You have a complicated per interface --clamp-mss-to-pmtu
and it might not be catching everything ? Try adding a blanket rule, ie
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
1 Like