In a topology like:
windows1 --- linux router1 --- linux router2 --- windows2
I have a netfilter module in every linux router with 3 hooks:
localin
localout
forward
and the module ipconntrack is loaded. In forward hook i change the outcoming
packets in this way:
padd 1 byte at the end of a packet
save the protocol of the ip header in the padded byte
modify the protocol in ip header by 250
When the forward hook receives an ip packet with the protocol 250 I do
the inverse function:
restore the original protocol
trim the last byte of the packet
This works OK for ICMP packets - even large packets to force fragmentation, but, When I use TCP the connections, for example FTP, - with packets of 1500 bytes - stops in the middle of the transfer.
If I change the MSS in the server to 1499 everything works OK but I dont want to do this, I wish resolve the problem in the router.
I need some help, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
