[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewalls and MTU - using ping?

Adam Hardy on 22/10/10 13:36, wrote:
I have a small LAN at home connected up to the net via a DSL modem on a gateway machine running lenny and iptables.

I have a problem with some software running on a windows machine on the LAN where the company who wrote the sofware say that there must be something wrong with my internet connection, but can't help any further.

I'd like to know what tests I can run to verify that my config and my firewall are OK, especially regarding PMTU.

I had an issue before this which I solved by adding some ICMP related rules to iptables, and by disabling the firewall on my DSL modem, which is undocumented by the manufacturer (and denied by their Support). It's iptables running on an embedded linux and resets itself every power cycle. I think it does ICMP clamping but I can telnet onto the modem and drop the rules (as long as I remember).

What can I do with ping? This ping command gives suspicious results:

 ping -s 1473 mktgw1.ibllc.com

One byte less and it works. Fragmentation also works for normal websites like news.bbc.co.uk.

I'd massively appreciate any help with this! I'm stuck with either my own mistake, or until I can prove I haven't made one.

The main thing to prove that my gateway, firewall, LAN, modem and all are OK is to find a command, e.g. ping, which will demonstrate that PMTU isn't working between me and mktgw1.ibllc.com - or maybe that something else is bust, not PMTU.

I mean, maybe with the concentration on firewalls and all that here, maybe this list isn't the place to ask and I need to ask somewhere else - suggestions welcome.


Reply to: