And we know the whole internet observes handling mtu discovery properly and doesnt just firewall all ICMP because 'hackers'. (OP's issue may well be MTU discovery, esp if he's on broadband. Don't have enough details. I just solved this exact problem a couple weeks ago for a client with an UBNT ERX by turning on it's MTU hacking feature. Sites that engaged in ICMP mtu blocking included cnn.com.) I meant routers are allowed to drop ICMP request packets to themselves, not the packets to be transitted. I wasnt clear. /kc On Thu, Jul 07, 2016 at 11:53:38PM -0400, William Herrin said:
On Thu, Jul 7, 2016 at 3:52 PM, Ken Chase <math@sizone.org> wrote:
ICMP is allowed to be dropped by intervening routers. Someone will quote an RFC at us shortly.
Hi Ken,
That's not correct. Routers might not generate an ICMP time-exceeded packet for every packet whose TTL reaches zero, but that's not the same thing. Routers dropping ICMP packets in transit would be bad. Protocols like TCP depend on path MTU discovery and path MTU discovery critically depends on ICMP.
Regards, Bill Herrin
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
-- Ken Chase - ken@heavycomputing.ca skype:kenchase23 +1 416 897 6284 Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.