firewalls and MTU - identifying problem if any

To: debian-firewall@lists.debian.org
Subject: firewalls and MTU - identifying problem if any
From: Adam Hardy <adam.ant@cyberspaceroad.com>
Date: Fri, 22 Oct 2010 13:36:47 +0100
Message-id: <[🔎] 4CC1855F.60300@cyberspaceroad.com>

I have a small LAN at home connected up to the net via a DSL modem on a gatewaymachine running lenny and iptables.

I have a problem with some software running on a windows machine on the LANwhere the company who wrote the sofware say that there must be something wrongwith my internet connection, but can't help any further.

I'd like to know what tests I can run to verify that my config and my firewallare OK, especially regarding PMTU.

I had an issue before this which I solved by adding some ICMP related rules toiptables, and by disabling the firewall on my DSL modem, which is undocumentedby the manufacturer (and denied by their Support). It's iptables running on anembedded linux and resets itself every power cycle. I think it does ICMPclamping but I can telnet onto the modem and drop the rules (as long as Iremember).


What can I do with ping? This ping command gives suspicious results:

 ping -s 1473 mktgw1.ibllc.com

One byte less and it works. Fragmentation also works for normal websites likenews.bbc.co.uk.

I'd massively appreciate any help with this! I'm stuck with either my ownmistake, or until I can prove I haven't made one.


Thanks
Adam

Reply to:

Follow-Ups:
- Re: firewalls and MTU - identifying problem if any
  - From: Sascha Reißner <reiszner@novaplan.at>
- Re: firewalls and MTU - using ping?
  - From: Adam Hardy <adam.ant@cyberspaceroad.com>

Prev by Date: Re: Help getting iptables REDIRECT to work
Next by Date: Re: firewalls and MTU - identifying problem if any
Previous by thread: Re: Help getting iptables REDIRECT to work
Next by thread: Re: firewalls and MTU - identifying problem if any
Index(es):
- Date
- Thread