Chris Davies on 20/10/10 11:45, wrote:
Adam Hardy <adam....@cyberspaceroad.com> wrote:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS set 1460
So you're clamping TCPMSS at 1460? What if the MSS needs to be lower,
i.e. your MTU has dropped? (I'm not sure how iptables handles this
situation as I don't usually need to fiddle MSS and MTU.)
Would you remove this rule and retest, please?
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp
destination-unreachable
DROP icmp -- anywhere anywhere state INVALID
No, no I'm not deliberately doing that. It's the DLink modem that has this
mini-firewall set up in its ROM. I can telnet in & drop the rules, but I have to
remember to do it every power cycle.
What I need is a ping test or something that I can put in smokeping to alert me
when I forget, e.g. this morning there was a power outage that took out the modem.
What do you mean by 'clamped'?
I dropped these firewall rules just now and "ping -s 1473 mktgw1.ibllc.com"
loses all packets, so our thread pretty much only concerns the situation when
this firewall is down.
My actual question is: what would fail to get through when that firewall was up?
For my testing purposes.
Regards
Adam
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4cbee0fd.4010...@cyberspaceroad.com
