/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Guy Coates wrote:
> >might the demasquerading fail because the masqueraded packets go to
> >"nutmeg" but the reply packets to be demasqueraded come from "lmb"?
> >i take it that they are separate ip addresses.
>
> This seemed to be the root of the original problem. Things worked for
> ~24hrs, but now MASQ appears to be broken for some requests but not
> others.
>
> Sample from a correct NFS request (node24 is client, valm the gateway and
> nutmeg the server)
>
> 11:50:29.966389 node24.biop.ox..248976013 > nutmeg.biop.ox..nfs: 632 write
> [|nfs]
> 11:50:29.966409 valm.biop.ox.ac.248976013 > nutmeg.biop.ox..nfs: 632 write
> [|nfs]
> 11:50:29.968266 nutmeg.biop.ox..nfs > valm.biop.ox.ac.248976013: reply ok
> 96 write [|nfs] (DF)
> 11:50:29.968277 nutmeg.biop.ox..nfs > node24.biop.ox..248976013: reply ok
> 96 write [|nfs] (DF)
>
>
> However, below is a sample dump for a non-responding client; replies from
> the NFS server are getting sent back to the wrong client. (node4 rather
> than node10)
>
>
> 11:50:27.780608 node10.biop.ox..2366641037 > nutmeg.biop.ox..nfs: 1472
> write [|nfs] (frag 29157:1480@0+)
> 11:50:27.780730 valm.biop.ox.ac.2366641037 > nutmeg.biop.ox..nfs: 1472
> write [|nfs] (frag 29157:1480@0+)
>
> 11:50:27.784068 nutmeg.biop.ox..nfs > valm.biop.ox.ac.2366641037: reply ok
> 28 write [|nfs]
> 11:50:27.784087 nutmeg.biop.ox..nfs > node4.biop.ox.a.2366641037: reply ok
> 28
>
> I have noticed that the packets from non-responding clients are being
> fragmented. Is this a problem, and if so, is there any way of correcting
> it?
>
>
> Regards,
>
> Guy Coates
ah, that could possible break demasquerading. the fragments
don't contain port numbers so they could end up anywhere.
however, i believe that they took care of that by always
turning on the "always defrag" kernel option whenever
masquerading starts. there's a sysctl file in /proc/sys/net/ipv4
somewhere called ip_always_defrag (or something like that).
cat it to see if it's non-zero.
check it for various interfaces.
maybe you need to turn it on for
some interface that isn't masquerading.
not sure.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
