LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Partial loss of internet connectivity (TCP window scaling?) (https://www.linuxquestions.org/questions/linux-networking-3/partial-loss-of-internet-connectivity-tcp-window-scaling-686102/)

ojbyer@usa.net 11-25-2008 05:53 PM
[solved] Partial loss of internet connectivity
 
My home network consists of several computers sharing a DSL internet connection. All computers run Gentoo linux with kernels 2.6.25 - 2.6.27.

I have an extremely frustrating problem that I have been unable to track down: I can connect to most web sites, but not all. Some sites load partially or never even connect. When I try to access the site from another location (work, friend's house, etc) then I don't have any problem.

I thought that maybe the firewall was the problem, so I flushed all the rules in the filter and nat tables (except for the MASQUERADE rule) but that had no effect on the symptoms.

The fact that some web sites work and other sites do not work makes me think that something about my TCP/IP system isn't playing right with some other routers. This article sounds similar to what I am experiencing: http://lwn.net/Articles/92727/, but disabling TCP window scaling (on the router and on the clients) does not fix the problem.

The sites that I have noticed this problem with:

www.penny-arcade.com
www.arvest.com
Windows live / Hotmail servers for aMSN authentication

ojbyer@usa.net 11-25-2008 08:02 PM
More info
 
Machine A: Gateway machine
Machine B: Client machine
Machine C: Client machine

Moved DSL modem from Machine A to Machine B.
Updated default gateway on machine C

Machine B can now access all sites without problems.

Machine C still has the same problem.

My conclusion is that the problem is related to NAT/masquerade. I can not see any reason why this would work for some web sites and not others:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ! ppp0 -o ppp0 -j ACCEPT
iptables -P FORWARD DROP
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

ugge 11-27-2008 11:29 AM
Are you using PPPoE?
PPPoE "steal" some space from the tcp window, causing some packets to get fragmented. Some routers have a problem with that, and even if they handle it, the communication may slow down, due to the overhead caused.

ojbyer@usa.net 11-30-2008 12:00 AM
Quote:
Originally Posted by ugge (Post 3356887)
Are you using PPPoE?
PPPoE "steal" some space from the tcp window, causing some packets to get fragmented. Some routers have a problem with that, and even if they handle it, the communication may slow down, due to the overhead caused.
Yes, I am using PPPOE. Why would this allow me to access a web site when I use a browser on the gateway machine, but not on other machines in the network?

ugge 11-30-2008 01:45 AM
I found a good page about the issue here: http://adsl.cutw.net/mtu.html
I can't tell exactly why it would matter, but my guess is that your gateway manages to negotiate the correct transfer window, while the computers behind get it wrong due to the fact that they communicate across a normal ethernet connection as far as they know.

Try to set your mtu to 1454 on your clients.

ojbyer@usa.net 11-30-2008 12:46 PM
Quote:
Originally Posted by ugge (Post 3359289)
I found a good page about the issue here: http://adsl.cutw.net/mtu.html
I can't tell exactly why it would matter, but my guess is that your gateway manages to negotiate the correct transfer window, while the computers behind get it wrong due to the fact that they communicate across a normal ethernet connection as far as they know.

Try to set your mtu to 1454 on your clients.
Thank you. This is exactly the problem I was seeing.


All times are GMT -5. The time now is 11:54 AM.