mtu problems?
A question to the MTU gurus (Muli/Dani?): I'm pretty sure I have an MTU problem. However, I can't figure out: A. How to 'debug' it (i.e. I don't know if the problem is really MTU) B. What the problem is (if it exists). I think that (A) is especially important, since I'm getting the feeling I'm chasing ghosts; The symptoms are as follows: I'm have an excellent ADSL connection, but connecting to certain servers using timeout-sensitive protocols I am having problems. For example, when trying to upload files to my FTP server, either using FTP or SSH + rz, the connection takes forever and breaks up in the middle quite frequently. Pinging the server shows that my packet loss is negligible and that the connection is fast (~35ms, <1% packet loss). Other people can FTP with no problems. I have no other problems with that server or with my Internet connection in general (i.e SMTP, HTTP all work quite nicely). The only think I can think of is some strange MTU problem. For example, trying to FTP from my linux connection (the one connected to an ADSL) via FTP fails miserably with timeouts. The connection is done directly, so it's not a masquerading problem. Now the facts: The MTU on the ppp0 interface is: 1452 The MTU on the eth1 interface (the one connected to the ADSL modem) is: 1500 as far as I can tell from the how-to, that should be the right values. Any idea how I can debug it and/or fix the problem? Thanks, Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com Know that you're safe: http://www.AutomatedScanning.com = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: mtu problems?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Aviram, Well, I strongly believe that playing around with the MTU is not the right way to go about it. As you said, the ppp0 is set 1452 and eth0 is set to 1500. The packet filter should be able to fragment the packets correctly. I use a similar setup at home, only with a cable modem and an ISDN with another, and I don't get any problems. However, I have encountered in the past a similar problem. It was related to a transparent proxy issue with my ISP. According to your information, I would guess that your ISP is Internet Gold, as these problems are somewhat common over there. - From time to time, they add new subnets to the ADSL clients, and they simply forget to define all the proper settings in the transparent proxy. I would suggest that you approach your ISP and ask them to put a trace on your FTP session, so they can check where it gets cloged up. Best regards, Nir Simionovich Senior Network Manager m-Wise http://www.m-wise.com/ Phone: +972 (9) 958-1711 ext. 105 Fax: +972 (9) 958-1739 Mobile: +972 (54) 482826 - -Original Message- From: Aviram Jenik [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 8:23 PM To: [EMAIL PROTECTED] Subject: mtu problems? A question to the MTU gurus (Muli/Dani?): I'm pretty sure I have an MTU problem. However, I can't figure out: A. How to 'debug' it (i.e. I don't know if the problem is really MTU) B. What the problem is (if it exists). I think that (A) is especially important, since I'm getting the feeling I'm chasing ghosts; The symptoms are as follows: I'm have an excellent ADSL connection, but connecting to certain servers using timeout-sensitive protocols I am having problems. For example, when trying to upload files to my FTP server, either using FTP or SSH + rz, the connection takes forever and breaks up in the middle quite frequently. Pinging the server shows that my packet loss is negligible and that the connection is fast (~35ms, <1% packet loss). Other people can FTP with no problems. I have no other problems with that server or with my Internet connection in general (i.e SMTP, HTTP all work quite nicely). The only think I can think of is some strange MTU problem. For example, trying to FTP from my linux connection (the one connected to an ADSL) via FTP fails miserably with timeouts. The connection is done directly, so it's not a masquerading problem. Now the facts: The MTU on the ppp0 interface is: 1452 The MTU on the eth1 interface (the one connected to the ADSL modem) is: 1500 as far as I can tell from the how-to, that should be the right values. Any idea how I can debug it and/or fix the problem? Thanks, Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com Know that you're safe: http://www.AutomatedScanning.com = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 iQA/AwUBPIPAD4IPDOTXgnguEQL8+wCfcVEsDwXOoYLUwJEWZAaRgNTE6hYAn02w DEST+ISIZo5TlLaiC1/F8wj5 =T60Y -END PGP SIGNATURE- To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: mtu problems?
Hi Nir, > > However, I have encountered in the past a similar problem. It was > related to > a transparent proxy issue with my ISP. I'm using actcom, just like about half the people on this list. I doubt that's the problem. > According to your information, I > would guess > that your ISP is Internet Gold, as these problems are somewhat common > over there. Not in a million years. If my ISP would have been Internet Gold, MTU would be the least of my problems :-) - Aviram = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: mtu problems?
1. By no means I'm MTU guru. 2. I cannot give you technical explanation why it's happening. 3. It does happen to me. Here's the story: I'm managing two ADSL connections. One at home, one at work. Both are connected to Actcom, one regular account, one "business". Essentially the same setup (RedHat 7.2 with some tuneups). From home everything works ok, from work my boss cannot browse to http://www.tase.co.il.; Session hangs forever... After I reduced MTU to 1400, everything works perfectly again! Don't know the reason, but you definitely should try reducing MTU to smaller value and see if the problems go away. Greetings, Haim. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Aviram Jenik > Sent: Monday, March 04, 2002 8:23 PM > To: [EMAIL PROTECTED] > Subject: mtu problems? > > > A question to the MTU gurus (Muli/Dani?): > > I'm pretty sure I have an MTU problem. However, I can't figure out: > A. How to 'debug' it (i.e. I don't know if the problem is really MTU) > B. What the problem is (if it exists). > > I think that (A) is especially important, since I'm getting > the feeling I'm > chasing ghosts; > > The symptoms are as follows: > I'm have an excellent ADSL connection, but connecting to > certain servers > using timeout-sensitive protocols I am having problems. For > example, when > trying to upload files to my FTP server, either using FTP or > SSH + rz, the > connection takes forever and breaks up in the middle quite frequently. > Pinging the server shows that my packet loss is negligible > and that the > connection is fast (~35ms, <1% packet loss). Other people can > FTP with no > problems. I have no other problems with that server or with > my Internet > connection in general (i.e SMTP, HTTP all work quite nicely). > The only think > I can think of is some strange MTU problem. > > For example, trying to FTP from my linux connection (the one > connected to an > ADSL) via FTP fails miserably with timeouts. The connection is done > directly, so it's not a masquerading problem. > > Now the facts: > The MTU on the ppp0 interface is: 1452 > The MTU on the eth1 interface (the one connected to the ADSL > modem) is: 1500 > > as far as I can tell from the how-to, that should be the > right values. Any > idea how I can debug it and/or fix the problem? > > Thanks, > Aviram Jenik > Beyond Security Ltd. > http://www.BeyondSecurity.com > http://www.SecuriTeam.com > > Know that you're safe: > http://www.AutomatedScanning.com > > > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > > To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: mtu problems?
On Mon, Mar 04, 2002 at 08:23:06PM +0200, Aviram Jenik wrote: > A question to the MTU gurus (Muli/Dani?): dani is the real expert, i'm just using a few handy heuristics. > I'm pretty sure I have an MTU problem. However, I can't figure out: > A. How to 'debug' it (i.e. I don't know if the problem is really > MTU) pakcet dump (ethereal, tcpdump). you will see the client sending a packet and getting one packet in a response, or none at all. then it will continue sending and get no response. > B. What the problem is (if it exists). see dani's note, at http://damyen.technion.ac.il/~dani/adsl-mtu.txt > I think that (A) is especially important, since I'm getting the feeling I'm > chasing ghosts; > > The symptoms are as follows: > I'm have an excellent ADSL connection, but connecting to certain servers > using timeout-sensitive protocols I am having problems. For example, when > trying to upload files to my FTP server, either using FTP or SSH + rz, the > connection takes forever and breaks up in the middle quite frequently. > Pinging the server shows that my packet loss is negligible and that the > connection is fast (~35ms, <1% packet loss). Other people can FTP with no > problems. I have no other problems with that server or with my Internet > connection in general (i.e SMTP, HTTP all work quite nicely). The only think > I can think of is some strange MTU problem. that sounds likely, according to the symptoms you describe. does this happen when connecting through the adsl masquerading "server" (the computer which runs pptp) or only when connecting through a masqueraded client? > For example, trying to FTP from my linux connection (the one connected to an > ADSL) via FTP fails miserably with timeouts. The connection is done > directly, so it's not a masquerading problem. > > Now the facts: > The MTU on the ppp0 interface is: 1452 > The MTU on the eth1 interface (the one connected to the ADSL modem) > is: 1500 sounds correct. > as far as I can tell from the how-to, that should be the right values. Any > idea how I can debug it and/or fix the problem? use the ethereal, luke :) -- The ill-formed Orange Fails to satisfy the eye: http://vipe.technion.ac.il/~mulix/ Segmentation fault. http://syscalltrack.sf.net/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: mtu problems?
Try reducing the MTU on the internal machine to 1452, and see if the problem goes away. If it does, you need to set a rule on iptables of the outgoing filter to change the MSS on outgoing SYNs. I don't remeber what it was. If you want to understand why it happens, I, as well as a few other people, wrote a pretty detailed explanation to the list a few months ago (search the archives). If you want, I can explain it to you over the lunch you owe me. Shachar Aviram Jenik wrote: >A question to the MTU gurus (Muli/Dani?): > >I'm pretty sure I have an MTU problem. However, I can't figure out: >A. How to 'debug' it (i.e. I don't know if the problem is really MTU) >B. What the problem is (if it exists). > >I think that (A) is especially important, since I'm getting the feeling I'm >chasing ghosts; > >The symptoms are as follows: >I'm have an excellent ADSL connection, but connecting to certain servers >using timeout-sensitive protocols I am having problems. For example, when >trying to upload files to my FTP server, either using FTP or SSH + rz, the >connection takes forever and breaks up in the middle quite frequently. >Pinging the server shows that my packet loss is negligible and that the >connection is fast (~35ms, <1% packet loss). Other people can FTP with no >problems. I have no other problems with that server or with my Internet >connection in general (i.e SMTP, HTTP all work quite nicely). The only think >I can think of is some strange MTU problem. > >For example, trying to FTP from my linux connection (the one connected to an >ADSL) via FTP fails miserably with timeouts. The connection is done >directly, so it's not a masquerading problem. > >Now the facts: >The MTU on the ppp0 interface is: 1452 >The MTU on the eth1 interface (the one connected to the ADSL modem) is: 1500 > >as far as I can tell from the how-to, that should be the right values. Any >idea how I can debug it and/or fix the problem? > >Thanks, >Aviram Jenik >Beyond Security Ltd. >http://www.BeyondSecurity.com >http://www.SecuriTeam.com > >Know that you're safe: >http://www.AutomatedScanning.com > > > >= >To unsubscribe, send mail to [EMAIL PROTECTED] with >the word "unsubscribe" in the message body, e.g., run the command >echo unsubscribe | mail [EMAIL PROTECTED] > > > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: mtu problems?
Hi, At 09:31 05/03/02 +0200, you wrote: >Try reducing the MTU on the internal machine to 1452, and see if the >problem goes away. If it does, you need to set a rule on iptables of the >outgoing filter to change the MSS on outgoing SYNs. I don't remeber what >it was. As I know, this iptables thing is another way to the reducing MTU thing. If reducing MTU fixing the problem you shouldnt play with the iptables thing. Anyway, if I understand you right, here is the command to do that: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu >If you want to understand why it happens, I, as well as a few other >people, wrote a pretty detailed explanation to the list a few months ago >(search the archives). If you want, I can explain it to you over the lunch >you owe me. > >Shachar > > >Aviram Jenik wrote: > >>A question to the MTU gurus (Muli/Dani?): >> >>I'm pretty sure I have an MTU problem. However, I can't figure out: >>A. How to 'debug' it (i.e. I don't know if the problem is really MTU) >>B. What the problem is (if it exists). >> >>I think that (A) is especially important, since I'm getting the feeling I'm >>chasing ghosts; >> >>The symptoms are as follows: >>I'm have an excellent ADSL connection, but connecting to certain servers >>using timeout-sensitive protocols I am having problems. For example, when >>trying to upload files to my FTP server, either using FTP or SSH + rz, the >>connection takes forever and breaks up in the middle quite frequently. >>Pinging the server shows that my packet loss is negligible and that the >>connection is fast (~35ms, <1% packet loss). Other people can FTP with no >>problems. I have no other problems with that server or with my Internet >>connection in general (i.e SMTP, HTTP all work quite nicely). The only think >>I can think of is some strange MTU problem. >> >>For example, trying to FTP from my linux connection (the one connected to an >>ADSL) via FTP fails miserably with timeouts. The connection is done >>directly, so it's not a masquerading problem. >> >>Now the facts: >>The MTU on the ppp0 interface is: 1452 >>The MTU on the eth1 interface (the one connected to the ADSL modem) is: 1500 >> >>as far as I can tell from the how-to, that should be the right values. Any >>idea how I can debug it and/or fix the problem? >> >>Thanks, >>Aviram Jenik >>Beyond Security Ltd. >>http://www.BeyondSecurity.com >>http://www.SecuriTeam.com >> >>Know that you're safe: >>http://www.AutomatedScanning.com >> >> >> >>= >>To unsubscribe, send mail to [EMAIL PROTECTED] with >>the word "unsubscribe" in the message body, e.g., run the command >>echo unsubscribe | mail [EMAIL PROTECTED] >> >> > > > >= >To unsubscribe, send mail to [EMAIL PROTECTED] with >the word "unsubscribe" in the message body, e.g., run the command >echo unsubscribe | mail [EMAIL PROTECTED] -- Best Regards, Eran Levy. "This is Linux country. If you listen carefully, you can hear Windows reboot..." WebSite: http://levy.dyn.dhs.org = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]