Hi, I have a computer with ppp0 direct connection to my ISP (no router/switch involved). When using Windows 7 (+ its firewall blocking everything) I can view the ISP's website http://www.rcs-rds.ro/. When using Ubuntu (+ ufw allowing only 22, 80, 443) the ISP's website is hanging and in the end it fails.

I also tested it with wget:

I also used curl (the same is for ISP's site):

As you can see not even linuxquestions is visible though it's ip is accessible as you can see below:
Google's website is anyway accessible & visible.

What could be the problem and how could I debug/solve it?

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial

uname -a
Linux adr-desktop 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

This sounds very much like an MTU (Maximum Transmission Unit) issue.

PPPoE travels over Ethernet, which typically has an MTU of 1500 bytes, but due to PPPoE overhead, the effective MTU for a PPPoE connection becomes 1492 bytes. ifconfig ppp0 | grep mtu will confirm this.

Attempts to send larger packets would normally result in fragmentation, but if a router along the return path (typically the PPPoE endpoint at your ISP) refuses to do this, and instead erroneously forwards a 1500 byte packet, you have what is known as an MTU blackhole. In this scenario, you will be able to receive packets smaller than or equal to 1492 bytes in size, but larger packets will arrive with some bytes missing and hence be silently dropped. This will basically prevent any TCP stream from functioning.

The following iptables commands implements a workaround:This modifies the Maximum Segment Size parameter in outgoing TCP packets to a value so small, no single packet will ever exceed your interface MTU. Not pretty, but it might work.

(If it does indeed work, you should open a support ticket with your ISP.)

1 members found this post helpful.

Indeed the mtu is the problem. I found solutions to learn the right mtu value, e.g. using:

ping -c 1 -M do -s 1500 75.126.162.205
ping -c 1 -M want -s 1500 75.126.162.205 -> did't tried this but seems very helpful

Somehow the first ping solution didn't help me but might help others. Theoretically smaller mtu values compared to the ISP's one should work but for me they did not (I tried 1404, 1024, 1280, etc). Instead only the exact ISP's mtu value worked (for my ISP this was 1492).

From ping man page:
-M pmtudisc_opt: select Path MTU Discovery strategy. pmtudisc_option may be either do (prohibit fragmentation, even local one), want (do PMTU discovery, fragment locally when packet size is large), or dont (do not set DF flag)