Commit 9b8678fb authored by nanahira's avatar nanahira

change mtu also for bridge

parent c9e87584
...@@ -14,6 +14,8 @@ ip addr add {{address}} dev {{br.name}} ...@@ -14,6 +14,8 @@ ip addr add {{address}} dev {{br.name}}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
_change_mtu -A "$BRIDGE_NAME"
handle_gateway() { handle_gateway() {
GATEWAY_ID=$1 GATEWAY_ID=$1
GATEWAY_ADDRESS=$2 GATEWAY_ADDRESS=$2
......
...@@ -7,6 +7,8 @@ export BRIDGE_NAME={{br.name}} ...@@ -7,6 +7,8 @@ export BRIDGE_NAME={{br.name}}
export BRIDGE_ADDRESS={{br.address}} export BRIDGE_ADDRESS={{br.address}}
{% endif %} {% endif %}
_change_mtu -D "$BRIDGE_NAME"
handle_gateway() { handle_gateway() {
GATEWAY_ID=$1 GATEWAY_ID=$1
GATEWAY_ADDRESS=$2 GATEWAY_ADDRESS=$2
......
#!/bin/bash #!/bin/bash
source {{ansible_user_dir}}/nextgen-router/scripts/utility.sh source {{ansible_user_dir}}/nextgen-router/scripts/utility.sh
_change_mtu -D "$PPP_IFACE"
PPPOE_NEXT_HOP_MARK=$[1000 + $(echo "$PPP_IFACE" | sed "s/ppp//g")] PPPOE_NEXT_HOP_MARK=$[1000 + $(echo "$PPP_IFACE" | sed "s/ppp//g")]
PPPOE_SELECTION_MARK=$((PPPOE_NEXT_HOP_MARK + 50)) PPPOE_SELECTION_MARK=$((PPPOE_NEXT_HOP_MARK + 50))
......
...@@ -4,15 +4,7 @@ source {{ansible_user_dir}}/nextgen-router/scripts/utility.sh ...@@ -4,15 +4,7 @@ source {{ansible_user_dir}}/nextgen-router/scripts/utility.sh
PPPOE_NEXT_HOP_MARK=$[1000 + $(echo "$PPP_IFACE" | sed "s/ppp//g")] PPPOE_NEXT_HOP_MARK=$[1000 + $(echo "$PPP_IFACE" | sed "s/ppp//g")]
PPPOE_SELECTION_MARK=$((PPPOE_NEXT_HOP_MARK + 50)) PPPOE_SELECTION_MARK=$((PPPOE_NEXT_HOP_MARK + 50))
INTERFACE_MTU=$(ip link show dev "$PPP_IFACE" | grep -oP 'mtu \d+' | cut -c 5-) _change_mtu -A "$PPP_IFACE"
INTERFACE_MTU_4=$((INTERFACE_MTU - 40))
INTERFACE_MTU_6=$((INTERFACE_MTU - 60))
iptables -w -t mangle -A FORWARD -o "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $INTERFACE_MTU_4:1460 -j TCPMSS --set-mss $INTERFACE_MTU_4
iptables -w -t mangle -A FORWARD -i "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $INTERFACE_MTU_4:1460 -j TCPMSS --set-mss $INTERFACE_MTU_4
ip6tables -t mangle -A FORWARD -o "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $INTERFACE_MTU_6:1460 -j TCPMSS --set-mss $INTERFACE_MTU_6
ip6tables -t mangle -A FORWARD -i "$PPP_IFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $INTERFACE_MTU_6:1460 -j TCPMSS --set-mss $INTERFACE_MTU_6
iptables -w -t nat -o "$PPP_IFACE" -A POSTROUTING -j MASQUERADE iptables -w -t nat -o "$PPP_IFACE" -A POSTROUTING -j MASQUERADE
......
...@@ -58,3 +58,17 @@ _wait_for_interface_online() { ...@@ -58,3 +58,17 @@ _wait_for_interface_online() {
done done
echo "Interface $INTERFACE is OK." echo "Interface $INTERFACE is OK."
} }
_change_mtu() {
OPTION=$1
INTERFACE=$2
INTERFACE_MTU=$(ip link show dev "$INTERFACE" | grep -oP 'mtu \d+' | cut -c 5-)
INTERFACE_MTU_4=$((INTERFACE_MTU - 40))
INTERFACE_MTU_6=$((INTERFACE_MTU - 60))
iptables -w -t mangle "$OPTION" FORWARD -o "$INTERFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $INTERFACE_MTU_4:1460 -j TCPMSS --set-mss $INTERFACE_MTU_4
iptables -w -t mangle "$OPTION" FORWARD -i "$INTERFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $INTERFACE_MTU_4:1460 -j TCPMSS --set-mss $INTERFACE_MTU_4
ip6tables -w -t mangle "$OPTION" FORWARD -o "$INTERFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $INTERFACE_MTU_6:1460 -j TCPMSS --set-mss $INTERFACE_MTU_6
ip6tables -w -t mangle "$OPTION" FORWARD -i "$INTERFACE" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $INTERFACE_MTU_6:1460 -j TCPMSS --set-mss $INTERFACE_MTU_6
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment