Linux Netfilter discussions
 help / color / mirror / Atom feed
From: rigoberto perez <rigo666beast@yahoo.com>
To: netfilter <netfilter@vger.kernel.org>
Subject: Problem with TCP connections
Date: Wed, 11 Jun 2008 13:49:41 -0700 (PDT)	[thread overview]
Message-ID: <917672.36526.qm@web33207.mail.mud.yahoo.com> (raw)

In a topology like:

windows1 ---  linux router1 --- linux router2 --- windows2

I have a netfilter module in every linux router with 3 hooks:

localin
localout
forward

and the module ipconntrack is loaded. In forward hook i change the outcoming
packets in this way:

padd 1 byte at the end of a packet
save the protocol of the ip header in the padded byte
modify the protocol in ip header by 250

When the forward hook receives an ip packet with the protocol 250 I do
the inverse function:

restore the original protocol
trim the last byte of the packet

This works OK for ICMP packets - even large packets to force fragmentation, but, When I use TCP the connections, for example FTP, - with packets of 1500 bytes - stops in the middle of the transfer.

If I change the MSS in the server to 1499 everything works OK but I dont want to do this, I wish resolve the problem in the router.

I need some help, thanks.


      

                 reply	other threads:[~2008-06-11 20:49 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=917672.36526.qm@web33207.mail.mud.yahoo.com \
    --to=rigo666beast@yahoo.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox