This is my last resort. Do you suggest upgrading to RH 7.2 and upgrading the kernel from there?
At 7:56 PM -0500 11/19/01, Statux wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >If yer having problems with getting to certain hosts, I suggest using a >kernel more recent that 2.4.2. There were a lot of routing problems with >the code in kernels before 2.4.3 or 2.4.4. If you have the opportunity to >upgrade.. then do so to the latest possible kernel.. other than maybe >2.4.11 (which was canned in under 24 hours due to a BAD bug) and maybe >2.4.12 which a few people complained about a lil. 2.4.10 seems pretty >good.. I'm using 2.4.14 right now and have no problem. Of course, if you >don't compile your own kernel, then just take whatever RH has available :) > >On Tue, 20 Nov 2001, Andrew Smith wrote: > >> > I know it's bad form to follow up my own posts, but... >> > >> > The closest I've come to a solution refers to a problem with IP >> > Masquerading in the ipchains implementation (using 2.0, or 2.2 >> > kernels). This is one of the reasons I upgraded to RH 7.1 (and the >> > 2.4.2 kernel and iptables). Apparently the problem is that the >> > initial requests are lost when intermediate routers respond with >> > requests to fragment or use smaller MTU sizes. >> > >> > The problem is clearly in the RH 7.1 box, as then I take one of the >> > machines behind the firewall and access my ISP directly the >> > unaccessible sites are accessible. >> > >> > Is there a version of kernel / iptables where this is fixed? >> > >> > Is there a way to force the ISP into accepting a larger MTU size >> > (e.g. 1500)? >> > >> > ... Glenn >> > >> > At 10:59 AM -0500 11/17/01, Glenn Henshaw wrote: >> >> This didn't seem to have any effect. I expect that this is a >> >>problem at my ISP. >> >> >> >>At 9:55 AM -0500 11/15/01, Ben Logan wrote: >> >>>If your gateway-to-ISP MTU is 1460, I would suggest dropping the MTU >> >>>on your LAN to around 1400. I can't remember the exact size of the >> >>>data the kernel adds, but I don't think it was more than 60 bytes. Of >> >>>course, this assumes that you are using IP-Masq. >> >> Does this have anything to do with solving the problem? > > net.ipv4.ip_always_defrag = 1 > > (I don't know I was just wondering) > > > > -Cheers > > -Andrew > > -- > > MS ... if only he hadn't been hang gliding! > > > > > > > > _______________________________________________ >> Seawolf-list mailing list >> [EMAIL PROTECTED] >> https://listman.redhat.com/mailman/listinfo/seawolf-list >> > >- -- >- -Statux >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.6 (GNU/Linux) >Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ > >iD8DBQE7+apYZriHHoi+4toRArjbAKComD/8QMP+qMvd4Az+kMGs1x7+dACfaK20 >VTj/EWGpyqneKPt9eVbg8EI= >=0EKF >-----END PGP SIGNATURE----- > > > >_______________________________________________ >Seawolf-list mailing list >[EMAIL PROTECTED] >https://listman.redhat.com/mailman/listinfo/seawolf-list -- -- Glenn Henshaw | Ottawa, Canada Play: [EMAIL PROTECTED] | Work: [EMAIL PROTECTED] _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
