LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-05-2006, 09:06 AM   #1
zsoltrenyi
Member
 
Registered: May 2004
Distribution: redhat, trustix, debian
Posts: 103

Rep: Reputation: 15
Unhappy fragmented udp packets


HI

I have a big problem
I can't forward some fragmented udp packets. They are entering one interface but they are not forwarded to my inside interface. I can capture them on my outside interface. It's not a firewall issue.

I'm using Centos 4 and 2.6.9.34 kernel, I tried also with 2.6.9.5 kernel with same results.
Any ideas?
 
Old 07-06-2006, 07:03 PM   #2
tgo
Member
 
Registered: Dec 2004
Posts: 125

Rep: Reputation: 15
what type of data is being sent? is the dont fragment bit set? you should be able to notice the flag in tcpdump output.
 
Old 07-07-2006, 10:38 AM   #3
zsoltrenyi
Member
 
Registered: May 2004
Distribution: redhat, trustix, debian
Posts: 103

Original Poster
Rep: Reputation: 15
Well I think it is:

17:37:27.241183 IP (tos 0x20, ttl 58, id 28157, offset 1480, flags [+, DF], proto: UDP (17), length: 1500) yyy > xxx: udp
17:37:27.241202 IP (tos 0x20, ttl 58, id 28157, offset 2960, flags [DF], proto: UDP (17), length: 184) yyy > xxx udp


What should I do?
 
Old 07-07-2006, 07:49 PM   #4
tgo
Member
 
Registered: Dec 2004
Posts: 125

Rep: Reputation: 15
check your mtu with ifconfig and see if its set to some really low value, if it is then make it higher. If this doesnt fix it you can try and rel yon pmtu which you can enable by:

echo 0 >/proc/sys/net/ipv4/ip_no_pmtu_disc
 
Old 07-08-2006, 02:12 AM   #5
zsoltrenyi
Member
 
Registered: May 2004
Distribution: redhat, trustix, debian
Posts: 103

Original Poster
Rep: Reputation: 15
thank's for your reply

I lowered mtu until 1250 on all interfaces but with no luck, and I couldn't make it higher than 1500. PMTU was already enabled. This same connection works with 2.4 kernel, but I wan't to change my old firewall with a new one. I tried 2.6.9, 2.6.11, 2.6.15 kernel so far. There must be a way to solve this with 2.6 kernel too.
Any help would be appreciated
 
Old 07-08-2006, 05:29 AM   #6
zsoltrenyi
Member
 
Registered: May 2004
Distribution: redhat, trustix, debian
Posts: 103

Original Poster
Rep: Reputation: 15
I found out that shorewall is causing the problem. I didn't suspected shorewall because I inserted rules to accept everything from the vpn gateway in the forward chain and in the nat table. So I thought it was the kernel. But with shorewall disabled it works. Anybody experienced this with shorewall?
I didn't tell you yet but I'm trying to establish a vpn connection.
Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
UDP: Short Packets: and UDP bad checksum: entries in dmesg minutes2memories Linux - Networking 2 02-26-2006 08:28 PM
how netfilter handles fragmented packets??? cranium2004 Linux - Networking 1 11-21-2004 01:47 PM
encapsulating TCP packets in UDP packets... yoshi95 Programming 3 06-03-2004 03:53 PM
How to receive UDP and ICMP packets, by one UDP socket(PMTUD) myself_rajat Linux - Networking 0 05-28-2004 06:43 AM
iptables (Fragmented packets) qwijibow Linux - Security 2 09-02-2003 07:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration