Chris Davies on 20/10/10 11:45, wrote:
Adam Hardy <adam.ant@cyberspaceroad.com> wrote:Chain FORWARD (policy ACCEPT) target prot opt source destinationTCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS set 1460So you're clamping TCPMSS at 1460? What if the MSS needs to be lower, i.e. your MTU has dropped? (I'm not sure how iptables handles this situation as I don't usually need to fiddle MSS and MTU.) Would you remove this rule and retest, please?Chain OUTPUT (policy ACCEPT) target prot opt source destinationDROP icmp -- anywhere anywhere icmp destination-unreachableDROP icmp -- anywhere anywhere state INVALID
No, no I'm not deliberately doing that. It's the DLink modem that has this mini-firewall set up in its ROM. I can telnet in & drop the rules, but I have to remember to do it every power cycle.
What I need is a ping test or something that I can put in smokeping to alert me when I forget, e.g. this morning there was a power outage that took out the modem.
What do you mean by 'clamped'?I dropped these firewall rules just now and "ping -s 1473 mktgw1.ibllc.com" loses all packets, so our thread pretty much only concerns the situation when this firewall is down.
My actual question is: what would fail to get through when that firewall was up? For my testing purposes.
Regards Adam