[Network] 'mtr' tool : are these results abnormal ??

Tony Arnold tony.arnold at manchester.ac.uk
Tue Sep 5 13:29:39 UTC 2006


On Tue, 2006-09-05 at 12:40 +0100, R Kimber wrote:

> > I'm an idiot! My firewall was stopping some of the ICMP traffic coming
> > back! Turn off the firewall and the figures look much more sensible.
> Yes, I get 0% at every step, except the last, to www.keele.ac.uk (25%)
> MY firewall doesn't seem to do ICMP filtering.  It's a simple
> firestarter setup that just blocks external broadcasts.  Is there
> anything to be gained from enabling ToS filtering?  I don't really
> understand these things, but there seems to be a suggestion that you
> can maximise throughput.

I must admit I was confused by the figures. I'm not sure what mtr uses
to measure the packet loss, but if a firewall was blocking ICMP, I would
expect 100% loss, so it must be a bit more complicated than that.

I've just looked at my IP tables, and there is this line there:

ACCEPT     icmp --  anywhere             anywhere            limit: avg
10/sec burst 5

So it looks like the firewall is limiting the rate of inbound ICMP
packets, which would explain the partial success of mtr.

Maybe there is similar filtering on the Keel WEB server?

Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

More information about the ubuntu-users mailing list