/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
John D. Hardin wrote:
> On Mon, 8 Jan 2001, Brockhoven, Werner wrote:
>
> > The ipchains howto says that in order for masquerading to work you
> > have to issue echo "1" > /proc/sys/net/ipv4/ip_always_defrag,
> > which I do in my firewall script.
> >
> > For every new masqed connection this parameter is incremented with
> > 1. If the masqed connection is closed/timed out , this value is
> > decremented with 1.
>
> Huh?
>
> While I haven't looked at 2.2.18 in any detail yet, it seems really
> unlikely to me that the defragmentation code would be hooked into the
> masquerade code in this manner.
truth is stranger than fiction :)
> Can anybody confirm this behaviour? Has anybody else seen it on
> earlier 2.2.x kernels?
i can't report on the behaviour but the doco for 2.2.14 says that
ip_always_defrag is automagically enabled when enabling masquerading
so the thing werner should do in his firewall script is to leave
ip_always_defrag alone. then it won't ever be set to a bad value.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
