Re: [fpc-devel] webserver
On Thu, 31 Mar 2005 10:51:09 +0200 Micha Nelissen [EMAIL PROTECTED] wrote: Linux firewall should have something like: iptables -A INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT And also in FORWARD and OUTPUT, but it may be that you already have a rule to allow 'RELATED' traffic, and if you also allow all outgoing traffic, then the above rule actually is redundant. Micha ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
Peter Vreman schrieb: Jonas Maebe schrieb: On 29 mrt 2005, at 16:40, Daniel Herzog wrote: Here it doesnt. I even tried to change the mtu of all relevant systems to 1400 instead of 1500, which didnt help also...and i cant lower my mtu far more...i want some troughput. I don't know what or where the problem is, but you're the first person I hear of who can't reach it. Jonas It worked for ages here, while i never touched my router for about 2 years now... Maybe someone responsible for the webserver could show up and tell me if there were changes done to it recently or not? The webserver (apache2) uses the defaults from Suse 9.2. Nothing special is configured. Quite a few now said it might be the case that it's firewall blocks all icmp packages. Try lowering the servers mtu for the fun with it. Mine is 1442, automatically lowered to the highest value working everywhere. Think of possible PPPoE headers, since you seem to have a dsl connection. dunno what the exact setup looks like. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 30 Mar 2005 19:24:13 +0200 Daniel Herzog [EMAIL PROTECTED] wrote: Quite a few now said it might be the case that it's firewall blocks all icmp packages. Try lowering the servers mtu for the fun with it. Yes, any sensible sysadmin ought to know that ICMP fragment error packets (type 3, code 4?) should always be allowed. HTH, Micha ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 30 Mar 2005, Daniel Herzog wrote: Peter Vreman schrieb: Jonas Maebe schrieb: On 29 mrt 2005, at 16:40, Daniel Herzog wrote: Here it doesnt. I even tried to change the mtu of all relevant systems to 1400 instead of 1500, which didnt help also...and i cant lower my mtu far more...i want some troughput. I don't know what or where the problem is, but you're the first person I hear of who can't reach it. Jonas It worked for ages here, while i never touched my router for about 2 years now... Maybe someone responsible for the webserver could show up and tell me if there were changes done to it recently or not? The webserver (apache2) uses the defaults from Suse 9.2. Nothing special is configured. Quite a few now said it might be the case that it's firewall blocks all icmp packages. Try lowering the servers mtu for the fun with it. Mine is 1442, automatically lowered to the highest value working everywhere. Think of possible PPPoE headers, since you seem to have a dsl connection. dunno what the exact setup looks like. I don't think it is the server, as the MTU size of the server didn't change. The router is outside my control; It's controlled by the ISP; So there is nothing I can do about it. If you can tell me how to determine it's MTU size, then I can try to do something about it. Michael. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 30 Mar 2005, Micha Nelissen wrote: On Wed, 30 Mar 2005 19:24:13 +0200 Daniel Herzog [EMAIL PROTECTED] wrote: Quite a few now said it might be the case that it's firewall blocks all icmp packages. Try lowering the servers mtu for the fun with it. Yes, any sensible sysadmin ought to know that ICMP fragment error packets (type 3, code 4?) should always be allowed. Can you please translate this to plain english ? Michael. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 2005-03-30 at 22:17 +0200, Michael Van Canneyt wrote: I don't think it is the server, as the MTU size of the server didn't change. The router is outside my control; It's controlled by the ISP; So there is nothing I can do about it. If you can tell me how to determine it's MTU size, then I can try to do something about it. *If* there is a problem on your end then it is your server's firewall, if it was letting through ICMP fragmentation needed packets this problem should not exist. OTOH, that problem might be elsewhere too. johannes signature.asc Description: This is a digitally signed message part ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 30 Mar 2005, Johannes Berg wrote: On Wed, 2005-03-30 at 22:17 +0200, Michael Van Canneyt wrote: I don't think it is the server, as the MTU size of the server didn't change. The router is outside my control; It's controlled by the ISP; So there is nothing I can do about it. If you can tell me how to determine it's MTU size, then I can try to do something about it. *If* there is a problem on your end then it is your server's firewall, if it was letting through ICMP fragmentation needed packets this problem should not exist. OTOH, that problem might be elsewhere too. Then the problem is elsewhere. Michael. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 30 Mar 2005, Daniel Herzog wrote: Michael Van Canneyt schrieb: On Wed, 30 Mar 2005, Daniel Herzog wrote: Peter Vreman schrieb: Jonas Maebe schrieb: On 29 mrt 2005, at 16:40, Daniel Herzog wrote: Here it doesnt. I even tried to change the mtu of all relevant systems to 1400 instead of 1500, which didnt help also...and i cant lower my mtu far more...i want some troughput. I don't know what or where the problem is, but you're the first person I hear of who can't reach it. Jonas It worked for ages here, while i never touched my router for about 2 years now... Maybe someone responsible for the webserver could show up and tell me if there were changes done to it recently or not? The webserver (apache2) uses the defaults from Suse 9.2. Nothing special is configured. Quite a few now said it might be the case that it's firewall blocks all icmp packages. Try lowering the servers mtu for the fun with it. Mine is 1442, automatically lowered to the highest value working everywhere. Think of possible PPPoE headers, since you seem to have a dsl connection. dunno what the exact setup looks like. I don't think it is the server, as the MTU size of the server didn't change. The router is outside my control; It's controlled by the ISP; So there is nothing I can do about it. If you can tell me how to determine it's MTU size, then I can try to do something about it. Michael. you could maybe try to ping google or something with huge package. remember to add the header size in mind. Works with size up to 1472. (+28=1500, so this figures) Conslusion you pull from this test ? Michael. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 30 Mar 2005, Daniel Herzog wrote: you could maybe try to ping google or something with huge package. remember to add the header size in mind. Works with size up to 1472. (+28=1500, so this figures) Conslusion you pull from this test ? Same here, and I can ping www.freepascal.org till 8184. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
From the ping tests that have just been sent in, it's clear that it works for high MTUs also. But it doesnt neccessarily show that any Fragmentation needed packages can reach the server - which is the thing we need to proof or disproof, I'd say... And i'm sorry - i have no idea how this could be done - anyone? ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 2005-03-30 at 21:45 +0200, Marco van de Voort wrote: Same here, and I can ping www.freepascal.org till 8184. The size at which you can ping www.freepascal.org isn't relevant, that just means that you are not blocking 'fragmentation needed' packets. Interesting might be the size at which www.freepascal.org itself can ping, for example, xzone.dyndns.org (our dynamic behind-dsl IP which has a MTU lower than 1500) johannes signature.asc Description: This is a digitally signed message part ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 30 Mar 2005, Johannes Berg wrote: On Wed, 2005-03-30 at 21:45 +0200, Marco van de Voort wrote: Same here, and I can ping www.freepascal.org till 8184. The size at which you can ping www.freepascal.org isn't relevant, that just means that you are not blocking 'fragmentation needed' packets. Interesting might be the size at which www.freepascal.org itself can ping, for example, xzone.dyndns.org (our dynamic behind-dsl IP which has a MTU lower than 1500) That is what I did: I pinged www.google.be from www.freepascal.org. and the maximum size was 1472. Michael. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Wed, 2005-03-30 at 23:44 +0200, Michael Van Canneyt wrote: That is what I did: I pinged www.google.be from www.freepascal.org. and the maximum size was 1472. You should be able to ping much higher unless you do 'ping -M dont ...' since The fact that you cannot suggests that there may be some router/firewall blocking these ICMP packets. johannes signature.asc Description: This is a digitally signed message part ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
Date sent: Wed, 30 Mar 2005 23:44:20 +0200 (CEST) From: Michael Van Canneyt [EMAIL PROTECTED] To: FPC developers' list fpc-devel@lists.freepascal.org Subject:Re: [fpc-devel] webserver Send reply to: FPC developers' list fpc-devel@lists.freepascal.org mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Same here, and I can ping www.freepascal.org till 8184. The size at which you can ping www.freepascal.org isn't relevant, that just means that you are not blocking 'fragmentation needed' packets. Interesting might be the size at which www.freepascal.org itself can ping, for example, xzone.dyndns.org (our dynamic behind-dsl IP which has a MTU lower than 1500) That is what I did: I pinged www.google.be from www.freepascal.org. and the maximum size was 1472. However, I just tried to ping from www.freepascal.org to the machine mentioned here by someone (xzone.dyndns.org) and packets with size of 16000 went through without problems... Tomas ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
Michael Van Canneyt schrieb: On Wed, 30 Mar 2005, Johannes Berg wrote: On Wed, 2005-03-30 at 21:45 +0200, Marco van de Voort wrote: Same here, and I can ping www.freepascal.org till 8184. The size at which you can ping www.freepascal.org isn't relevant, that just means that you are not blocking 'fragmentation needed' packets. Interesting might be the size at which www.freepascal.org itself can ping, for example, xzone.dyndns.org (our dynamic behind-dsl IP which has a MTU lower than 1500) That is what I did: I pinged www.google.be from www.freepascal.org. and the maximum size was 1472. Michael. If you're on freenode, query me (expose) please - and try to ping me - since i myself can ping google with real big packages also - but not www.freepascal.org ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On 29 mrt 2005, at 16:40, Daniel Herzog wrote: Here it doesnt. I even tried to change the mtu of all relevant systems to 1400 instead of 1500, which didnt help also...and i cant lower my mtu far more...i want some troughput. I don't know what or where the problem is, but you're the first person I hear of who can't reach it. Jonas ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
Jonas Maebe schrieb: On 29 mrt 2005, at 16:40, Daniel Herzog wrote: Here it doesnt. I even tried to change the mtu of all relevant systems to 1400 instead of 1500, which didnt help also...and i cant lower my mtu far more...i want some troughput. I don't know what or where the problem is, but you're the first person I hear of who can't reach it. Jonas It worked for ages here, while i never touched my router for about 2 years now... Maybe someone responsible for the webserver could show up and tell me if there were changes done to it recently or not? ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Tue, 29 Mar 2005, Daniel Herzog wrote: Jonas Maebe schrieb: On 29 mrt 2005, at 16:40, Daniel Herzog wrote: Here it doesnt. I even tried to change the mtu of all relevant systems to 1400 instead of 1500, which didnt help also...and i cant lower my mtu far more...i want some troughput. I don't know what or where the problem is, but you're the first person I hear of who can't reach it. Jonas It worked for ages here, while i never touched my router for about 2 years now... Maybe someone responsible for the webserver could show up and tell me if there were changes done to it recently or not? ISP and consequently DNS has changed. Check the IP address. It should be 62.166.198.202 But you're the only one to report problems, which suggests the problem is somewhere on your side. Maybe a proxy ? Michael. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
On Tue, 2005-03-29 at 21:56 +0400, Alexey Barkovoy wrote: But you're the only one to report problems, which suggests the problem is somewhere on your side. Maybe a proxy ? Well I'm having problems with www.freepascal.org for around a month now (maybe even more). Sometimes it's just reappears - last time it's happened in sunday - I've succesfully filed bug report and downloaded sources from CVS. But next day it again disappeared. And now not reachable either throw www.freepascal.org or 62.166.198.202. I hate being a me to or not me, but it works fine from here (WV, USA). Web responds quickly, however last week I did notice some slowdowns. Here's a traceroute: traceroute to www.freepascal.org (62.166.198.202), 30 hops max, 38 byte packets 1 192.168.1.1 (192.168.1.1) 0.726 ms 0.674 ms 0.698 ms 2 L200.DSL-RTR1.CHAR.verizon-gni.net (151.205.95.1) 27.748 ms 27.505 ms 27.541 ms 3 130.81.12.89 (130.81.12.89) 27.846 ms 27.932 ms 27.801 ms 4 so-2-2-1-0.BB-RTR1.PHIL.verizon-gni.net (130.81.18.30) 45.182 ms 45.109 ms 44.786 ms 5 so-1-0-0-0.PEER-RTR1.PHIL.verizon-gni.net (130.81.7.226) 43.275 ms 43.577 ms 43.098 ms 6 dca-edge-03.inet.qwest.net (65.118.218.45) 46.026 ms 46.443 ms 47.013 ms 7 dca-core-02.inet.qwest.net (205.171.9.61) 46.072 ms 46.209 ms 46.054 ms 8 dca-brdr-01.inet.qwest.net (205.171.9.54) 46.780 ms 45.944 ms 46.029 ms 9 so0-1-0-622M.ar3.wdc2.gblx.net (208.51.74.9) 46.059 ms 46.696 ms 46.026 ms 10 so0-0-0-2488M.ar3.AMS2.gblx.net (67.17.73.86) 129.326 ms 128.660 ms 128.834 ms 11 Versatel-Nederland.so-3-0-0.ar3.AMS2.gblx.net (64.211.166.182) 131.008 ms Versatel-Nederland.so-2-0-0.ar3.AMS2.gblx.net (64.212.109.2) 130.687 ms Versatel-Nederland.so-3-0-0.ar3.AMS2.gblx.net (64.211.166.182) 130.895 ms 12 62.58.126.196 (62.58.126.196) 134.834 ms 134.170 ms 133.728 ms 13 unlabelled.versatel.net (62.58.126.46) 134.015 ms 135.156 ms 133.503 ms 14 cust198-193.dsl.versadsl.be (62.166.198.193) 138.201 ms 138.953 ms 138.834 ms 15 cust198-202.dsl.versadsl.be (62.166.198.202) 138.213 ms 139.142 ms 138.955 ms ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
ISP and consequently DNS has changed. Check the IP address. It should be 62.166.198.202 But you're the only one to report problems, which suggests the problem is somewhere on your side. Maybe a proxy ? Well I'm having problems with www.freepascal.org for around a month now (maybe even more). Sometimes it's just reappears - last time it's happened in sunday - I've succesfully filed bug report and downloaded sources from CVS. But next day it again disappeared. And now not reachable either throw www.freepascal.org or 62.166.198.202. PS. Actually another successful connection were just after 1.9.8 release. Try www.jp.freepascal.org as a workaround (works nice here), or the google cache. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
Try www.jp.freepascal.org as a workaround (works nice here), or the google cache. But I still will not be able to fill / browse bug reports! ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
Jonas Maebe schrieb: On 29 mrt 2005, at 16:40, Daniel Herzog wrote: Here it doesnt. I even tried to change the mtu of all relevant systems to 1400 instead of 1500, which didnt help also...and i cant lower my mtu far more...i want some troughput. I don't know what or where the problem is, but you're the first person I hear of who can't reach it. Jonas It worked for ages here, while i never touched my router for about 2 years now... Maybe someone responsible for the webserver could show up and tell me if there were changes done to it recently or not? The webserver (apache2) uses the defaults from Suse 9.2. Nothing special is configured. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
Re: [fpc-devel] webserver
i cannot access http://www.freepascal.org/ for days. I can ping it, and wget establishes a connection (200 OK )but cant download any data. ftp and www.jp.freepascal.org work fine. please fix this, it worked nice here until the last week or so. One of the sites of freepascal.org had an outage on friday from 8:00 till 16:00 as the result of a massive powerproblem. However it works fine now. ___ fpc-devel maillist - fpc-devel@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-devel
