Am 07.09.2009 15:02, schrieb Marek Lindner:
And what is the MTU of the interface batman is running on ?
Did the iptables command I posted help you to fix your MSS problem ?
The interface where batman is running on have MTU 1460 (Standard Ethernet - UDP VPN Overload) on HOST #1. The interface where batman is running on have MTU 1500 (Standard Ethernet) on HOST #2. Yes, the iptables-command does the trick for me. This iptalbes-filter was known before. I added the filter to the mangle-table as the problem occurs.
My Root-Server (HOST #1) is located at Nuernberg, DE and have access to the internet with a public ip-space /22 that allocated to me. HOST #2 is connected to an lowcost ISP-Provider with 30MBits / 2MBits. HOST #2 is connected by VPN with HOST #1 to route the public ip-addresses.
IP-Host #1: 123.205.12.0 / 32 IP-Host #2: 123.205.12.4 / 32
IP RULES ON "HOST #2": ~ $ /sbin/ip rule show 6600: to 123.205.12.4 lookup batman_hosts [66] 6601: from all lookup batman_networks [65] 6700: to 123.205.12.4 lookup batman_unreach [67]
Host #1 (123.205.12.0) is in the routingtable of batman_hosts [66].
But i can not ping 123.205.12.0, because the kernel will not enter the rule 6600.
When i configure my Host #2 to a /24 network, all went fine. Then the rule will setuped as follow:
6600: to 123.205.12.4/24 lookup batman_hosts [66]
Ok, I see your problem. Batman could easily detect whether the host is part of any existing network and if not modify the routing rules. I see 2 options:
- adding more rules to jump in table 66
- adding the node to table 65 instead of 66
Correct. I've added some rules with "to any", and this does the trick. In addition i use my own policy-routing-script, because the "throw" event makes the routing-table a little fuzzy. Now i have only two routing-tables "batman_hosts" and "batman_networks". In my policy-routing-script i do the seperation between both tables.
What did you do to make it work ?
My policy-routing-script is attached.
Michael.