Re: Weird Problem: no contact to selected websites only on one linux machine in local subnet

On 29 Dec 2006, in the Usenet newsgroup comp.os.linux.misc, in article
<1167413863.702377.303030@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, jochen.czemmel@xxxxxx
wrote:

I can telnet to the undisplayed websites, but I don't get no answer.

What does this mean? Do you not get a response, or do you get an error
message - either from your system or the remote?

Firewall: OpenBSD 3.3 with packet filtering
(Logs do not show anything I can relate to the problem)
no DNS server running, ppp connection via DSL

On the SuSE boxes - what is the MTU settings? You'd see this in the output
of /sbin/ifconfig -a

New Laptop: OpenSuse 10.2, Firewall completely
disabled, default route to the firewall machine,

Old Laptop: Suse 10.0, default route to the firewall machine
works without problems

Run tcpdump on both systems, and compare the packets. Look specifically
at the packet size, IP and TCP header flags, and any ICMP error packets.

As I can ping all websites, this is not a problem of DNS, right?

Or routing - correct

As I can see the websites on another laptop in my local net,
this is not a problem of the firewall, right?

Probably correct

As I can't see the websites in both firefox and konqueror,
this is not a problem of firefox, right?

Correct - but remember those are complicated applications, depending on
the system networking running correctly.

As I can see some websites, this can not be a problem of
firewall port 80 or wrong proxy, right?

Correct

As I do not get an answer from www.gmx.de on port 80
via telnet (but I get the connection!), this can not be a
problem of 'web 2.0' features the browser may not
support, right?

Might be MTU - might be ECN

So I currently have the Problem: where should I start searching?

packet sniffer. You should also try to compare the network setup
configuration files.

I found a hint in the opensuse faq (proxy setttings and ipv6 settings),
I tried both, no effect.

Not surprisingly

Could this be a problem between (older) OpenBSD and (newer) Linux?

OBSD3.3 is Spring 2003... SuSE 10.0 is Fall 2005, while 10.2 is brand
new. I doubt it, as both PMTU and ECN problems have been around for
over six years.

Old guy
.

Relevant Pages

  • Re: iptables and dhcp
    ... > the same physical network segment as the firewall and the remote DHCP ... You used INPUT and not FORWARD chain ... # This target allows packets to be marked in the mangle table ...
    (comp.os.linux.networking)
  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)
  • Re: Visnetic and 8signs firewall LOOPHOLE Read....
    ... I said I am just reporting bug in your Firewall, ... From the Port Scan/Properties control screen: ... The firewall filtered 100% of the packets that were received. ... operating system (I'm talking Windows, ...
    (comp.security.firewalls)
  • Re: strange network traffic
    ... Maybe not so wise to not have a firewall and trust a third party lurker to ... Subject: strange network traffic ... > -> connection established, following packets have neither SYN nor ...
    (Security-Basics)
  • Re: port 80 is open
    ... The firewall drops all packets initiated ... > internet the ISP router does not send the unreachable message. ... and then close the connection as your IP is seen as not connected. ...
    (comp.security.firewalls)