[Techtalk] 2nd networking question

BUNTER MATTHEW Matthew.Bunter at renaultvi.com
Mon Sep 2 15:38:00 EST 2002 

--- Reçu de       VITEUR.BUNTERMA 04 72 96 57 77            02/09/02 15.38

Date: Fri, 30 Aug 2002 16:49:07 +0100
Subject: Re: [Techtalk] 2nd networking question

On Fri, 30 Aug 2002, BUNTER MATTHEW wrote:

> Yeah I understand that I can ping with 1474 but not 1475 as the
> argument and I know that this goes over the 1500 mark. But is this the
> MTU setting which is limiting this?

Hi

This is most likely the case, yes.

Do you use PPPoE or PPPoA at all?
These reduce the MTU on the network, thus meaning it has to be set lower
on your machine.

In general, if you do not set the MTU lower, this won't cause many
problems, since every time you send a packet that is too big to pass over
the PPPoE tunnel an ICMP packet will be sent back to your machine telling
it that it must fragment the packet.  All this will do is reduce the
performance slightly.

However in some cases these packet too big messages won't be sent, and the
packet that is too large will be silently dropped.  To complicate things
further there are many sites on the internet at large who block these
ICMP_MUST_FRAGMENT packets.  So when they send a 1500 byte packet towards
you, the other end of the tunnel sends back the message that it's too big,
which is discarded, and the other site never knows it sent a packet that
was too big and sits there waiting

The moral of this story is think twice before blocking any ICMP, it exists
for a reason.  The harmful effects of blocking it far outweigh (imho) the
benefits that may be gained by preventing its use to stop its abuse.

Maria

meow

---------------------------------------------

My response :
No not using PPPoe or PPPoa. Just on a 10M LAN.

I agree about the dropping of ICMP packets. If needed one could just setup
a firewall rule to limit the amount of ICMP packets within a certain time
I think.

However for the high speed home user maybe they want to limit the ability
of bad guys (and gals) to see them. Just a thought.

Thanks for the info as well, but I still haven't found where one can see
the TCP Window size in a Linux config file.

Matt (who is sorry it took so long for him to realise HE was one of the
ones top-posting)

---- 02/09/02 15.38 ---- Envoyé à      -----------------------------------
  -> TECHTALK(a)LINUXCHIX.ORG

More information about the Techtalk mailing list