> Hello, Hello and thanks for your reply, > > Juan Antonio Rodriguez Moreno a écrit : >> >> I have a linux bridged machine, with eth1 and eth2 port on br0. I'm >> using >> ebtables to up smtp traffic on routing process and iptables to mark it. >> I >> route this traffic over openvpn tunnel tun0. >> >> That's all right but when IP fragment a packet and send the former frame >> without the PUSH flag, this frame dissapear. > > What your traces shows below is not IP fragmentation (which has nothing > to do with PUSH which is a TCP flag) but TCP segmentation. Ok. excuses the mistake. >> I can see all traffic on the sending point of the tunel, but the frames >> without the PUSH flag set don't arrive on the another side. > > IIUC, some packets enter the bridge, are routed through the tunnel and > don't arrive at the other end. What makes you think that ebtables is > involved ? I was not sure wherefrom the issue was, I should have been a bit more careful to explain the problem. > Couldn't it be an MTU problem in the tunnel ? AFAIK, when TCP transmits > a message which must be segmented, it sends maximum-size segments > without the PUSH flag and a last smaller segment with the PUSH flag set > containing the remaining data. I know that, really this is the problem. The first segments without the PUSH flag dissapear completely in spite of these go out for the tunnel . The MTU is the first thing that I verified and this is 1500 in both sides. I'm so confuse becouse the same config is in another linux box with the same config, same version for all packages, etc .. and this works really good. I have been looking for some sysctl value in /proc/sys/net/ipv4 related but I can see anything about this. Thank you. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
