[vox] Xbox Live firewall rules?

[ME]

Bill Broadley wrote:
> One potential problem is that whenever I dhcp an IP from comcast my MTU
> is set to 576.  Can I just run ifconfig eth1 mtu 1500?  Well I can
> definitely set my MTU after getting an IP, not sure what a random
> connection negotiates at though.

MTU is often a description of the maximum frame transmittable before
fragmentation, and a lower value than the common Ethernet 1500 suggests
you may have one or more links between you and the Internet, where layer2
frames are limited to a size of the smaller value.

It is possible for you to tell your external interface that acquired the
new IP address by DHCP to use a larger MTU, but at risk of larger frames
not making it to your desired destination.

For interactive sessions (like ssh) where frames often contain less than
500 bytes, you may not notice problems when exceeding the max frame size
between you and your gateway/next hop with a larger MTU, but would notice
it when trying to upload large files, or exceed the maximum frame size
between you and your next hop upstream.

Side note: This issue of MTU is especially important with OpenVPN and the
client-side config option "tun-mtu" ... I've seen some DSL served
customers have to drop this below 1250, and in 2 cases, 820 to not exceed
their ISP's MTU for layer 2 service to their next hop. Like above,
problems were not observed with ssh and interactive sessions, but attempts
to upload large files would eventually show a time-estimate of "stalled"
until the MTU was brought down to something around 64 bytes less than
their layer2 MTU.

It is possible that your ISP has a broken MTU config, or just uses the
same MTU config for most of their networks, even though larger MTU are
allowed, so they can have consistent configurations. If this is the case,
and your Layer2 link between you and your next upstream hop is 1500, then
changing this will likely cause no problems.

HTH,
-ME