Amarendra GODBOLE wrote: > That's *NOT* all. You should have /etc/sysctl.conf with entries > something like this : > > # Disables packet forwarding > net.ipv4.ip_forward = 1 > # Enables source route verification > net.ipv4.conf.all.rp_filter = 1 > # Disables automatic defragmentation (needed for masquerading, LVS) > net.ipv4.ip_always_defrag = 0 > # Disables the magic-sysrq key > kernel.sysrq = 0 Shouldn't it be net.ipv4.ip_always_defrag=1 ? But then, IIRC, it may not be necessary, since the kernel automagically enables ipv4.ip_always_defrag whenever ip forwarding is turned on. And to provide some security, you could also add the following rule on the masquerading gateway: /sbin/ipchains -P forward DENY Vinu. -- The relative speed of a computer, regardless of CPU architecture, is inversely proportional to the number of Microsoft products installed. ---------------------------------------------- The mailing list archives are available at http://lists.linux-india.org/cgi-bin/wilma/LIH
