Posts Tagged ‘iptables’

How to disable route cache instead of manually flush cache



mostly when you are using the load balancing router in Linux. the caching system of iproute2 causes some problem. therefore you can manually flush it by “ip route flush cache” command or changing /proc/sys/net/ipv4/route/flush file into 1.  So that  type “echo 1 > /proc/sys/net/ipv4/route/flush ” command in your Linux.
also you can configure these options

Maximum size of the routing cache. The old entries will be purged when the cache reaches this size.
/ proc/sys/net/ipv4/route/max_size

Waiting period to clear the routing cache.
/ proc/sys/net/ipv4/route/min_delay

thats it

if you have further question just let me know


How to adjust the maximum transmission unit (MTU) size in linux

hi again
adjusting the MTU for you NIC is a rare action you will need in setting up your servers ! but i decided to write it and ask you to remember that when ever your network goes for while. especially when your OS has directly connected to the Cisco Devices (eg firewalls!). check that the fragmentation is the reason or not.

mostly the MTU size , will set  40 byte . but if you dont have any idea about the mtu size dont worry still there is way for you because the iptables can adjust it for you.
just type

iptables -t mangle -A POSTROUTING -p tcp –tcp-flags SYN,RST SYN -o eth0 -j TCPMSS –clamp-mss-to-pmtu

which means MSS (Maximum Segment Size) will be set 40 bytes.

but if you have not any firewall and your server directly connected to you router or wan NICs i recommend you to recover your probable network inactivity set the MTU as 1460 ;)

iptables -t mangle -A POSTROUTING -p tcp –tcp-flags SYN,RST SYN -o eth0 -j TCPMSS –set-mss 1460

hummm. its not simple to say what exactly the MTU and MSS and it needs you have detailed knowledge about the OSI layer and its rules.

and in last the MSS size only need to be adjust for SYN packets and after that the host mostly adjusts themselves.

anyway if you have a problem just let me know :)


How to Filter the HTTP url with iptables

Hi Again
by typing just following command you will filter what ever you want in your http url ..

iptables -I FORWARD  -p tcp –dport 80 -s -m string –string “facebook” –algo kmp -j DROP

for Instance the above command will DROP all packet going to the :)

Regards ;)

     Copyrighted Mehdi Behamin , All Rights Reserved
Blog has been visited 207150 times