|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
path MTU discovery and error sending data
Adam Levin (alevin
audible.com)
Tue, 9 Nov 1999 08:47:04 -0500 (EST)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Sean Rima: "Re: rbl checks"
- Previous message: Wietse Venema: "Re: Inbound virtual"
- In reply to: Tony Wu: "Re: Inbound virtual"
- Next in thread: LaMont Jones: "Re: path MTU discovery and error sending data"
- Reply: LaMont Jones: "Re: path MTU discovery and error sending data"
- Reply: Chris Wedgwood: "[OT] Re: path MTU discovery and error sending data"
- Reply: Matthias Andree: "Re: path MTU discovery and error sending data"
According to the FAQ: Occasionally, mail fails with "timed out while
sending end of data -- message may be sent more than once".
We're having this problem sending mail to one particular domain:
microsoft.com. Since mid-September, we've had 6500 of these messages in
our logs, and 6425 of them are to microsoft.com.
Now, I basically understand the problem. In our case, I know that our
firewall is blocking the ICMP traffic. As the FAQ notes:
However, things break when some router closer to the sending system is
dropping such ICMP feedback messages, in a mistaken attempt to protect
systems against certain attacks. In that case, the ICMP feedback message
never reaches the sending machine, and the connection times out.
...
Fix: find the router that drops the ICMP MUST FRAGMENT messages, and
convince the person responsible for it to fix the configuration.
My question is, why is blocking ICMP traffic a mistake, and is there a
possible security problem with opening up that traffic through the
firewall? I'm not the firewall maintainer -- that's our networking guy,
and he's reluctant to open it up.
I'd appreciate a more detailed explanation.
Thank you,
-Adam Levin
- Next message: Sean Rima: "Re: rbl checks"
- Previous message: Wietse Venema: "Re: Inbound virtual"
- In reply to: Tony Wu: "Re: Inbound virtual"
- Next in thread: LaMont Jones: "Re: path MTU discovery and error sending data"
- Reply: LaMont Jones: "Re: path MTU discovery and error sending data"
- Reply: Chris Wedgwood: "[OT] Re: path MTU discovery and error sending data"
- Reply: Matthias Andree: "Re: path MTU discovery and error sending data"
This archive was generated by hypermail 2.0b3 on Tue Nov 09 1999 - 07:51:40 CST