Would some kind person please try pinging the addresses 202.12.88.42 or 202.12.88.106 and let me know the results, please?
I need to test the ICMP block on my router from external ping traffic.
Great, another path MTU discovery black hole, another undiagnosable network.
Fellas, how about using rate limiting. Linux has marvellous QoS features, enough to allow a few ICMP ECHOs for fault diagnosis but to deny a ping flood.
> Note that its probably not a good idea to block ICMP source quench > packets.
Nah, block those suckers. Source Quench is deprecated.
The list is
Block Obsolete Source Quench Information Request/Reply Datagram Conversion Shouldn't cross network boundary Address Mask Request/Reply Redirect Domain Name Router Advertisment/Selection Required for operation (rate limit these to, say, 10% of bandwidth) Destination Unreachable Time Exceeded Security Failure Parameter Problem Required for diagnosis (rate limit these to, say, 1% of bandwidth) Echo Request/Reply Timestamp Request/Reply
Regards, Glen
-- Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936 Network Engineer Email: [EMAIL PROTECTED] Australian Academic & Research Network www.aarnet.edu.au -- linux.conf.au 2004, Adelaide lca2004.linux.org.au Main conference 14-17 January 2004 Miniconfs from 12 Jan
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug