Hi,

Normally you would see ICMP "message too big" errors on the network. Sometimes those ICMP messages get blocked on a firewall and fail to reach their destination. Make sure that RELATED connections are allowed by any stateful firewalls in the network.

I know TCP MSS can be set per route, but I usually stick to TCP MSS clamping via netfilter. https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html gives a good example, but use POSTROUTING instead of FORWARDING when using those rules on the endpoints. If all else fails, the --set-mss option can be used to test even lower values and stick a hard coded value on it to validate your assumptions.

Kind regards,

Erwin

On Tue, Nov 29, 2022 at 1:47 AM L A Walsh <suse@tlinx.org> wrote:

I use a 9k mtu on my 10gb network @ home -- only exists between my
desktop & my server where it can be worthwhile.

Bridged to that NW is a 1gb, 1.5k mtu network use for my home IOT
(Internet of Things) This works for administrative traffic, for the most
part, but in gaining
some new 'things', some wish to talk to a media/file server on the
higher BW net.

Someone referred me to possibly using tcp mss clamping, though they were
using
it in the context of a VPN tunnel which I'm not using.

I'm wondering if it is
as simple as installing routes with mtu clamping so hosts
wanting(needing) to goto
a smaller mtu would take the appropriate network and talk with smaller
packets.
Seems there maybe something missing there since some traffic can be
ip-level w/no tcp
in play (ex: dns). Doesn't seem that would really work too well...

Has anyone had any experience w/this type of setup?

tnx!