[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fragmatiation with port-forwarding



Tzafrir,
If you have a rule in the FORWARD table to allow all or icmp related
packets , then you need not add any specific rule for faragments or icmp
fragmentation needed.
Your problem is probably blackholing by a blocked icmp message of the type
fragmentation needed. I just wonder what kind of setup makes this 6 bytes
difference. Can you tell more about your iptables host setup ?
Dani

On Tue, 28 Aug 2001, Tzafrir Cohen wrote:

> Hi
>
> I have a web server that has recently moved to serve as port-forwarded
> beond an ipchins linux box.
>
> I suddenly noticed frgamation problems: pages from the server don't load
> if I get them fast enough. reducing the MTU to 1494 seems to solve the
> problem (and setting it back to 1500 reproduces it).
>
> While I'll probably leave those MTU settings to prevent unnecessary
> fragamantation, I can't exactly figure out how exactly the web server is
> supposed to get the Fragment packets.
>
> I can't find any trace to dropped unlogged ICMP packets on the linux box
> or the web server (and I'm pretty sure I currently log them all)
>
> Is there an explicit rule I need to add to forward the relevant ICMP
> packets to a port-forwarded connection?
> (It worked before the server was inside the NAT network, so I currently
> suspect my own settings.)
>
> Thanks
>
> --
> Tzafrir Cohen
> mailto:tzafrir@technion.ac.il
> http://www.technion.ac.il/~tzafrir
>
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il