Luci Stanescu wrote:
On Mon, Jan 30, 2006 at 08:30:38AM +0200, Georgel IANCU wrote:
Salut
Pe un server FC1 apar urmatoarele erori si in acel moment serv se blocheaza.
ipt_tcpmss_target: bad length (60 bytes)
source:
56 /* Since it passed flags test in tcp match, we know it is is
57 not a fragment, and has data >= tcp header length. SYN
58 packets should not contain data: if they did, then we risk
59 running over MTU, sending Frag Needed and breaking things
60 badly. --RR */
61 if (tcplen != tcph->doff*4) {
62 if (net_ratelimit())
63 printk(KERN_ERR
64 "ipt_tcpmss_target: bad length (%d bytes)\n",
65 (*pskb)->len);
66 return NF_DROP;
67 }
Da un google cu eroarea. Se pare ca pachetele respective nu ar trebui sa
existe; poate un DoS?
Banuesc ca *
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0
-j TCPMSS --clamp-mss-to-pmtu
*ar trebui sa imi rezolve problema dar din pacate nu merge decat cu
kernel 2.6 si eu am un kernel 2.4( ca sa mearga un cbq)*
*
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
