On Wed, Jan 17, 2001 at 05:44:30PM -, Tony Gale wrote:
>
> On 17-Jan-2001 Andi Kleen wrote:
> >
> > Connection tracking always defrags as needed.
> > masquerading/NAT/iptables
> > with connection tracking uses that.
> >
> > This means that if any of these are enabled and your machine acts
On 17-Jan-2001 Andi Kleen wrote:
>
> Connection tracking always defrags as needed.
> masquerading/NAT/iptables
> with connection tracking uses that.
>
> This means that if any of these are enabled and your machine acts
> as a
> router lots of CPU could get burned in defragmentation, and packe
On Wed, Jan 17, 2001 at 05:15:54PM -, Tony Gale wrote:
>
> On 17-Jan-2001 Jussi Hamalainen wrote:
> > On Wed, 17 Jan 2001, Tony Gale wrote:
> >
> >> It looks like this is due to the odd way in which ipchains handles
> >> fragments. Try:
> >>
> >> echo 1 > /proc/sys/net/ipv4/ip_always_defrag
On 17-Jan-2001 Jussi Hamalainen wrote:
> On Wed, 17 Jan 2001, Tony Gale wrote:
>
>> It looks like this is due to the odd way in which ipchains handles
>> fragments. Try:
>>
>> echo 1 > /proc/sys/net/ipv4/ip_always_defrag
>
> Thanks, this seems to do the trick. Does this oddity still exist
> in
On Wed, 17 Jan 2001, Tony Gale wrote:
> It looks like this is due to the odd way in which ipchains handles
> fragments. Try:
>
> echo 1 > /proc/sys/net/ipv4/ip_always_defrag
Thanks, this seems to do the trick. Does this oddity still exist
in 2.4?
--
-=[ Count Zero / TBH - Jussi Hämäläinen - em
It looks like this is due to the odd way in which ipchains handles
fragments. Try:
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
-tony
On 17-Jan-2001 Jussi Hamalainen wrote:
> There seems to be a bug in ipchains. Matching port 65535 seems to
> always fail. If I set the chain policy to REJECT o
6 matches
Mail list logo
