On Mon, Jun 30, 2008 at 5:07 PM, Fulvio Ricciardi < [EMAIL PROTECTED]> wrote:
> > > > > That mostly rules out other devices in the path as the > > cause of the problem. There's just one chance of a > > netfilter interaction that I can think of: netfilter may > > cause fragments to be recombined, without netfilter the > > fragments could be bridged. Are you running the ping > > command from the bridge itself, or across the bridge? (I > > presume across the bridge because you are discussing the > > FORWARD chain only) > > I ping across the bridge. If instead a ping from the bridge > itself, all works right. > > > > > Do the large ping requests show up in the iptables > > counters? > > Yes, in any case (either ping -s 1472 and ping -s 1473) the > packets are counted in the FORWARD chain. > > > > > What happens if you set no fragmentation when you run > > ping? > > it's the same Just to verify, you mean that with no fragmentation, large pings go through if and only if bridge-nf-call-iptables is disabled? I would expect large pings to be dropped irregardless of the bridge-nf-call-iptables option when the no fragmentation bit is set, based on your scenario. > > > Thanks > Fulvio > > -------------------------------------------------------------------- > Fulvio Ricciardi > web: http://www.zeroshell.net/eng/ > skype: zeroshellnet > Phone: +3908321835630 >
_______________________________________________ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
