At 09:30 AM 8/2/2007, Craig D. Rice wrote:
For four months dozens of our users who are Comcast subscribers have
had difficulty reaching St. Olaf College's and Carleton College's
network services.
We have worked through everything we can think of with our Onvoy
(regional ISP) network engineers. We have isolated the problem a
couple of Comcast's IP subnets, but need a contact within Comcast to
further troubleshoot.
(snip)
Either your firewall/router or the customer's firewall/router is
blocking PMTUD packets. Fragment needed, but don't fragment bit set.
Look at your ICMP access list and make sure you are allowing: permit
icmp any any unreachable from any Internet address. I suspect an
overzealous firewall admin is blocking all icmp. Read the acronym to
him/her and explain that some icmp is necesary for the Internet to work.
-Robert
Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin
