Jan 'RedBully' Seiffert on 12/09/08 12:53, wrote:
Adam Hardy wrote:
Jan 'RedBully' Seiffert on 11/09/08 21:17, wrote:
[snip]
Hmmm, a mtu of 1430 looks a bit strange, but propably depends on your
link. Some kind of VPN or PPPoA on your side? Or are you saying paypal
has some kind of Tunnel/Route/Whatever which limits THEIR mtu?
[SNIP]
Oh, initially i wasn't even talking about you, but problems on the remote end
where you have no control how they configure their stuff. Then you are forced
to employ ugly workarounds on your side. If you check your firewall rules,
make sure there is a path for icmp-fragmentation-needed packets. (iptables
<right table> -p icmp --icmp-type fragmentation-needed -j ACCEPT)
OK, I'll go with that, but I'm trying to work out logically if I have blocked
it. What state are the ICMP fragmentation-needed packets returned? Surely they
are RELATED or ESTABLISHED? In that case, I am not blocking them. I only block
INVALID and NEW for most ports.
[SNIP]
I read a little on BT, seems they use PPPoA, and this is terminated on the
modem... Hmmm, ATM equipment for PCs is rare, so your router has normal
ethernet to the modem and "sees" an mtu of 1500, while the true mtu is hidden
in the modem. And i thought one of the benefits of pppoa was, that the mtu is
kept at 1500. Any chance your new hosting service has a funny uplink? (should
not, a big site should have a "real" connection and not a dsl line...) /me is
tottaly confused Gnarf, seems this is even a bigger PITA than PPPoE ...
Searching for the right mtu turned up a lot of values, does someone know the
true mtu of a BT PPPoA link? (note: first and foremost you better find the
real mtu of the link, to get a grip on the problem, then one can think about
adjusting/tuning it to better match the ATM-part of the connection)
>
> The modem faced interface of your router needs the MTU set to the true value.
> This way your router should not send packets to big (or fragment them), your
> clients should get an fragmentation-needed when they try to.
>
Using http://www.dslreports.com/tweaks I see that my network is unpingable under
the 'ICMP (ping) check' result. That looks bad in view of the above.
But it also tells me:
Max packet sent (MTU): 1488
Max packet recd (MTU): 1418
Retransmitted packets: 4
sacks you sent: 2
so I guess that 1488 is what I should set my ADSL modem to?
[SNIP]
Since you are talking about SMTP, so you had problems sending large packets?
Then the problem can be on your side, according to my crystal ball ^^. But
can be also on the remote side... It's important which packet choked, your
outgoing packet or the incoming packet not coming through to you. Are you
sure this is a "true" modem and not also a little router, do you have a
non-private ip-address on your router? Maybe its also twiddling some
values... Maybe you should go back to sqare one, set everything back to 1500
and then use tcpdump to see where your packets vanish, or how big they are
with other known to work sites.
Maybe later if there's no joy with the latest stuff I've learnt about....
something with 145[0-9] from what i read. Or is BT adding another
encapsulation like L2TP?
I searched the most useful UK broadband users forum for L2TP and only saw
references to it in connection with resellers or wholesale. It doesn't look like
something that BT are using on my (& other retail customers') connection.
Regards
Adam
