[lug] making ping not respond
rm at fabula.de
rm at fabula.de
Tue Feb 12 05:23:52 MST 2002
On Sat, Feb 09, 2002 at 10:01:27AM -0700, Brad Doctor wrote:
>
>
> [...]
>
> However, it will disable ICMP for all interfaces...
>
> -brad
Probalby not a good idea. Some ICMP messages are actually very
usefull. Yuour friendly Linux kernel uses ICMP all the time to
discover the MTU (maximum transfer unit) to a given host.
One of my customers had strange network problems because of an
intermediate GRE tunnel that filters ICMP packets. He was connected
with a DSL line that has an MTU of 1492 which his kernel did know,
so the packets send out where never where bigger than this. Un-
fortunately some (stupid) Webserver restponded with 1500 sized
packets and a 'don't-fragment' bit set. Since the tunnel filtered
out ICMP packets the responding webserver would never receive the
'packets are too big' ICMP messages -- the result: some webpages
would just not show up ... :-(
ICMP is good, just be carefull which ones you use.
Ralf
More information about the LUG
mailing list