Q: Why does my firewall hate the cambridge picturehouse?
Jeremy Henty
onepoint at starurchin.org
Wed Oct 22 15:59:03 CEST 2008
On Wed, Oct 22, 2008 at 02:46:45PM +0100, Ian Spray wrote:
> On Wed, Oct 22, 2008 at 02:37:48PM +0100, Jeremy Henty wrote:
> > On Wed, Oct 22, 2008 at 02:16:01PM +0100, Ian Spray wrote:
> >
> > > Just try the 'ip link' equivalent of 'ifconfig eth0 mtu 1400'
> >
> > That was easily done but it's made no difference:
>
> Pooh :(
I just whacked it down to 600 and there is still no difference.
> I know that on IPFilter the phrase 'keep frags' is important to
> ensure the stateful rules work as desired. Does iptables do this
> automatically ?
That's my impression, but I've not researched iptables much beyond how
to let out the protocols I want. The commands that allow incoming
packets only when they are related to established connections have
always just worked for me (and they would be stateful, right?).
> Thinking a little harder, it would also be of less importance that
> you drop your MTU as the frags are probably due to the stuff being
> sent to you from your initial problem report, and so that would be
> down to the PPPoA gear at the other end of your link (ie: BT).
Yes, I need to get inside the Speedtouch and see exactly what it is
getting.
> Just out of interest, do text browsers (links/lynx/wget et. al.)
> load that page ok for you ?
No, wget and links behave just the same.
Regards,
Jeremy Henty
More information about the CLUG
mailing list