IP defrag (was RE: ipchains blocking port 65535)

Tony Gale (gale@syntax.dera.gov.uk)
Wed, 17 Jan 2001 17:15:54 -0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: david: "test only do not read"
Previous message: Jussi Hamalainen: "RE: ipchains blocking port 65535"

On 17-Jan-2001 Jussi Hamalainen wrote:
> On Wed, 17 Jan 2001, Tony Gale wrote:
>
>> It looks like this is due to the odd way in which ipchains handles
>> fragments. Try:
>>
>> echo 1 > /proc/sys/net/ipv4/ip_always_defrag
>
> Thanks, this seems to do the trick. Does this oddity still exist
> in 2.4?
>

Well, I haven't found it, but there is
/proc/sys/net/ipv4/ipfrag_high_thresh
/proc/sys/net/ipv4/ipfrag_low_thresh
/proc/sys/net/ipv4/ipfrag_time

Perhaps 2.4 always defrags packets by default. Anyone confirm? This
is pretty much needed for any kind of firewall/masquerading system.

-tony

--- E-Mail: Tony Gale <gale@syntax.dera.gov.uk> The great merit of society is to make one appreciate solitude. -- Charles Chincholles, "Reflections on the Art of Life"

The views expressed above are entirely those of the writer and do not represent the views, policy or understanding of any other person or official body. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/

Next message: david: "test only do not read"
Previous message: Jussi Hamalainen: "RE: ipchains blocking port 65535"