[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewalls and MTU - identifying problem if any



Am Freitag, den 22.10.2010, 13:36 +0100 schrieb Adam Hardy:
> I have a small LAN at home connected up to the net via a DSL modem on a gateway 
> machine running lenny and iptables.
> 
> I have a problem with some software running on a windows machine on the LAN 
> where the company who wrote the sofware say that there must be something wrong 
> with my internet connection, but can't help any further.

You can set a log-target in your firewall for these windows mashine, so
you can see what connection the mashine want to do.
I think on

iptables -A FORWARD -s <windows-IP> -o <DSL-device> \
-m state --state NEW -j LOG --log-prefix 'WIN-LOG: '

Than start the software and look into the logfiles on linux what
happens.

> I'd like to know what tests I can run to verify that my config and my firewall 
> are OK, especially regarding PMTU.
> 
> I had an issue before this which I solved by adding some ICMP related rules to 
> iptables, and by disabling the firewall on my DSL modem, which is undocumented 
> by the manufacturer (and denied by their Support). It's iptables running on an 
> embedded linux and resets itself every power cycle. I think it does ICMP 
> clamping but I can telnet onto the modem and drop the rules (as long as I 
> remember).
> 
> What can I do with ping? This ping command gives suspicious results:
> 
>   ping -s 1473 mktgw1.ibllc.com
> 
> One byte less and it works. Fragmentation also works for normal websites like 
> news.bbc.co.uk.

How work your DSL-Link? I think its work with PPPoE. In this case, the
MTU is 1472. The MTU for the PPPoE can you set in your ppp-options.

> I'd massively appreciate any help with this! I'm stuck with either my own 
> mistake, or until I can prove I haven't made one.
> 
> Thanks
> Adam

np Sascha


Reply to: