markp
New Member
One of the benefits (??) of having my Linux server well and truly hacked (r00tkit) was that I had to improve my rather pathetic firewall. In configuring gShield, I noticed a setting which solved a problem I had doing my banking on my windows machine behind the firewall...
I have pppoe set up on the Linux server and run the server as a gateway. I could only do banking from the Linux server itself, not from my windows box on my internal network. It seems a though the problem is that Absa sends large packets with the Don't Fragment bit set; the packets eventually just fall into a PMTUD blackhole. See http://www.faqs.org/rfcs/rfc2923.html
gShield said I'd have to recompile my Linux kernel with a TCP MSS patch, and then set a flag in the gShield config file: I didn't do the recompile, but set the flag and the packets now get through.
Hope this might help someone else out there!
I have pppoe set up on the Linux server and run the server as a gateway. I could only do banking from the Linux server itself, not from my windows box on my internal network. It seems a though the problem is that Absa sends large packets with the Don't Fragment bit set; the packets eventually just fall into a PMTUD blackhole. See http://www.faqs.org/rfcs/rfc2923.html
gShield said I'd have to recompile my Linux kernel with a TCP MSS patch, and then set a flag in the gShield config file: I didn't do the recompile, but set the flag and the packets now get through.
Hope this might help someone else out there!