Re: firewalls and MTU - identifying problem if any
Am Freitag, den 22.10.2010, 13:36 +0100 schrieb Adam Hardy:
> I have a small LAN at home connected up to the net via a DSL modem on a gateway
> machine running lenny and iptables.
> I have a problem with some software running on a windows machine on the LAN
> where the company who wrote the sofware say that there must be something wrong
> with my internet connection, but can't help any further.
You can set a log-target in your firewall for these windows mashine, so
you can see what connection the mashine want to do.
I think on
iptables -A FORWARD -s <windows-IP> -o <DSL-device> \
-m state --state NEW -j LOG --log-prefix 'WIN-LOG: '
Than start the software and look into the logfiles on linux what
> I'd like to know what tests I can run to verify that my config and my firewall
> are OK, especially regarding PMTU.
> I had an issue before this which I solved by adding some ICMP related rules to
> iptables, and by disabling the firewall on my DSL modem, which is undocumented
> by the manufacturer (and denied by their Support). It's iptables running on an
> embedded linux and resets itself every power cycle. I think it does ICMP
> clamping but I can telnet onto the modem and drop the rules (as long as I
> What can I do with ping? This ping command gives suspicious results:
> ping -s 1473 mktgw1.ibllc.com
> One byte less and it works. Fragmentation also works for normal websites like
How work your DSL-Link? I think its work with PPPoE. In this case, the
MTU is 1472. The MTU for the PPPoE can you set in your ppp-options.
> I'd massively appreciate any help with this! I'm stuck with either my own
> mistake, or until I can prove I haven't made one.