[Dnsmasq-discuss] dnsmasq + nat(solved)

Tue Jan 11 06:32:06 GMT 2011

On Mon, Jan 10, 2011 at 11:50 PM, SamLT <samuel.lethiec at intelunix.fr> wrote:

> On Mon, Jan 10, 2011 at 01:03:39PM -0600, richardvoigt at gmail.com wrote:
> > On Mon, Jan 10, 2011 at 1:01 PM, richardvoigt at gmail.com <
> > richardvoigt at gmail.com> wrote:
> >
> > >
> > >
> > > On Mon, Jan 10, 2011 at 12:53 PM, Jan Seiffert <
> > > kaffeemonster at googlemail.com> wrote:
> > >
> > >> 2011/1/10 andu novac <novac.andu at gmail.com>:
> > >> >> You're welcome.  However you would not say "nice crystal ball" if
> you
> > >> saw
> > >> >> the scratch marks it leaves on the furniture ;)
> > >> >
> > >> > Furniture is replaceable, I'd say it's worth it :)
> > >> >
> > >>
> > >> But since your furniture may be of value...
> > >> Someone already solved this quite nicely, look at the iptables
> manpage:
> > >>
> > >
> > > This is fantastic if you must control stuff centrally.  But it will
> result
> > > in every outgoing packet getting fragmented.  Reducing the mtu on the
> client
> > > avoids that.
> > >
> >
> > Oh nevermind, it affect the TCP option negotiation, so it causes the
> client
> > to send smaller packets.  So it is a general solution for TCP (and only
> > TCP).  For UDP, the mtu still needs to be reduced at the client.
> >
>
>
> Reducing the mtu on the client side will also mean they'll use this mtu
> for local traffic which isn't usually a good idea (performance wise:
> lower speed, higher cpu usage).
>
>
>
That's true, but it's a disproportionate cost.  You have to decide between a
3% increase in packet count on local connections vs a 100% increase in
packet count on internet traffic (if things go well and the fragments don't
break things outright).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20110111/dd871f27/attachment.htm 