[lug] making ping not respond
Brad Doctor
bdoctor at localhost.localdomain
Tue Feb 12 09:48:17 MST 2002
Interesting. I have multiple sites running like this, and they have been
for well over two years -- no complaints from anyone.
-brad
>
> To chime in, I also read that it can affect email as well. Small messages
> can get through as can telnet tests since the packets are small, but
> larger messages get dropped. The symptom is inconsistent network
> throughput as opposed to just blocking traffic like you'd see if you made
> your firewall rules incorrectly.
>
> Chip
>
> On Tue, 12 Feb 2002 rm at fabula.de wrote:
>
> > On Sat, Feb 09, 2002 at 10:01:27AM -0700, Brad Doctor wrote:
> > >
> > >
> > > [...]
> > >
> > > However, it will disable ICMP for all interfaces...
> > >
> > > -brad
> >
> > Probalby not a good idea. Some ICMP messages are actually very
> > usefull. Yuour friendly Linux kernel uses ICMP all the time to
> > discover the MTU (maximum transfer unit) to a given host.
> > One of my customers had strange network problems because of an
> > intermediate GRE tunnel that filters ICMP packets. He was connected
> > with a DSL line that has an MTU of 1492 which his kernel did know,
> > so the packets send out where never where bigger than this. Un-
> > fortunately some (stupid) Webserver restponded with 1500 sized
> > packets and a 'don't-fragment' bit set. Since the tunnel filtered
> > out ICMP packets the responding webserver would never receive the
> > 'packets are too big' ICMP messages -- the result: some webpages
> > would just not show up ... :-(
> >
> > ICMP is good, just be carefull which ones you use.
> >
> > Ralf
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
--
Brad Doctor, CISSP
More information about the LUG
mailing list