Richard wrote:
CLIENT: MTU 1400
===================================
[EMAIL PROTECTED]:~$ tracepath snort.org
1: 192.168.150.50 (192.168.150.50) 0.255ms pmtu
1400
1: 192.168.150.254 (192.168.150.254) 0.624ms
2: kiel3.bb.addix.net (212.51.31.92) 104.414ms
3: fe201-kiel1.bb.addix.net (212.51.31.124) 105.371ms
4: addix.ham-4-atm131-732.de.lambdanet.net (217.71.107.237) asymm 5
130.724ms
5: hbg-b2-geth1-2-0-12.telia.net (213.248.76.129) asymm 6
107.858ms
6: hbg-bb1-link.telia.net (80.91.251.77) asymm 7
108.379ms
7: ldn-bb1-link.telia.net (80.91.249.10) asymm 8
120.493ms
8: nyk-bb1-pos0-2-0.telia.net (213.248.65.90) asymm 9
189.548ms
9: ash-bb1-link.telia.net (213.248.83.22) asymm 10
202.979ms
10: ash-bb1-pos6-0-0-0.telia.net (213.248.80.69) 243.082ms
11: tbr1034001.wswdc.ip.att.net (12.122.80.98) asymm 14
212.112ms
12: tbr1034001.wswdc.ip.att.net (12.122.80.98) asymm 14
209.160ms
13: 12.122.255.2 (12.122.255.2) asymm 14
207.329ms
14: 12.122.255.2 (12.122.255.2) 206.029ms
15: 63.240.197.134 (63.240.197.134) asymm 14
210.831ms
16: 63.240.198.67 (63.240.198.67) asymm 15
205.751ms
17: no reply
But, even with MTU beeing set to 1400 i can not reach snort.org.
The same effect when using MTU 1500.
Richard
You can ping or traceroute snort.org all day long from anywhere in the
world and your not going to get through.
63.240.198.67 (where you stop) is your first hop in the SourceFire
network. And, they don't pass ICMP traffic.
ICMP is the Internet Control Message Protocol.
Although it has proved very useful for troubleshooting IP, it's also
proved very useful for covert channels and circumventing restriction /
security systems.
More and more networks are blocking all ICMP traffic these days.
That does ~not~ mean you "can not reach snort.org".
Try using a TCP based traceroute.
Either way, you've already verified connectivity via telnet. Although,
you did not yet verify your ability to receive the expected response
from a GET / HTTP/1.1 command to snort.org.
You have verified that an MTU of 1500 is too large for your pppoe
connection.
So, verify that you have set the MTU for all interfaces (the router
lan/wan and all the boxes in question) to 1400.
(Though, if you're using DHCP, you can--and should--set MTU there rather
than individually.)
Try to open a browser on one of the previously effected hosts to
snort.org and verify. Note, ping or traceroute to snort.org will still
not work. (It never will, so forget about it.)
Note that if you change the MTU for an interface on the command line of
pfsense, even if you edit the config files, the changes will not remain
over a reboot unless you save it into pfsense's configuration through
the GUI.
If you're still not getting the web page in your browser, verify the MTU
on both interfaces of the router, start full content dumps on both your
wan and lan ports, go to one of the afflicted hosts and verify MTU on
it's interface.
Establish the telnet connection, like before:
# telnet snort.org 80
Trying 199.107.65.177...
Connected to snort.org.
GET / HTTP/1.1
(Note that you hit enter twice, an empty newline transmits).
Make a note of the response.
From your dumps, on the wan side dump, single out all snort.org
traffic; on the lan side dump, single out all traffic to/from the host
you were using.
Post those dumps.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
