[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fragmatiation with port-forwarding
- To: Tzafrir Cohen <tzafrir(at-nospam)technion.ac.il>
- Subject: Re: fragmatiation with port-forwarding
- From: Dani Arbel <darbel(at-nospam)techunix.technion.ac.il>
- Date: Tue, 28 Aug 2001 11:23:16 +0300 (IDT)
- Cc: Linux-IL mailing list <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <Pine.GSO.4.33_heb2.09.0108281012020.11997-100000@techunix.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Tzafrir,
If you have a rule in the FORWARD table to allow all or icmp related
packets , then you need not add any specific rule for faragments or icmp
fragmentation needed.
Your problem is probably blackholing by a blocked icmp message of the type
fragmentation needed. I just wonder what kind of setup makes this 6 bytes
difference. Can you tell more about your iptables host setup ?
Dani
On Tue, 28 Aug 2001, Tzafrir Cohen wrote:
> Hi
>
> I have a web server that has recently moved to serve as port-forwarded
> beond an ipchins linux box.
>
> I suddenly noticed frgamation problems: pages from the server don't load
> if I get them fast enough. reducing the MTU to 1494 seems to solve the
> problem (and setting it back to 1500 reproduces it).
>
> While I'll probably leave those MTU settings to prevent unnecessary
> fragamantation, I can't exactly figure out how exactly the web server is
> supposed to get the Fragment packets.
>
> I can't find any trace to dropped unlogged ICMP packets on the linux box
> or the web server (and I'm pretty sure I currently log them all)
>
> Is there an explicit rule I need to add to forward the relevant ICMP
> packets to a port-forwarded connection?
> (It worked before the server was inside the NAT network, so I currently
> suspect my own settings.)
>
> Thanks
>
> --
> Tzafrir Cohen
> mailto:tzafrir@technion.ac.il
> http://www.technion.ac.il/~tzafrir
>
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il