Hi,
I'm trying to setup IPFire on a small Alix board. It seems to work ok except I am experiencing a weird problem. My public facing servers are not always reachable. I run a small private data center in Vanuatu and when I try to access my public servers from a server I rent in the US it works fine. However, there are some ISP networks that can't reach my public servers. Even more weird, one of our ISPs in Vanuatu has parts of it that can reach my public servers and other parts of it (different subnets and path to destination) that can't. I read that MTU/MRU values can cause some weird, hard to troubleshoot problems. I do not experience this when I use my Vigor 3300 firewall/router. I really like IPFire and where it seems to be heading, but this is a show stopper. Unfortunately, I can't spend much time troubleshooting this problem properly as the services need to be available.
The image I used to do the installation was ipfire-2.13.1gb-ext4-scon.i586-full-core72.img.gz. It runs on the Alix alix2d3 http://www.pcengines.ch/alix2d3.htm.
Any ideas?
Hello,
indeed this problem is "weird" and does not seems to be cause primarily by IPFire. It looks like a generic networking problem to me.
IPFire is clipping MSS to the Path MTU for all TCP connections and if you have set up you connection to the internet correctly (i.e. typed in the right MTU or let it be assigned by the ISP) this should be fine.
You can test for MTU issues by sending big packets with the ping command or tracepath.
As you mentioned that some hosts are reachable and others are not, I suggest to check the subnet masks configured on the firewall and all other systems. It really looks like something similar to this.
I hope this helps.
-Michael
On Fri, 2013-11-08 at 09:07 +1100, Ghislain Hachey wrote:
Hi,
I'm trying to setup IPFire on a small Alix board. It seems to work ok except I am experiencing a weird problem. My public facing servers are not always reachable. I run a small private data center in Vanuatu and when I try to access my public servers from a server I rent in the US it works fine. However, there are some ISP networks that can't reach my public servers. Even more weird, one of our ISPs in Vanuatu has parts of it that can reach my public servers and other parts of it (different subnets and path to destination) that can't. I read that MTU/MRU values can cause some weird, hard to troubleshoot problems. I do not experience this when I use my Vigor 3300 firewall/router. I really like IPFire and where it seems to be heading, but this is a show stopper. Unfortunately, I can't spend much time troubleshooting this problem properly as the services need to be available.
The image I used to do the installation was ipfire-2.13.1gb-ext4-scon.i586-full-core72.img.gz. It runs on the Alix alix2d3 http://www.pcengines.ch/alix2d3.htm.
Any ideas?
Hi Michael,
I tried manually setting the mtu and mru to 1442 and it works fine now. But blank does not work. Anyway, im happy with that and completed the switch to ipfire.
Cheers,
-- GH
Michael Tremer michael.tremer@ipfire.org wrote:osing
Hello,
indeed this problem is "weird" and does not seems to be cause primarily by IPFire. It looks like a generic networking problem to me.
IPFire is clipping MSS to the Path MTU for all TCP connections and if you have set up you connection to the internet correctly (i.e. typed in the right MTU or let it be assigned by the ISP) this should be fine.
You can test for MTU issues by sending big packets with the ping command or tracepath.
As you mentioned that some hosts are reachable and others are not, I suggest to check the subnet masks configured on the firewall and all other systems. It really looks like something similar to this.
I hope this helps.
-Michael
On Fri, 2013-11-08 at 09:07 +1100, Ghislain Hachey wrote:
Hi,
I'm trying to setup IPFire on a small Alix board. It seems to work ok
except I am experiencing a weird problem. My public facing servers
are
not always reachable. I run a small private data center in Vanuatu
and
when I try to access my public servers from a server I rent in the US
it
works fine. However, there are some ISP networks that can't reach my public servers. Even more weird, one of our ISPs in Vanuatu has parts
of
it that can reach my public servers and other parts of it (different subnets and path to destination) that can't. I read that MTU/MRU
values
can cause some weird, hard to troubleshoot problems. I do not
experience
this when I use my Vigor 3300 firewall/router. I really like IPFire
and
where it seems to be heading, but this is a show stopper.
Unfortunately,
I can't spend much time troubleshooting this problem properly as the services need to be available.
The image I used to do the installation was ipfire-2.13.1gb-ext4-scon.i586-full-core72.img.gz. It runs on the
Alix
alix2d3 http://www.pcengines.ch/alix2d3.htm.
Any ideas?
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
-
Ghislain Hachey -
Michael Tremer