[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fragmatiation with port-forwarding
- To: Dani Arbel <darbel(at-nospam)techunix.technion.ac.il>
- Subject: Re: fragmatiation with port-forwarding
- From: Tzafrir Cohen <tzafrir(at-nospam)technion.ac.il>
- Date: Tue, 28 Aug 2001 13:03:13 +0300 (IDT)
- Cc: Linux-IL mailing list <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <Pine.GSO.4.33.0108281118160.26828-100000@techunix.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Hi
On Tue, 28 Aug 2001, Dani Arbel wrote:
> If you have a rule in the FORWARD table to allow all or icmp related
> packets , then you need not add any specific rule for faragments or icmp
> fragmentation needed.
It seems that the packets were dropped by the nat router after all (due to
some wierd rule).
> Your problem is probably blackholing by a blocked icmp message of the type
> fragmentation needed. I just wonder what kind of setup makes this 6 bytes
> difference. Can you tell more about your iptables host setup ?
ipchains. Doing quite standard port forwarding.
The network itself is connected by frame-relay to BezeqInet.
> Dani
>
> On Tue, 28 Aug 2001, Tzafrir Cohen wrote:
>
> > Hi
> >
> > I have a web server that has recently moved to serve as port-forwarded
> > beond an ipchins linux box.
> >
> > I suddenly noticed frgamation problems: pages from the server don't load
> > if I get them fast enough. reducing the MTU to 1494 seems to solve the
> > problem (and setting it back to 1500 reproduces it).
> >
> > While I'll probably leave those MTU settings to prevent unnecessary
> > fragamantation, I can't exactly figure out how exactly the web server is
> > supposed to get the Fragment packets.
> >
> > I can't find any trace to dropped unlogged ICMP packetson the linux box
> > or the web server (and I'm pretty sure I currently log them all)
> >
> > Is there an explicit rule I need to add to forward the relevant ICMP
> > packets to a port-forwarded connection?
> > (It worked before the server was inside the NAT network, so I currently
> > suspect my own settings.)
> >
> > Thanks
> >
> > --
> > Tzafrir Cohen
> > mailto:tzafrir@technion.ac.il
> > http://www.technion.ac.il/~tzafrir
> >
> >
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
> >
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
--
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il