Re: ping packet loss when size gt 1500

Wed, 20 Oct 2010 02:20:53 -0700 

Adam Hardy on 19/10/10 23:16, wrote:

My version of traceroute also has the --mtu option, which tries to
determine the MTU for the route being traced. It looks perhaps like the
firewall for interactivebrokers (IP 208.192.181.62) *may* be blocking too
many ICMP control message types - including the MTU/Fragment messages.



The problem is, it doesn't look good from their point of view. I have a 
problem but their other 150,000 customers don't. I have a manually 
configured gateway, iptables firewall and all - their other 150,000 
customers use mostly windows, although there are an unknown number of 
linux users out there - it's a java app.



I have so far only a couple of things to go on - communication with 
their server shows inexplicable MTU behaviour, and there is a weak link 
on the British Telecom part of the traceroute.



All tests on my LAN show that I am running normally though. I've tested 
my mtu size, my firewall, my DHCP, my DNS (now using OpenDNS).



Just remembered that my DSL modem has some dumb iptables firewall with the 
following rules:


Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.

login: root
Password:


BusyBox v0.61.pre (2004.06.18-02:49+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

TCPMSS     tcp  --  anywhere             anywhere           tcp 
flags:SYN,RST/SYN TCPMSS set 1460


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

DROP       icmp --  anywhere             anywhere           icmp 
destination-unreachable

DROP       icmp --  anywhere             anywhere           state INVALID



Normally I log in and drop them all but sometimes after a reboot I forget and 
the mini-firewall remains in place while I'm trying to solve this networking 
problem. Is there a test I can put in place to test that I remembered to disable 
this mini-firewall?


Thanks
Adam


--

To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4cbeb45e.9030...@cyberspaceroad.com
























					Reply via email to