LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page tunrning on ip fragmentation in Fedora core 2
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-24-2004, 02:19 AM   #1
Montaignep
LQ Newbie
 
Registered: Sep 2004
Posts: 4

Rep: Reputation: 0
tunrning on ip fragmentation in Fedora core 2

I am setting up a router with ipsec VPN . It is working OK until the packets get big enough that with the ipsec overhead it goes over the MTU. Fragmentation is then needed but it is by default off.
Can someone tell me how to turn it on ?
 
Old 09-24-2004, 06:33 AM   #2
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 608

Rep: Reputation: 50
I'd rather suggest changing the MTU to a smaller value.
 
Old 09-24-2004, 06:41 AM   #3
Montaignep
LQ Newbie
 
Registered: Sep 2004
Posts: 4

Original Poster
Rep: Reputation: 0
This is actually what I did as a work around, lowering it to 1398 did the trick but I have to do that on every single machine on the network. I also have to dig into the config files to find out how to make it permanent under Linux.
But I would still like to know what I have to do to turn defrag on.

Thanks for your reply anyway, your are the first one.
 
Old 09-24-2004, 07:29 AM   #4
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
I can't tell from your post, but the problem you describe could be iptable related.
Have you looked at the iptable target TCPMSS?

From man iptables:
Code:
   TCPMSS
       This  target  allows to alter the MSS value of TCP SYN packets, to con-
       trol the maximum size for that connection (usually limiting it to  your
       outgoing  interface's MTU minus 40).  Of course, it can only be used in
       conjunction with -p tcp.
       This target is used to overcome criminally braindead  ISPs  or  servers
       which  block  ICMP  Fragmentation Needed packets.  The symptoms of this
       problem are that everything works fine from your Linux firewall/router,
       but machines behind it can never exchange large packets:
        1) Web browsers connect, then hang with no data received.
        2) Small mail works fine, but large emails hang.
        3) ssh works fine, but scp hangs after initial handshaking.
       Workaround:  activate  this option and add a rule to your firewall con-
       figuration like:
        iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
                    -j TCPMSS --clamp-mss-to-pmtu
 
Old 09-24-2004, 11:26 AM   #5
Montaignep
LQ Newbie
 
Registered: Sep 2004
Posts: 4

Original Poster
Rep: Reputation: 0
Great idea, I did not know about TCPMSS, my man pages does not even mention it.
in fact I use :
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1358
to get my ipsec vpn to work.
So this is a solution to my current problem. But I still would like to know how to turn the defrag on !
Thanks
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Severe problems with Fedora Core 1 and Fedora Core 2 installatiom TheOneKEA Fedora - Installation 2 07-14-2004 02:12 PM
Upgrading via Internet Fedora Core 1 to Fedora Core 2 cdean Linux - Newbie 2 05-30-2004 11:14 PM
Fedora Core 2 - Just days away! Final comments on Fedora Core 1 lrt2003 Fedora 3 05-12-2004 02:09 AM
Will Fedora Core 1 RPMs still be compatable with Fedora Core 2? yarjar Linux - Software 1 05-02-2004 01:02 AM
macromedia flash plugin on mozilla / tunrning off /anti-aliasing problem jamaso Slackware 7 05-01-2002 06:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:45 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration