Hello, On 25 Oct 2002, Vincent Jaussaud wrote: > > 2.4 mask 0x1C, inverted 0xE3 > > 2.2 mask 0x1E, inverted 0xE1 > > > > So, for 2.2 may be: > > > > ipchains -I input -d 0.0.0.0/0 22 -t 0xE3 0x00 > Just tried. Now SSH connections don't break anymore !!! :) Thanks ! > Am I suppose to do this on both side, or doing this on the firewall > itself is enough ? I now see that my example ipchains command is wrong, use 0xE1 for 2.2 as the above table. > The only problem with this, is that I will need to do this trick for any > applications changing it's TOS during the session. It seems that FTP > behaves exactly the same way as SSH, regarding the TOS field. It seems you can safely alter the TOS for all packets entering your box/site. > Do you guys know if many applications do this ? Or is this just > particular to SSH & FTP ? The TOS is usually used for routing between routers in your site, then the border gateways can assign different priorities based on the TOS values, for traffic control purposes. > Anyway, I really would like to understand why it doesn't work when doing > NAT. May be you can hunt it with tcpdump. I assume your are using the patches because the plain kernel has the same problem for NAT. > A big thanks to both of you. I've learned a lot today :) > > Thanks again. > Regards, > Vincent. Regards -- Julian Anastasov <ja@ssi.bg> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
