PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

odd lack of some internet connectivity

From: monkey at monkeycoder.org (Richer Dinelle)
Date: Mon, 3 Nov 2008 16:20:11 -0500
As you may know, if the website you're trying to reach is blocking  
icmp at large then the pmtu won't work and won't be able to adjust its  
mtu. For example, an ADSL connection is using 1492 as its mtu but I  
had problems in the past with some websites (windows update or hotmail  
for example ...) and would timeout. By lowering the mtu at say 1456 or  
1484 it solved the problem. I hope it helps.


Rick

On 08-11-03, at 10:29, Robin Wood wrote:


Thanks for the suggestions. I agree that it probably isn't DNS as I
tried dig'ing the sites that failed and they all got responses, I
could also ping some of them but not the hotmail one but I think that
is because MS block pings for everyone.

The MTU I could go with if it was a large network but it is about 10
PC's sat behind a switch then firewall then SOHO modem and nothing
(I've been told) has changed.

I looked at taking smoothwall out of the picture but the modem was
plugged in though usb rather than ethernet and as I was doing it as a
favour I didn't fancy pulling plugs and spending all day there on my
own time. I've suggested the guy who comes in to upgrade smoothwall
does this if it is still bust after he has done the upgrade.

The peering info is interesting but as I can get at areas of a
site/ftp and not others I'm going to discount it. I would expect to
have complete blackholes rather than partial ones.

All good suggestions and ones I'll keep in mind for the next weird  
outage.

Robin

2008/11/3 David Grubers <david.grubers at gmail.com>:

I can't really offer any advise, but I have the same issue with
gmail.com in my dorm room. google.com will load happily,  as well as
several other sites, but gmail will take a good couple minutes. I  
know
it isn't DNS, as my browser successfully looks up the IP and then the
connection gets slow while it connects. I'm not sure if google
analytics automatically is loaded by gmail, but if not, I notice that
it often loads at this time too (perhaps my ISP is doing some
monitoring with analytics?).

2008/11/3 Bugbear <gbugbear at gmail.com>:

I am not familar with Smoothwall but does that have any sort of IPS,
application shaping, web filter, or app inspection in it? In my  
experience
when I have had issues like this it almost always one of these  
types of
products.

I would put a system on the outside of Smoothwall and see if the  
issue can
be reproduced - just to rule it out quickly. You can always throw  
wireshark
inline too but taking the firewall appliance out of the equation  
would be
where I star.

Doesnt sound like a DNS issue since it saounds like some of the  
pages are
loading partially and the FTP behavior you described.

Could very well be the ISP and worth a call post taking the Firewall
appliance out of the loop.

Tim




On Mon, Nov 3, 2008 at 8:15 AM, Robin Wood <dninja at gmail.com> wrote:


Hi
See if anyone can help me with this weird problem ...

I've just been to see a friend at his company as he was complaining
about not being able to access certain websites or certain parts of
sites that used to work fine. My first thought was browser or local
firewall problem so I took my laptop along to eliminate the
possibility of that being the fault.

After some playing we found a couple of sites (hotmail and part  
of the
Ryan Air booking system) that just timed out when we tried to  
access
them, this was through my laptop and through their machines. I've  
just
tried the same sites 10 mins later at home and they are working  
fine
so it isn't that the sites aren't down. I also tried hitting the  
site
through netcat and again, it just timed out.

It isn't a http vs https issue as I successfully visited a number  
of
sites of both types.

It isn't even just web traffic, the ftp connection they use to  
publish
their website allowed us to login and get a directory listing of  
the
root directory and change into a subdirectory but getting a  
directory
listing of that directory timed out. The same connection works fine
from my friends home network so it isn't a permissions issue.

I'm at a loss of what to suggest, they are using smoothwall  
express v2
between their switch and modem but that hasn't been updated for  
months
so is unlikely to be the cause, just in case it was playing up we
tried rebooting it and the problem still persisted.

The problem has been happening for over a month now but nothing has
been changed in a lot longer than that so it shouldn't be a config
issue.

I've suggested talking to their ISP (BT) to see if they can suggest
anything. Has anyone here got any suggestions of what to try, I'm
completely stumped!

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: