Date: Tue, 8 Dec 1998 10:03:25 +0200 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: Marc Slemko <marcs@znep.com> Cc: Thomas David Rivers <rivers@dignus.com>, hackers@FreeBSD.ORG Subject: Re: TCP bug Message-ID: <19981208100325.A2574@ucb.crimea.ua> In-Reply-To: <Pine.BSF.4.05.9812071138250.463-100000@alive.znep.com>; from Marc Slemko on Mon, Dec 07, 1998 at 11:47:15AM -0800 References: <19981207163606.A7575@ucb.crimea.ua> <Pine.BSF.4.05.9812071138250.463-100000@alive.znep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 07, 1998 at 11:47:15AM -0800, Marc Slemko wrote: > On Mon, 7 Dec 1998, Ruslan Ermilov wrote: > > > > I mean the FreeBSD box you are sitting on and from which you can't access > > www.aol.com. > > That isn't overly likely to be an issue in this case. A tcpdump will show > for sure the ack for that packet is getting back or not. > Tcpdump will show that packets have no DF bit set. > > > As I understood this discussion (which seemed clear to me); the > > > problem was that an internal node (behind the firewall) couldn't > > > get to some web sites because of fragmentation issues. The low > > > MTU at the firewall/gateway broke path MTU discovery.. > > > > No, the problem is not with low MTU, but because AOL is blocking ICMP: > > > > PING aol.com (152.163.210.29): 56 data bytes > > 36 bytes from www2-r10-P5-0-0.tpopr-rri.aol.com (152.163.133.6): Communication prohibited by filter > > Vr HL TOS Len ID Flg off TTL Pro cks Src Dst > > 4 5 00 5400 68cb 0 0000 ea 01 894d 194.93.177.113 152.163.210.29 > > > > ^C > > --- aol.com ping statistics --- > > 22 packets transmitted, 0 packets received, 100% packet loss > > While the blame should be assigned to someone who is filtering, it is > important to note that just because you can't ping someone doesn't mean > they are filtering all ICMP. > Using telnet is a bad idea to test whether PMTU-D works on not. Telnet produces small packets, so you'll never receive "fragmentation needed and DF is set" message. For the same reason, you can't test whether a site is blocking ICMP type 3 code 4 messages. -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981208100325.A2574>