[solved] Partial loss of internet connectivity
My home network consists of several computers sharing a DSL internet connection. All computers run Gentoo linux with kernels 2.6.25 - 2.6.27.
I have an extremely frustrating problem that I have been unable to track down: I can connect to most web sites, but not all. Some sites load partially or never even connect. When I try to access the site from another location (work, friend's house, etc) then I don't have any problem. I thought that maybe the firewall was the problem, so I flushed all the rules in the filter and nat tables (except for the MASQUERADE rule) but that had no effect on the symptoms. The fact that some web sites work and other sites do not work makes me think that something about my TCP/IP system isn't playing right with some other routers. This article sounds similar to what I am experiencing: http://lwn.net/Articles/92727/, but disabling TCP window scaling (on the router and on the clients) does not fix the problem. The sites that I have noticed this problem with: www.penny-arcade.com www.arvest.com Windows live / Hotmail servers for aMSN authentication |
More info
Machine A: Gateway machine
Machine B: Client machine Machine C: Client machine Moved DSL modem from Machine A to Machine B. Updated default gateway on machine C Machine B can now access all sites without problems. Machine C still has the same problem. My conclusion is that the problem is related to NAT/masquerade. I can not see any reason why this would work for some web sites and not others: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -P INPUT DROP iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ! ppp0 -o ppp0 -j ACCEPT iptables -P FORWARD DROP iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE |
Are you using PPPoE?
PPPoE "steal" some space from the tcp window, causing some packets to get fragmented. Some routers have a problem with that, and even if they handle it, the communication may slow down, due to the overhead caused. |
Quote:
|
I found a good page about the issue here: http://adsl.cutw.net/mtu.html
I can't tell exactly why it would matter, but my guess is that your gateway manages to negotiate the correct transfer window, while the computers behind get it wrong due to the fact that they communicate across a normal ethernet connection as far as they know. Try to set your mtu to 1454 on your clients. |
Quote:
|
All times are GMT -5. The time now is 10:34 AM. |