Am 07.09.2009 15:02, schrieb Marek Lindner:
And what is the MTU of the interface batman is running
on ?
Did the iptables command I posted help you to fix your MSS problem ?
The interface where batman is running on have MTU 1460 (Standard
Ethernet - UDP VPN Overload) on HOST #1.
The interface where batman is running on have MTU 1500 (Standard
Ethernet) on HOST #2.
Yes, the iptables-command does the trick for me. This iptalbes-filter
was known before. I added the filter to the mangle-table as the problem
occurs.
My Root-Server (HOST #1) is located at Nuernberg, DE and have access to
the internet with a public ip-space /22 that allocated to me. HOST #2 is
connected to an lowcost ISP-Provider with 30MBits / 2MBits. HOST #2 is
connected by VPN with HOST #1 to route the public ip-addresses.
IP-Host #1:
123.205.12.0 / 32
IP-Host #2: 123.205.12.4 / 32
IP RULES ON "HOST #2":
~ $ /sbin/ip rule show
6600: to 123.205.12.4 lookup batman_hosts [66]
6601: from all lookup batman_networks [65]
6700: to 123.205.12.4 lookup batman_unreach [67]
Host #1 (123.205.12.0) is in the routingtable of batman_hosts [66].
But i can not ping 123.205.12.0, because the kernel will not enter the
rule 6600.
When i configure my Host #2 to a /24 network, all went fine. Then the
rule will setuped as follow:
6600: to 123.205.12.4/24 lookup batman_hosts [66]
Ok, I see your problem. Batman could easily detect whether the host is part
of
any existing network and if not modify the routing rules. I see 2 options:
* adding more rules to jump in table 66
* adding the node to table 65 instead of 66
Correct. I've added some rules with "to any", and this does the
trick.
In addition i use my own policy-routing-script, because the "throw"
event makes the routing-table a little fuzzy. Now i have only two
routing-tables "batman_hosts" and "batman_networks". In my
policy-routing-script i do the seperation between both tables.
What did you do to make it work ?
My policy-routing-script is attached.
Michael.