> > I know it's bad form to follow up my own posts, but... > > > > The closest I've come to a solution refers to a problem with IP > > Masquerading in the ipchains implementation (using 2.0, or 2.2 > > kernels). This is one of the reasons I upgraded to RH 7.1 (and the > > 2.4.2 kernel and iptables). Apparently the problem is that the > > initial requests are lost when intermediate routers respond with > > requests to fragment or use smaller MTU sizes. > > > > The problem is clearly in the RH 7.1 box, as then I take > one of the > > machines behind the firewall and access my ISP directly the > > inaccessible sites are accessible. > > > > Is there a version of kernel / iptables where this is fixed? > > > > Is there a way to force the ISP into accepting a larger MTU size > > (e.g. 1500)? > > > > ... Glenn > > > > At 10:59 AM -0500 11/17/01, Glenn Henshaw wrote: > >> This didn't seem to have any effect. I expect that this is a > >>problem at my ISP. > >> > >>At 9:55 AM -0500 11/15/01, Ben Logan wrote: > >>>If your gateway-to-ISP MTU is 1460, I would suggest > dropping the MTU > >>>on your LAN to around 1400. I can't remember the exact size of the > >>>data the kernel adds, but I don't think it was more than > 60 bytes. Of > >>>course, this assumes that you are using IP-Masq. > > Does this have anything to do with solving the problem? > net.ipv4.ip_always_defrag = 1 > (I don't know I was just wondering) > > -Cheers > -Andrew > -- > MS ... if only he hadn't been hang gliding!
Also, are you using ECN? Forrest _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
