> I know it's bad form to follow up my own posts, but... > > The closest I've come to a solution refers to a problem with IP > Masquerading in the ipchains implementation (using 2.0, or 2.2 > kernels). This is one of the reasons I upgraded to RH 7.1 (and the > 2.4.2 kernel and iptables). Apparently the problem is that the > initial requests are lost when intermediate routers respond with > requests to fragment or use smaller MTU sizes. > > The problem is clearly in the RH 7.1 box, as then I take one of the > machines behind the firewall and access my ISP directly the > unaccessible sites are accessible. > > Is there a version of kernel / iptables where this is fixed? > > Is there a way to force the ISP into accepting a larger MTU size > (e.g. 1500)? > > ... Glenn > > At 10:59 AM -0500 11/17/01, Glenn Henshaw wrote: >> This didn't seem to have any effect. I expect that this is a >>problem at my ISP. >> >>At 9:55 AM -0500 11/15/01, Ben Logan wrote: >>>If your gateway-to-ISP MTU is 1460, I would suggest dropping the MTU >>>on your LAN to around 1400. I can't remember the exact size of the >>>data the kernel adds, but I don't think it was more than 60 bytes. Of >>>course, this assumes that you are using IP-Masq.
Does this have anything to do with solving the problem? net.ipv4.ip_always_defrag = 1 (I don't know I was just wondering) -Cheers -Andrew -- MS ... if only he hadn't been hang gliding! _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
