Hi all! Great to be here!
Until recently our ISP leased all their IP’s based on client MAC. Everyone was happy and the sun was shining.
And then, in their divine and endless wisdom, they decided to migrate their clients to PPPoE. And that’s when the fun began. At first it took me and their tech support two days to figure out why some sites load and some not. Yes, now I know the MTU was the root of it and I have to clamp the MSS with:
firewall-cmd --permanent --direct --add-passthrough ipv4 -t mangle -I FORWARD -p tcp --syn -j TCPMSS --clamp-mss-to-pmtu. And I was happy. For a while, at least. Soon I realized that everytime I --reload the rules, I get an error “Error: Argument 1 does not allow None as a value”, the connection drops and no interfaces seems to be assigned to any zone until reboot. That would be a problem if I try to do something remotely. And at last, whenever I load an ipset, even with just a single IP the RPi losts connection - no ping in or out, no forward. Thankfully the LAN interface does not disconnect the ssh session, and I’m able to revert. In short, I am banging my head in the wall and I’m starting to think to put my old Linksys router as a DialUp modem. If anyone could suggest a more elegant idea - please, please! 