Hi Ralf >@2003.10.09_18:23:06_+0200 > > Are there any iptables extensions out there that allow you to clear the DF > > (Dont Fragment) bit in ip headers? > If you clear the DF-Bit and use Linux on either side of the tunnel where > the packets are fragmented you are in deep trouble, because Linux 2.4 > (when using PMTU) not only sets the DF-Bit but also clears the IP-ID > which is needed to defragment the packets again. So, when clearing the > DF-Bit you have to ensure unique numbers in the IP-ID field, too. Surely if I clear the DF-bit in the mangle table then the ipstack should only defragment the packet later on when it made a routing decision and decided over which interface to send the packet(s) and set the IP-ID fields and MF-bit accordingly? Are there any other side-effects when clearing the DF-bit? -- Regards Abraham Who loves me will also love my dog. -- John Donne ___________________________________________________ Abraham vd Merwe - Frogfoot Networks CC 9 Kinnaird Court, 33 Main Street, Newlands, 7700 Phone: +27 21 686 1665 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/ Email: abz@xxxxxxxxxxxx
