Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-05-2006, 09:06 AM
|
#1
|
Member
Registered: May 2004
Distribution: redhat, trustix, debian
Posts: 103
Rep:
|
fragmented udp packets
HI
I have a big problem
I can't forward some fragmented udp packets. They are entering one interface but they are not forwarded to my inside interface. I can capture them on my outside interface. It's not a firewall issue.
I'm using Centos 4 and 2.6.9.34 kernel, I tried also with 2.6.9.5 kernel with same results.
Any ideas?
|
|
|
07-06-2006, 07:03 PM
|
#2
|
Member
Registered: Dec 2004
Posts: 125
Rep:
|
what type of data is being sent? is the dont fragment bit set? you should be able to notice the flag in tcpdump output.
|
|
|
07-07-2006, 10:38 AM
|
#3
|
Member
Registered: May 2004
Distribution: redhat, trustix, debian
Posts: 103
Original Poster
Rep:
|
Well I think it is:
17:37:27.241183 IP (tos 0x20, ttl 58, id 28157, offset 1480, flags [+, DF], proto: UDP (17), length: 1500) yyy > xxx: udp
17:37:27.241202 IP (tos 0x20, ttl 58, id 28157, offset 2960, flags [DF], proto: UDP (17), length: 184) yyy > xxx udp
What should I do?
|
|
|
07-07-2006, 07:49 PM
|
#4
|
Member
Registered: Dec 2004
Posts: 125
Rep:
|
check your mtu with ifconfig and see if its set to some really low value, if it is then make it higher. If this doesnt fix it you can try and rel yon pmtu which you can enable by:
echo 0 >/proc/sys/net/ipv4/ip_no_pmtu_disc
|
|
|
07-08-2006, 02:12 AM
|
#5
|
Member
Registered: May 2004
Distribution: redhat, trustix, debian
Posts: 103
Original Poster
Rep:
|
thank's for your reply
I lowered mtu until 1250 on all interfaces but with no luck, and I couldn't make it higher than 1500. PMTU was already enabled. This same connection works with 2.4 kernel, but I wan't to change my old firewall with a new one. I tried 2.6.9, 2.6.11, 2.6.15 kernel so far. There must be a way to solve this with 2.6 kernel too.
Any help would be appreciated
|
|
|
07-08-2006, 05:29 AM
|
#6
|
Member
Registered: May 2004
Distribution: redhat, trustix, debian
Posts: 103
Original Poster
Rep:
|
I found out that shorewall is causing the problem. I didn't suspected shorewall because I inserted rules to accept everything from the vpn gateway in the forward chain and in the nat table. So I thought it was the kernel. But with shorewall disabled it works. Anybody experienced this with shorewall?
I didn't tell you yet but I'm trying to establish a vpn connection.
Thanks
|
|
|
All times are GMT -5. The time now is 10:00 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|