I have a network where my WAN (a CableModem) goes into a (dubiously configured) Ubuntu box which acts as the router for the whole company.
We recently switched our ISP, and we're getting a very weird behavior. In Vista/Server 2008 machines, some websites don't work. This comes and goes a bit, but there's one, www.dilbert.com that never works.
We've been experimenting with this over weeks, and these are the things we've found so far...
- The Linux server itself CAN load the Dilbert homepage
- Windows XP/2003 machines work PERFECTLY
- Windows Vista/2008 machines have problems
- Sometimes, on my machine (2008), in FireFox, the page loads. It never loads in Chrome, for example. Now, once it loaded in Firefox, if I press F5, it dies immediately, it only loads once. The error is "the connection was reset"
- Restarting my machine, the router, the cablemodem, etc, won't make it load again, I still get "connection reset", it also doesn't work from other machines. Some time afterwards (days), however, it will load again, once.
- Also, I can sometimes open a telnet connection (using the Windows telnet client) to www.dilbert.com:80 and do a "get /", in which case I get a bunch of HTML, and the connection closes, expectedly. Now, if I open the same connection again, it connects, but as soon as I press "g", it disconnects me. This is the lowest level kind of information I could find.
- Using "Fiddler" to inspect the network traffic, with some browsers the request shows with "response status 0", an empty response, and no error details. With other browsers, it doesn't even appear.
- Finally, if I connect the cablemodem directly to a 2008 PC, without the router in between, everything works wonderfully, so I'm 99.99% sure the problem is inside my network, and not with my ISP.
Now, my best guess is that this is some kind of weird interaction between Vista's network layer (which as I understand, was rewritten from XP's, it's not the same), and Ubuntu's.
That's all I got. Besides that, I'm completely dumbfounded, and starting to believe there's a curse on my building.
Can any of you think of any plausible ideas as to what might be going on / what I could do to fix / diagnose this?
NOTE: I know NOTHING about linux, although I can run commands if you can think of something that'll give me some useful info.
Thanks!
Daniel
Feels like an MTU issue to me. I don't know what Vista's MTU algorithm is, though.
As a simple test, set your Vista machine's MTU artificially low, like 500, and see if that resolves the problem. If so, we can say that MTU is the cause and go back to looking at exactly how to fix that.
What is MTU?
MTU == Maximum Transmission Unit. Effectively, it's the largest ethernet packet that your computer will send. The IP spec says that if a router receives a packet too large to send out its (other) interface, it can either fragment the packet or send back an ICMP message that says "this is too big". Fragmenting is bad for performance, though, so many of those routers never agree to fragment. Also, modern OSes use a trick to determine the optimal MTU for a particular path by sending packets in decreasing sizes until they no longer hear a response back about the packet being too big. This is Path MTU Discovery, or PMTUD.
What's happening to you is that a router somewhere is refusing to fragment a packet, but your Vista machine is never hearing its refusal notification. When you set your MTU really small, you're telling the OS to always transmit packets smaller than any modern circuit is likely to be able t oaccept, so your packets will never encounter the need to fragment.
Update
Now that we know it's an MTU issue, and one that involves only your Ubuntu router, that would imply that your Ubuntu router is breaking packet fragmentation somehow.
Is it running a firewall? Is it blocking ICMP? If so, try disabling that. (Obviously, move back to the standard MTU of 1500 first; otherwise you'll be debugging a problem that doesn't exist any more.)
If you can, I would switch to something that was actually designed for use as a router.
I personally recommend pfSense.One of the common deployments of pfSense, is as a perimeter firewall.