Re: [Q] Tunable net parameters under 2.1.XX

Paolo Rocchi (paolo.rocchi@snam.eni.it)
Fri, 24 Jan 1997 09:57:21 +0100


Thank you very much Alan and Alexey for your replies.

>Can you say what does not work?
>I.e. what configuration used to work under 2.0.28 and does not work
>in 2.1.21?

I've two linuxboxes (the first a dx266 with 20M and the second a dx33 with 8M)
connected by means of two identical ne2000 clones.
I get on the net through a dial-up account with my ISP from the first
machine.
I' m sorry not to recall (I'm away from home now) the exact ipfwadm line in
my rc.local but it hasn't anything special. It's the one suggested by the
author of the howto doc.

It is something of this kind:
ipfwadm -F -a m -S 10.100.100.2/32 -D 0.0.0.0/0

The assigned IP addresses are respectively 10.100.100.1 to the gw and
10.100.100.2
to the other.
I remember under 2.0.28 adding the "-W eth0" parameter at the end
but it didn't work, so I removed it and everything went fine.

On the first box I usually keep three or four kernel images (2.0.27, 2.0.28
and
the newer 2.1.xx) and boot at will one or the other, trying to balance
a stable system (2.0.xx) with more recent developments.
I know this is something that can only lead to problems, but I have no
choice in terms of resources available.
I prefer small incremental changes along the way to radical and always
traumatic
(at least for me) upgrades from scratch.

I guess I'll have to recompile the ipfwadm 2.3 source under 2.1.21, but from
what I can see using tcpdump it works, at least partially.
As I mentioned in my earlier post, monitoring the two interfaces on the
gateway
(ppp0 and eth0) I can see the broadcast packets routed through ppp0 and
sent to
my ISP gateway. I see also the replies back from it but the trip gets
interrupted
there on the first box.
As further info, I remember having enabled SKB_LARGE and PMTU discovery,
together
(obviously ;-) ) with IP_FIREWALL, IP_MASQUERADE, IP_FORWARD. I disabled
dropping of
source routed packets and enabled net/ip_aliasing.

This makes me think of the fact that I didn't actually test my ipfwadm
firewall
rules at all under 2.1.21. I think I'd better try and see whether the
syslog port
is blocked as always or not ;-)).

Bye, Paolo