Difference between revisions of "Sysctl"
(Created page with "== Disable rp_filter == <pre> for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i done </pre>") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
done | done | ||
</pre> | </pre> | ||
| + | |||
| + | === Additional notes === | ||
| + | http://unix.stackexchange.com/questions/90443/sysctl-proc-sys-net-ipv46-conf-whats-the-difference-between-all-defau<br /> | ||
| + | https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt | ||
| + | |||
| + | == Ensure VLAN packets originate from the correct VLAN interface in iptables == | ||
| + | <pre> | ||
| + | net.bridge.bridge-nf-filter-vlan-tagged = 1 | ||
| + | net.bridge.bridge-nf-pass-vlan-input-dev = 1 | ||
| + | </pre> | ||
| + | |||
| + | == Disable PMTU discovery == | ||
| + | <code>net.ipv4.ip_no_pmtu_disc = 1</code> | ||
| + | |||
| + | The ip_no_pmtu_disc disables PMTU (Path Maximum Transfer Unit) discovery if enabled. In most cases this is good, so it is per default set to FALSE (ie, Path Maximum Transfer Unit is used). However, in some cases this is bad and may lead to broken connectivity. If you are experiencing problems like this, you should turn this option off and set your MTU to a reasonable value yourself. | ||
| + | |||
| + | Do note that MTU and PMTU are two different things. MTU tells the kernel the maximum transfer unit for our connection, but not over the whole connection to the other end. PMTU discovery tries to discover the maximum transfer unit to specific hosts, including all the intermediate hops on the way there. | ||
| + | |||
| + | The default value is that the ip_no_pmtu_disc is FALSE, as already stated. If this is set to TRUE, PMTU discovery is turned off. The ip_no_pmtu_disc takes a boolean value, in other words either an 1 or a 0, where 1 is on and 0 is off. | ||
| + | |||
| + | === Reference === | ||
| + | https://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/variablereference.html | ||
Latest revision as of 11:34, 1 October 2015
Contents
Disable rp_filter
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i done
Additional notes
http://unix.stackexchange.com/questions/90443/sysctl-proc-sys-net-ipv46-conf-whats-the-difference-between-all-defau
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
Ensure VLAN packets originate from the correct VLAN interface in iptables
net.bridge.bridge-nf-filter-vlan-tagged = 1 net.bridge.bridge-nf-pass-vlan-input-dev = 1
Disable PMTU discovery
net.ipv4.ip_no_pmtu_disc = 1
The ip_no_pmtu_disc disables PMTU (Path Maximum Transfer Unit) discovery if enabled. In most cases this is good, so it is per default set to FALSE (ie, Path Maximum Transfer Unit is used). However, in some cases this is bad and may lead to broken connectivity. If you are experiencing problems like this, you should turn this option off and set your MTU to a reasonable value yourself.
Do note that MTU and PMTU are two different things. MTU tells the kernel the maximum transfer unit for our connection, but not over the whole connection to the other end. PMTU discovery tries to discover the maximum transfer unit to specific hosts, including all the intermediate hops on the way there.
The default value is that the ip_no_pmtu_disc is FALSE, as already stated. If this is set to TRUE, PMTU discovery is turned off. The ip_no_pmtu_disc takes a boolean value, in other words either an 1 or a 0, where 1 is on and 0 is off.
Reference
https://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/variablereference.html
