OK, I thought I had encountered my fair share of bizarre Linux mysteries. But this one really has me mystified.

Can anybody explain to me why several websites are inaccessible from my machine when I am running Linux, but if I reboot and use Win98, I have no problems viewing those websites.

It's literally as if, for whatever reason, certain domains simply cannot be reached from my Linux machine. Why???

[My browser is simply "unable to resolve" or transfer data from these particular websites.]

I have a very standard Red Hat 6.2 configuration (almost everything is default). I have both Netscape and Mozilla (0.9.5) installed, and both demonstrate this nutty (selective domain accessibility) behavior, so I really don't think it's my browser.

Does anybody have any ideas on this?

Thanks,
Ben

You can get the nameservers from windows by running ipconfig /all from a command prompt or use winipcfg.

When you have the nameserver(s) put them in /etc/resolve.conf so it looks like this


[david@Alpha david]$ cat /etc/resolv.conf
search my.dns.suffix.com
nameserver 11.22.33.44
nameserver 11.22.33.45
[david@Alpha david]$


if you are using dhcp and it works it will put the nameservers in there.


One other thing it might be is .....


Are you using some form of pppoe like adsl?
And / or using an ICS server


if so you may try setting the MTU to a lower value like this...
you need to be root..

ifconfig eth0 mtu 1452

you can try other settings maybe 1492 or less.

set it on the interface connected to the internet if you have more than one.

also you can get the tweeking info for your connection at www.dslreports.com/tweeks


mozilla should work with this page, if java2 is not loaded you will be prompted to install. You will need to be root, su - to root then

run mozilla&

then go to the website and get the linux plugin installed, then go to the tweek page and press the start button, it will download a file and then you hit results button, enter your info at the top and it will tell you what you need to do.

from tweek info page
------------------------------------------------------------------------------------
There is no sysctl application for changing values, but you can change the values very easy with a editor like vi. Simply edit the files listed below, which magically change the values in the kernel.

Tuning the default and maximum window size:

/proc/sys/net/core/rmem_default - default receive window
/proc/sys/net/core/rmem_max - maximum receive window
/proc/sys/net/core/wmem_default - default send window
/proc/sys/net/core/wmem_max - maximum send window

In /proc/sys/net/ipv4/ you will find some other possibilities to tune TCP:

tcp_timestamps
tcp_windowscaling
tcp_sack
...
You will find a short description in /Documentation/networking/ip-sysctl.txt

David, thank you very much for your ideas.

1. In Windows, when I do ipconfig /all I get (among other things):
DNS Servers:
209.20.130.34
209.20.130.35

2. When I cat etc/resolv.conf, I get the following:
[benny@localhost ppp]$ cat /etc/resolv.conf
nameserver 209.20.130.34
nameserver 209.20.130.35

3. I am using (the simplest possible) ppp via dial-up modem (the world's most common external modem, in fact). No ISDN, no ADSL, etc. Nothing fancy at all.

4. When I cat /etc/ppp/options, I get:
[benny@localhost ppp]$ cat options
lock
mtu 576
mru 512

(My mtu had previously (about a year ago) been set to the "ideal" lower value of 576 in the interests of achieving reasonable modem speed, and that did work very, very well.)
------------------------------

I don't believe I've had this problem until just the past few days. The ONLY thing I have conceivably done (only my end) since then that could have affected any of this, as far as I know, is install Mozilla (0.9.5).

But, key points here:
1. I am currently having domain name resolution issues on Netscape as well (which I never had previously). So, this is not strictly a Mozilla issue.
2. How, hypothetically, could Mozilla have affected domain name resolution on my machine?

Still looking for answers....

Thanks,
Ben

I notice that I cannot even successfully ping these same domains that give me problems (let alone view their websites). But other domains I can ping just fine.

Also I notice that nameservers does not seem to be the issue here. I seem to get numeric IP's for even problematic domains just fine.

Here are examples of success/failure in pinging. Does this yield any insights to anybody?

------------------------------

Script started on Thu Nov 22 01:40:51 2001
]0;Benny@localhost.localdomain: /home/Benny [Benny@localhost Benny]$ ping google.com

PING google.com (216.239.37.100) from 207.202.172.25 : 56(84) bytes of data.

64 bytes from www.google.com (216.239.37.100): icmp_seq=0 ttl=50 time=216.159 msec

64 bytes from www.google.com (216.239.37.100): icmp_seq=1 ttl=50 time=209.992 msec

64 bytes from www.google.com (216.239.37.100): icmp_seq=2 ttl=50 time=219.989 msec

64 bytes from www.google.com (216.239.37.100): icmp_seq=3 ttl=50 time=229.451 msec

64 bytes from www.google.com (216.239.37.100): icmp_seq=4 ttl=50 time=219.991 msec



--- google.com ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max/mdev = 209.992/219.116/229.451/6.343 ms


]0;Benny@localhost.localdomain: /home/Benny [Benny@localhost Benny]$ ping aethereal.net

PING aethereal.net (208.185.127.162) from 207.202.172.25 : 56(84) bytes of data.



--- aethereal.net ping statistics ---

11 packets transmitted, 0 packets received, 100% packet loss


]0;Benny@localhost.localdomain: /home/Benny [Benny@localhost Benny]$ ping yahoo.com

PING yahoo.com (216.115.108.245) from 207.202.172.25 : 56(84) bytes of data.

64 bytes from img5.yahoo.com (216.115.108.245): icmp_seq=0 ttl=240 time=336.551 msec

64 bytes from img5.yahoo.com (216.115.108.245): icmp_seq=1 ttl=240 time=159.983 msec

64 bytes from img5.yahoo.com (216.115.108.245): icmp_seq=2 ttl=240 time=159.985 msec



--- yahoo.com ping statistics ---

3 packets transmitted, 3 packets received, 0% packet loss

round-trip min/avg/max/mdev = 159.983/218.839/336.551/83.236 ms

]0;Benny@localhost.localdomain: /home/Benny [Benny@localhost Benny]$ exit


Script done on Thu Nov 22 01:42:42 2001
-------------------------------------------

Note: I used my own domain (not on my machine) to demonstrate failure in this case, but I could have used any of several others. I have verified that several others fails in precisely the same way.

Any ideas, anybody?

Thanks,
Ben

are these secure pages or java related stuff?

when you find an address that won't load try this in a terminal window or console...

wget http://addressthatwontload.com


see if that downloads the file.


then try to open the file in the browser.

Also, what account are you using?

see if it works with another user account.

[david@Alpha david]$ ping aethereal.net
PING aethereal.net (208.185.127.162) from 24.18.29.213 : 56(84) bytes of data.

--- aethereal.net ping statistics ---
14 packets transmitted, 0 packets received, 100% packet loss
[david@Alpha david]$

this site is droping pings


I would not worry about that, it is pretty common for people to block pings.

[david@Alpha david]$ ping www.msn.com
PING www.msn.com (207.68.171.253) from 24.18.29.213 : 56(84) bytes of data.

--- www.msn.com ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss

This is not related to your problem

Thanks very much, David, for your continuing follow-up.

What I know:
1. This is not in any way Java or security related. (e.g., My home page, www.aethereal.net, is about as simple as one can get. Similarly, other pages that I cannot reach do not seem special in any way that I can discern.)

2. Unfortunately, I do not have "wget" on my machine.

3. This behavior exists for all user accounts on my machine, including root.

4. The *key* point, it seems to me, is the fact that I can ping *some*, but not all, known/good IP addresses. (It would seem as though we can set aside all web-related questions, due to this point alone.)

So, I believe *that* is the big question: Why can I ping *some*, but not all, known/good IP addresses from my machine?

Any ideas welcome.

Thanks again for your help,
Ben

I just noticed that the aethereal.net is you


are your blocking pings in your firewall settings?

are you on this machine or behind it?

give a few more examples of the ones you cannot ping and I will try them, but I think they are blocking pings.



#
# ICMP rules
#

$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 0 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 3 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 5 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT

David, I e-mailed you directly to follow-up on this issue, but I'm not sure if you got my message. So, I'll continue on here...

Here are some domains that I am neither able to receive web pages from nor receive ping responses from. (You are right that some domains will simply refuse to reply to pings, but I do find it coincidental that these very domains whose webpages I cannot receive ~all~ happen to refuse to reply to my pings as well. <shrug>)

Anyway, here are some samples of problematic domains for me:
aethereal.net
freeservers.com
trickylive.com
attenza.com
linuxnewbie.org

Any ideas, anybody?

I really need to figure this problem out. I can hardly accept only being able to view *some* of the Internet.

Thanks again,
Ben

Thank God, I just figured out the cause of this problem.

A (fairly long) while ago, upon the recommendation of an article at linuxnewbie.org, I had adjusted downward the size of my mtu and mru as a means of increasing modem speed.

These were my updated settings:
$ cat /etc/ppp/options
lock
mtu 576
mru 512

On a hunch, just now, I simply tried increasing the size of both the mtu and mru, as follows:
$ cat /etc/ppp/options
lock
mtu 1000
mru 1000

Following that simple change:
Voila! Now, all of the sites that were inaccessible to me are now suddenly accessible to me.

So, it appears as though certain webservers (for example) will refuse to transmit data if the requested packet size is unacceptably low (e.g., beneath some pre-set threshold).

I could apparently receive data from some webservers, but not others, due to their differing minimum packet threshold settings.

That is just my guess, in light of what I have just discovered, but I think that may be (roughly) what is going on here.

Thanks to all, especially David, for offering your help with this tough issue.

I am soooo happy now!!!
Ben : )

Cool, Glad you got it going.

To tune the mtu you can tell ping not to fragment by using the -f option. it will tell you when the packet is too big.


ping www.netscape.com -f -l 1000


you would start with a packet size of 1000 and keep raising it until it works.

on the low end I guess you could speed test to see if it helps, I would not go lower than 576.