[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ping packet loss when size gt 1500

Chris Davies on 20/10/10 11:45, wrote:
Adam Hardy <adam.ant@cyberspaceroad.com> wrote:
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS set 1460

So you're clamping TCPMSS at 1460? What if the MSS needs to be lower,
i.e. your MTU has dropped? (I'm not sure how iptables handles this
situation as I don't usually need to fiddle MSS and MTU.)

Would you remove this rule and retest, please?

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP       icmp --  anywhere             anywhere           state INVALID

No, no I'm not deliberately doing that. It's the DLink modem that has this mini-firewall set up in its ROM. I can telnet in & drop the rules, but I have to remember to do it every power cycle.

What I need is a ping test or something that I can put in smokeping to alert me when I forget, e.g. this morning there was a power outage that took out the modem.

What do you mean by 'clamped'?

I dropped these firewall rules just now and "ping -s 1473 mktgw1.ibllc.com" loses all packets, so our thread pretty much only concerns the situation when this firewall is down.

My actual question is: what would fail to get through when that firewall was up? For my testing purposes.


Reply to: