[lug] making ping not respond

Chip Atkinson chip at rmpg.org
Tue Feb 12 08:14:23 MST 2002


To chime in, I also read that it can affect email as well.  Small messages
can get through as can telnet tests since the packets are small, but
larger messages get dropped.  The symptom is inconsistent network
throughput as opposed to just blocking traffic like you'd see if you made
your firewall rules incorrectly.

Chip

On Tue, 12 Feb 2002 rm at fabula.de wrote:

> On Sat, Feb 09, 2002 at 10:01:27AM -0700, Brad Doctor wrote:
> >
> >
> > [...]
> >
> > However, it will disable ICMP for all interfaces...
> >
> > -brad
>
> Probalby not a good idea. Some ICMP messages are actually very
> usefull. Yuour friendly Linux kernel uses ICMP all the time to
> discover the MTU (maximum transfer unit) to a given host.
> One of my customers had strange network problems because of an
> intermediate GRE tunnel that filters ICMP packets. He was connected
> with a DSL line that has an MTU of 1492 which his kernel did know,
> so the packets send out where never where bigger than this. Un-
> fortunately some (stupid) Webserver restponded with 1500 sized
> packets and a 'don't-fragment' bit set. Since the tunnel filtered
> out ICMP packets the responding webserver would never receive the
> 'packets are too big' ICMP messages -- the result: some webpages
> would just not show up ... :-(
>
> ICMP is good, just be carefull which ones you use.
>
>   Ralf
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>




More information about the LUG mailing list