-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If yer having problems with getting to certain hosts, I suggest using a 
kernel more recent that 2.4.2. There were a lot of routing problems with 
the code in kernels before 2.4.3 or 2.4.4. If you have the opportunity to 
upgrade.. then do so to the latest possible kernel.. other than maybe 
2.4.11 (which was canned in under 24 hours due to a BAD bug) and maybe 
2.4.12 which a few people complained about a lil. 2.4.10 seems pretty 
good.. I'm using 2.4.14 right now and have no problem. Of course, if you 
don't compile your own kernel, then just take whatever RH has available :)

On Tue, 20 Nov 2001, Andrew Smith wrote:

> >   I know it's bad form to follow up my own posts, but...
> > 
> >   The closest I've come to a solution refers to a problem with IP 
> > Masquerading in the ipchains implementation (using 2.0, or 2.2 
> > kernels). This is one of the reasons I upgraded to RH 7.1 (and the 
> > 2.4.2 kernel and iptables). Apparently the problem is that the 
> > initial requests are lost when intermediate routers respond with 
> > requests to fragment or use smaller MTU sizes.
> > 
> >   The problem is clearly in the RH 7.1 box, as then I take one of the 
> > machines behind the firewall and access my ISP directly the 
> > unaccessible sites are accessible.
> > 
> >   Is there a version of kernel / iptables where this is fixed?
> > 
> >   Is there a way to force the ISP into accepting a larger MTU size
> >   (e.g. 1500)?
> > 
> >     ... Glenn
> > 
> > At 10:59 AM -0500 11/17/01, Glenn Henshaw wrote:
> >>   This didn't seem to have any effect. I expect that this is a 
> >>problem at my ISP.
> >>
> >>At 9:55 AM -0500 11/15/01, Ben Logan wrote:
> >>>If your gateway-to-ISP MTU is 1460, I would suggest dropping the MTU
> >>>on your LAN to around 1400.  I can't remember the exact size of the
> >>>data the kernel adds, but I don't think it was more than 60 bytes.  Of
> >>>course, this assumes that you are using IP-Masq.
> 
> Does this have anything to do with solving the problem?
> net.ipv4.ip_always_defrag = 1
> (I don't know I was just wondering)
> 
> -Cheers
> -Andrew
> --
> MS ... if only he hadn't been hang gliding!
> 
> 
> 
> _______________________________________________
> Seawolf-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/seawolf-list
> 

- -- 
- -Statux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQE7+apYZriHHoi+4toRArjbAKComD/8QMP+qMvd4Az+kMGs1x7+dACfaK20
VTj/EWGpyqneKPt9eVbg8EI=
=0EKF
-----END PGP SIGNATURE-----



_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list

Reply via email to