Hello,
On 25 Oct 2002, Vincent Jaussaud wrote:
> > 2.4 mask 0x1C, inverted 0xE3
> > 2.2 mask 0x1E, inverted 0xE1
> >
> > So, for 2.2 may be:
> >
> > ipchains -I input -d 0.0.0.0/0 22 -t 0xE3 0x00
> Just tried. Now SSH connections don't break anymore !!! :) Thanks !
> Am I suppose to do this on both side, or doing this on the firewall
> itself is enough ?
I now see that my example ipchains command is wrong,
use 0xE1 for 2.2 as the above table.
> The only problem with this, is that I will need to do this trick for any
> applications changing it's TOS during the session. It seems that FTP
> behaves exactly the same way as SSH, regarding the TOS field.
It seems you can safely alter the TOS for all packets
entering your box/site.
> Do you guys know if many applications do this ? Or is this just
> particular to SSH & FTP ?
The TOS is usually used for routing between routers in your
site, then the border gateways can assign different priorities based
on the TOS values, for traffic control purposes.
> Anyway, I really would like to understand why it doesn't work when doing
> NAT.
May be you can hunt it with tcpdump. I assume your are
using the patches because the plain kernel has the same problem
for NAT.
> A big thanks to both of you. I've learned a lot today :)
>
> Thanks again.
> Regards,
> Vincent.
Regards
--
Julian Anastasov <[EMAIL PROTECTED]>
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
