From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-150282-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 3CC471381F3
	for <garchives@archives.gentoo.org>; Sun,  1 Sep 2013 15:44:20 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 6B7D1E0D62;
	Sun,  1 Sep 2013 15:44:15 +0000 (UTC)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 474D9E0D3C
	for <gentoo-user@lists.gentoo.org>; Sun,  1 Sep 2013 15:44:14 +0000 (UTC)
Received: by mail-wi0-f178.google.com with SMTP id en1so1013771wid.11
        for <gentoo-user@lists.gentoo.org>; Sun, 01 Sep 2013 08:44:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=4opIseJdxgMSyzXUSBxDCqiIDgpsRKaZVTQRZHquhbA=;
        b=TbGwJD7df4tcu4fBjPFglN/PRiDD5HYSK+yKom+rK3n1cUIqJ9FeC/nV6ar/PFeT4Y
         1lNA236zHMZm0j8GdMej+oclHQj0pd68TiuzkgmSk6L+KaN5V6F6C/vlIIfOhRMSwiaX
         PrUA6S26snidDmvYqx0ckqH3AStH+lk9/acmqyX/IkfhXe+rK0GpNgdwFZZ1OoWC6qDy
         Jro/u/2Hv+wKi5jLjHIiGOCIAvrPYMcfmqAhEPejNijwfF17NeTjADRaRqyVHWY1MkJP
         0E/54xKZDBtEUopyPfIclbrD/A/EaeFupgkBoo7dDDTBhiff4oRBEkVABCNR5imBwZox
         oFOA==
X-Received: by 10.194.242.200 with SMTP id ws8mr78212wjc.60.1378050252759;
        Sun, 01 Sep 2013 08:44:12 -0700 (PDT)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPSA id p8sm1377939wij.8.1969.12.31.16.00.00
        (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Sun, 01 Sep 2013 08:44:12 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] PMTUD
Date: Sun, 1 Sep 2013 16:43:50 +0100
User-Agent: KMail/1.13.7 (Linux/3.10.7-gentoo; KDE/4.10.5; x86_64; ; )
References: <CAN0CFw1NOD-cfwwOZuU8geHbLP7kzgc9FRGa+3nRFp9sbBGowA@mail.gmail.com> <201309011357.12792.michaelkintzios@gmail.com> <CAN0CFw1vuFeOBrLYWbrVG_gUaDwypMKa8rmiY0pUqoTDYR+3UA@mail.gmail.com>
In-Reply-To: <CAN0CFw1vuFeOBrLYWbrVG_gUaDwypMKa8rmiY0pUqoTDYR+3UA@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1841881.fX8bpIA17l";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <201309011643.52008.michaelkintzios@gmail.com>
X-Archives-Salt: 7e97012c-cb54-4df0-b6e2-35603609e777
X-Archives-Hash: 40dbe2836595edeed611ae4c0d0fd775

--nextPart1841881.fX8bpIA17l
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Sunday 01 Sep 2013 14:59:19 Grant wrote:
> >> Could ICMP packets not getting through be to blame for my proxy server
> >> problem?  My laptop can't seem to ping anyone (blocked at the firewall
> >> in this hotel I suppose) and certainly the proxy server can't ping my
> >> laptop.
> >=20
> > Not all ICMP packets are relevant to detecting the MTU of a node.  A
> > correctly implemented node will return an ICMP Fragmentation Needed
> > (Type 3, Code 4) packet, with its MTU value.  This kind of ICMP packets
> > should not be blocked at firewalls.  Use ping with the do not fragment
> > option to see if packets above a certain size time out, i.e. they are
> > dropped by some offending node on the way.
> >=20
> >   ping -c 6 -n -M do -s 1472 <server_address>
>=20
> I get "Frag needed and DF set (mtu =3D 1492)" when pinging google.com.
> I get normal replies with -s 1464.  ifconfig shows my WAN interface at
> MTU 1500 so PMTUD must change the MTU for communication with
> google.com if I understand correctly.

The hotel's router/modem may be using PPPoE to authenticate with their ISP,=
=20
which has a larger header size and requires an MTU of 1492 (1464+28=3D1492)

So, although your NIC is configured to the full ethernet MTU size, the rout=
er=20
drops the size down to 1492 to be able to squeeze it out through the ISP's=
=20
network.  That's all good and proper and will not cause the timeout problem=
=20
you have been experiencing.


> > Of course, if the hotel's firewall is blocking all outgoing/incoming
> > pings this sort of diagnostic test will not be useful.
>=20
> I actually only lose pings to my own remote system so I've started a
> new thread about that.  I tried down to -s 1 but still 100% packet
> loss there.

Have you checked that the firewall at your server is not set to drop all IC=
MP=20
packets and that you don't have something like this set up on it:

  net.ipv4.icmp_echo_ignore_all =3D 0

(use sysctl to check)
=2D-=20
Regards,
Mick

--nextPart1841881.fX8bpIA17l
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)

iQEcBAABAgAGBQJSI2C3AAoJELAdA+zwE4YekE8IAJlaxF0WIZwOqIA2SQAg6d9B
gOKo+bEQV7zSLrf7mK12pL0rI2Thb+eYtVAt24BKz8VQPqG936Iw/pf3JXNQblk4
J9CzJPKcWkqQNStuGN8TBCuTbIrhQNyObq9XyJ8D8oWTmhgmLwOWB8zyup9Dxk4y
Ii07hyUXm4Ru1jMWLb8KFWJdT89IJokREBIi9fNjACpTo7ZROBT/Teb3nGAgXY7t
taVmVf+5NGtrpyAvc5FTzlO3dm33D8ohSVucQZJwBlAuvcaeNITcoAkkqicGfwo5
xBxLZPheXj/kSc2IGfwhq2IubYlzCuEvJbHcK+dYhW/hsATlyCk9piS6sMl3O/E=
=4ZRf
-----END PGP SIGNATURE-----

--nextPart1841881.fX8bpIA17l--