Q: Why does my firewall hate the cambridge picturehouse?

Simon Andrews simon.andrews at bbsrc.ac.uk
Wed Oct 22 15:49:18 CEST 2008

Previous message: Q: Why does my firewall hate the cambridge picturehouse?
Next message: Q: Why does my firewall hate the cambridge picturehouse?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22 Oct 2008, at 14:37, Jeremy Henty wrote:

> On Wed, Oct 22, 2008 at 02:16:01PM +0100, Ian Spray wrote:
>
>> Just try the  'ip link' equivalent of 'ifconfig  eth0 mtu 1400'
>
> That was easily done but it's made no difference: the connection still
> chokes and dies, and the firewall logs loads of dropped packets.  :-(

 From what I remember of this it isn't the MTU size which is a  
problem, more that modern linux network stacks use Path MTU Discovery  
(PMD) to try to negotiate a per-connection MTU setting to avoid  
fragmentation.  Some routers mangle the packets which do the  
discovery and it all goes downhill after that.

You can disable Path MTU discovery in linux using:

echo  1  >/proc/sys/net/ipv4/ip_no_pmtu_disc

which might do the trick.

Full gory details can be had at:

http://www.netheaven.com/pmtu.html

...amongst other places.

Simon.

Previous message: Q: Why does my firewall hate the cambridge picturehouse?
Next message: Q: Why does my firewall hate the cambridge picturehouse?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the CLUG mailing list