[NCLUG] debugging ftp iptables

[Matt Rosing]

 >If you aren't aware, conntrack_ftp is used for passive FTP behind
 >NAT.  No one uses passive FTP anymore

Except for the archaic app I'm using ;) This problem is independent of 
that anyway.

I think I'm getting closer. If the server allows fragmented packets 
everything works. I looked at my firewall and the internet side has an 
MTU=576 bytes. So, I assume if I change the MTU size on my laptop to 576 
bytes everything will be happy. I assume I can change the MTU on my 
firewall to be 1500 like everything else. Is there a reason why it's 
576? It's not anything I've ever touched. Is this something negotiated 
with my cable modem?

Another issue I don't understand is how the server tells the client that 
fragmented packets aren't allowed. That message isn't getting back to 
the client or the client doesn't do anything with it. Is there something 
that should be in iptables to handle this?

Also, why is it that my linux box knows to use mtu=576 and my laptop 
doesn't? Does the linux box do mtu path discovery?

On 01/23/2013 12:00 PM, nclug-request at lists.nclug.org wrote:
>
>
> Today's Topics:
>
>     1. Re: sw raid, recovery after install (Bob Proulx)
>     2. Re: lightning (Steve Wolf)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 23 Jan 2013 00:48:03 -0700
> From: Bob Proulx<bob at proulx.com>
> Subject: Re: [NCLUG] sw raid, recovery after install
> To: nclug at lists.nclug.org
> Message-ID:<20130123074803.GB3538 at hysteria.proulx.com>
> Content-Type: text/plain; charset=us-ascii
>
> Sean Reifschneider wrote:
>> Bob Proulx wrote:
>>> I think you might be running into the problem of just having a huge
>>> amount of data to move.  Disks have been getting larger faster than
>>
>> Yeah, but that 120 hour verify time is certainly a lot of seeks for small
>> amounts of data, basically a large database job on the file-system
>> meta-data.
>
> Wow.  120 hours!
>
>> I'm really conflicted about hardware RAID.  Most of the controllers are
>> proprietary, so if you have an issue and need to try to get data off you
>> often can't figure out the on-disc layout without reverse-engineering it.
>
> Agreed.  It really only works if you have a large number of exactly
> the same controller cards available to you.  For a one-off
> installation it is terrible because then you won't have other systems
> available to use to recover the data.  Give me software raid every
> time then.  But in a datacenter filled with the same type of
> controller everywhere like at HP then it is okay.
>
>>> It is probably ten minutes or so for me from install to finish.  It
>>> really depends upon how large of a system I am installing.  The
>>> desktop can take ten minutes just by itself.  But I never install a
>>> desktop on a server machine.
>>
>> True.  I really don't put RAID on a desktop...
>
> And that is even harder in a laptop.  Not impossible.  Just harder.
> And no longer important now that SSDs are available.
>
> I never used to use raid on my desktop.  But then drives became
> inexpensive and now my desktop is a raid machine.  Why not?
>
>> If I were to get annoyed about anything wasting my time on Ubuntu or
>> Debian it would be that the installer is such an attention-whore.
>
> Only the disk partitioner is really attention intensive.  Everything
> else I can fly through very quickly without much thought.  I only use
> the keyboard and never the mouse.  That is the Debian installer.  I
> think Ubuntu calls it the alternate installer.  I don't like the mouse
> isntaller.  With the keyboard installer are really only three keys
> used during the install.  Up, down, enter.  I am very fast with it.
>
> But the disk partitioner for a raid and lvm installation takes me a
> couple of minutes to work through while all of the while hitting keys
> up, down, select, repeatedly as I work through the setup with I bet no
> longer than one second pause between keys hit.
>
>> Unless you have the pre-seeds set up, it will do some of the
>> install, ask the human for some questions, do some more install, ask
>> more questions.  That drives me nuts!
>
> Well...  It is quite modular.  So it doesn't really know what all of
> the questions it wants to ask until it gets to that part.
>
> I do have all of the preseeds set up for hands-off installations too.
> But only for simple client machines.  I have automated the
> installation with a PXE network boot menu.  Boot off the network.
> Select the system you want to install, 32-bit, 64-bit, some other
> different configurations.  It asks you for a hostname.  Then from
> there it is fully automatic and will eventually reboot to a login
> prompt and it is done.  In particular this is nice at the school so
> that they can image client desktop machines whenever they get new
> hardware to set up.
>
>> The newer Ubuntu desktop installer that is doing install tasks while it
>> asks you questions is nice.
>
> I haven't played with it yet.  I tried booting the latest Ubuntu in a
> KVM recently and for whatever reason it would hang during the
> installation.  I didn't feel like installing it on real hardware yet
> and was just wanting to play in a VM.  And so I haven't yet been able
> to drive it around it yet.
>
>> We mentioned you the other night when some folks were talking about Buddy
>> Holly and The Big Bopper and their plane getting struck by lightning and
>> how likely that was, figured you'd know the stats off the top of your head.
>> :-)
>
> I have never been hit by lightning!  I try to stay away from
> thunderstorms.  They are bigger than I am.  But most reports about
> lightning strings in aluminum aircraft are that they are a non-event.
> Nothing significant happens.  (Composite aircraft are new and as yet
> still somewhat unknown.)  A quick web search says airliners get hit
> 1-2 times per year per airplane.
>
> I am much more worried about hail.  Hail can really damage an
> airplane.  And you can't really just stop and hang out under an
> overpass if you get caught in it.
>
> Airplanes fly in the rain just fine however.  It can be quite loud
> though.  Sometimes so loud you can't hear the intercom or radio even
> with the headset.
>
> Bob
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 23 Jan 2013 03:02:41 -0700
> From: Steve Wolf<stevewolf6 at gmail.com>
> Subject: Re: [NCLUG] lightning
> To: Northern Colorado Linux Users Group<nclug at lists.nclug.org>
> Message-ID:<-8165888311660425553 at unknownmsgid>
> Content-Type: text/plain; charset=ISO-8859-1
>
>>> We mentioned you the other night when some folks were talking about Buddy
>>> Holly and The Big Bopper and their plane getting struck by lightning and
>>> how likely that was, figured you'd know the stats off the top of your head.
>>> :-)
>>
>> I have never been hit by lightning!  I try to stay away from
>> thunderstorms.  They are bigger than I am.  But most reports about
>> lightning strings in aluminum aircraft are that they are a non-event.
>> Nothing significant happens.
>
> In the empirical data column, my (aluminum) plane has been struck
> once.  Brilliant flash coming from everywhere at once around the
> plane, but no noise discernible over the usual cockpit noise.  It was
> a non-event in my case.  All the metal did a great job of conducting
> the energy.
>
> I was tuned into an air traffic control frequency at the time.
> Another pilot got on the radio and asked, "Did you just lose someone?
> Because we just saw a bright flash!"
>
> That said, I still do my best to steer clear of lightning.  One of my
> plane's instruments maps lightning strikes out to as far as 200 miles
> using two orthogonal antennae and measuring signal amplitude.  I hear
> that our own Bill Hale helped design it!
>
> Regards,
> Steve
>
>
> ------------------------------
>
> _______________________________________________
> NCLUG mailing list
> NCLUG at lists.nclug.org
> http://lists.nclug.org/mailman/listinfo/nclug
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://lists.nclug.org/mailman/listinfo/nclug
>
> When replying, please edit your Subject line so it is more specific
> than 'Re: Contents of LUG digest...'
>
> End of NCLUG Digest, Vol 367, Issue 2
> *************************************