Setting TCP-MSS

S

Staro

Member
Sep 2, 2019
5
0
6
Hi.

To improve throughput on a proxmox installation, is it possible to set TCP-MSS to reduce fragmentation using iptables?

I've tried to add this using

Code: 
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1436
but it has had no effect.

Is there a pve-firewall caveat to be aware of?

Thanks
 
In my experience, pve-firewall tooling is focused on the filter table and the other tables have been manipulated by the Network Configuration [0}.

For your use case, I suggest TCPMSS be applied in the POSTROUTING chain of the mangle table, i.e., if your physical interface is eno1 and your host bridge is vmbr0, then your /etc/network/interfaces would look something like:

Code: 
iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address <ip addr>
        netmask <ip mask>
        gateway <ip gateway>
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        
        post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eno1 -j TCPMSS --set-mss 1436
        post-down iptables -t mangle -D POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eno1 -j TCPMSS --set-mss 1436

then ifreload (IFF you have installed ifupdown2 pkg) or reboot to take affect.


[0] https://pve.proxmox.com/wiki/Networ...ith_tt_span_class_monospaced_iptables_span_tt
 
You must log in or register to reply here.
Top Bottom