Re: firewalls and MTU - using ping?
Adam Hardy on 22/10/10 13:36, wrote:
I have a small LAN at home connected up to the net via a DSL modem on a
gateway machine running lenny and iptables.
I have a problem with some software running on a windows machine on the
LAN where the company who wrote the sofware say that there must be
something wrong with my internet connection, but can't help any further.
I'd like to know what tests I can run to verify that my config and my
firewall are OK, especially regarding PMTU.
I had an issue before this which I solved by adding some ICMP related
rules to iptables, and by disabling the firewall on my DSL modem, which
is undocumented by the manufacturer (and denied by their Support). It's
iptables running on an embedded linux and resets itself every power
cycle. I think it does ICMP clamping but I can telnet onto the modem and
drop the rules (as long as I remember).
What can I do with ping? This ping command gives suspicious results:
ping -s 1473 mktgw1.ibllc.com
One byte less and it works. Fragmentation also works for normal websites
I'd massively appreciate any help with this! I'm stuck with either my
own mistake, or until I can prove I haven't made one.
The main thing to prove that my gateway, firewall, LAN, modem and all are OK is
to find a command, e.g. ping, which will demonstrate that PMTU isn't working
between me and mktgw1.ibllc.com - or maybe that something else is bust, not PMTU.
I mean, maybe with the concentration on firewalls and all that here, maybe this
list isn't the place to ask and I need to ask somewhere else - suggestions welcome.