this is a PMTU problem, the iptables command won't have any effect: the interfaces have the same mtu (ie: 1500).
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.