Board index Linux Networking

Or how set dont fragment (fragment) + iptables?

Or how set dont fragment (fragment) + iptables?

Post by 328.28.0 » Sat, 06 Mar 2004 09:07:41



anybody know ?

R,
--

e.mail use: http://myemail.notlong.com gg:328.28.00

 
 
 
Top

Or how set dont fragment (fragment) + iptables?

Post by Cameron Ker » Sat, 06 Mar 2004 08:46:57



> anybody know ?

If you're using IPTables you don't need to worry about this, but if
you're using 2.2 or earlier kernel, then I suggest you see the ipchains
howto.

http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html

Its possible to configure the kernel to always defragment using the
option 'IP: always defragment', but only if your box is the only
possible route for these packets. (Taken from the HOWTO)

You should be able to echo 1  into one of the files in
/proc/sys/net/ipv4/ipfrag_*

--
Cameron Kerr

Empowered by Perl!

 
 
 
Top

Or how set dont fragment (fragment) + iptables?

Post by 328.28.0 » Sat, 06 Mar 2004 15:56:00


U?ytkownik Cameron Kerr napisa3:

[...]

#ls -al

ipfrag_high_thresh      (value:262144)
ipfrag_low_thresh       (value:196608
ipfrag_secret_interval  (value:600)
ipfrag_time             (value:30)

whitch one ? :) i use kernel: 2.4.22

R,
--

e.mail use: http://myemail.notlong.com gg:328.28.00

 
 
 
Top

Or how set dont fragment (fragment) + iptables?

Post by Cameron Ker » Sat, 06 Mar 2004 12:40:14



> ipfrag_high_thresh      (value:262144)
> ipfrag_low_thresh       (value:196608
> ipfrag_secret_interval  (value:600)
> ipfrag_time             (value:30)

> whitch one ? :) i use kernel: 2.4.22

Then I don't think you need to worry about it.

--
Cameron Kerr

Empowered by Perl!

 
 
 
Top

Or how set dont fragment (fragment) + iptables?

Post by 328.28.0 » Sat, 06 Mar 2004 16:43:09


U?ytkownik Cameron Kerr napisa?:

[...]

but Dear Cameron i need remove flags DF :)

R,
--

e.mail use: http://myemail.notlong.com gg:328.28.00

 
 
 
Top

Or how set dont fragment (fragment) + iptables?

Post by Clifford Kit » Sat, 06 Mar 2004 23:17:14



> U?ytkownik Cameron Kerr napisa3:
> [...]
> but Dear Cameron i need remove flags DF :)

You can't remove the DF flag, only set or clear it.

I think this will clear it and allow fragmentation:

echo -n 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc

--

PPP-Q&A links, downloads:                      http://ckite.no-ip.net/

 
 
 
Top

Or how set dont fragment (fragment) + iptables?

Post by 328.28.0 » Sun, 07 Mar 2004 00:37:19


U?ytkownik Clifford Kite napisa?:

[...]

o am i ... wrrr you are right ! V. Thx.

R,
--

e.mail use: http://myemail.notlong.com gg:328.28.00

 
 
 
Top

1. 2.5x - turning off "dont fragment"

We're running some 2.5 (and 2.5.1) machines on a network that's mixed
fddi and ethernet (using an extruder, so they're all the same
subnet).  Normally this works pretty well, except that solaris has
the don't framgment bit turned on, so the extruder can't break the
fddi-sized packets up into ethernet sized packets, so we have to
turn the MTU on the fddi interfaces down to 1500.

Anyone know where we can tweak the kernel to turn that OFF?

-Ron

2. how to get smbmount to work

3. My 2.4 IP always sends packets with DONT FRAGMENT

4. SCCS -> RCS utility anyone?

5. What to do with fragments - iptables

6. samba user/password validation PROBLEM

7. Problem with large pings with don't fragment set

8. Newbie: How to remount partition in read-write mode

9. set up internal buffer size(fragment) of SoundCard

10. ext2/3 fragments support

11. how to know a datagram has been fragmented, from a raw socket point-of-view ?

12. IP Fragments in wrong order ?

13. IP fragments reversed


All times are UTC
Board index