On 17-Jan-2001 Jussi Hamalainen wrote:
> On Wed, 17 Jan 2001, Tony Gale wrote:
>
>> It looks like this is due to the odd way in which ipchains handles
>> fragments. Try:
>>
>> echo 1 > /proc/sys/net/ipv4/ip_always_defrag
>
> Thanks, this seems to do the trick. Does this oddity still exist
> in 2.4?
>
Well, I haven't found it, but there is
/proc/sys/net/ipv4/ipfrag_high_thresh
/proc/sys/net/ipv4/ipfrag_low_thresh
/proc/sys/net/ipv4/ipfrag_time
Perhaps 2.4 always defrags packets by default. Anyone confirm? This
is pretty much needed for any kind of firewall/masquerading system.
-tony
---
E-Mail: Tony Gale <[EMAIL PROTECTED]>
The great merit of society is to make one appreciate solitude.
-- Charles Chincholles, "Reflections on the Art of Life"
The views expressed above are entirely those of the writer
and do not represent the views, policy or understanding of
any other person or official body.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
