Stop Microsoft
Operating Systems => Linux and UNIX => Topic started by: asdf on 14 April 2002, 07:17
-
I'm getting a very weird problem- my computer can't access certain websites. I know they're up and running because I tried them from another computer. Mozilla just says "Connecting" but doesnt do anything, until I get the popup box that says it timed out.
The problem isn't with the nameserver - it resolves it just fine, but it just cant connect. I tried going to toshiba.com but it happens, and I can't connect with either mozilla or lynx. I tried using ping, but that doesn't work either. I'm guessing this has something to do with my network setup.
What should I check? How should I fix this?
BTW I'm using Debian/woody.
-
Can you ping from the other machines? Also, are those other machines using the same Internet connection?
Some websites are running on machines that block pings, so that might not really tell you if you can connect to it. You can try this to see if the connectivity is there.
Open up a shell and type
telnet www.thewebsite.com (http://www.thewebsite.com) 80
That will telnet to the web port of that machine. If you connect then it means you can reach it.
If you can't connect to it, then it sounds like some type of network issue. I'd give your ISP a call and see if they can help in that case.
-
Also do a "traceroute" and find see where the trace stops. What sort of internet connection do you have? Cable/DSL? Dialup? Are you directly attached or do you have a router/firewall and local area network? Did you configure a static IP or is it configured via DHCP? If static, is the address you assigned unique at your location? What network card and driver are you using?
-
To answer the first question, I can't telnet to port 80. It's able to find the IP address but can't do much from there.
For the second question, I'm using DSL. Traceroute did funky things. Here's a snippet of the end of it:
17 0.so-4-0-0.CL2.LAX4.ALTER.NET (152.63.57.38) 95.067 ms 96.066 ms 95.021 ms
18 192.ATM6-0.GW5.LAX4.ALTER.NET (152.63.113.109) 95.794 ms 95.673 ms 95.728 ms
19 appereto-gw.customer.alter.net (157.130.245.42) 95.512 ms 94.076 ms 95.300 ms
20 v9.core1.irv.intelenet.net (216.23.160.214) 92.620 ms 92.505 ms 96.974 ms
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
..and I just keep getting those stars.
-
Do all of the places you can't get to stop at the 20th hop? Do any stop at *more* than 20 hops? If so the problem is not on your end but at the router the trace stops at. If it always stops at the 20th hop then the problem is on your end. You may have to change a TCP/IP parameter.
I believe you would need to increase the TTL but I have not heard anything about this being a problem with any Linux distro and I'm having difficulty finding where anyone else has had this problem and what to do about it. Just for grins do this:
cat /proc/sys/net/ipv4/ip_default_ttl
cat /proc/sys/net/ipv4/inet_peer_minttl
cat /proc/sys/net/ipv4/inet_peer_maxttl
Let me know what the output of the above commands are just so I can compare what I have set on mine. I may be way off base here but it's worth a shot.
[ April 14, 2002: Message edited by: VoidMain ]
-
john@microsuck:~$ cat /proc/sys/net/ipv4/ip_default_ttl
64
john@microsuck:~$ cat /proc/sys/net/ipv4/inet_peer_minttl
120
john@microsuck:~$ cat /proc/sys/net/ipv4/inet_peer_maxttl
600
john@microsuck:~$
No, they don't all stop at the 20th hop.
-
Hmm, same as mine. How about the more important questions? Can you traceroute to anything that is more than 20 hops away? What other sites can't you get to. Do you have any problem getting to these sites from other OSs?
-
Right, first v9.core1.irv.intelenet.net or the router after it appear to drop any traceroute traffic as I have just tracerouted it from several machines, one of which can connect fine to www.toshiba.com (http://www.toshiba.com) port 80 and the rest of which cannot. You didn't say whether you were using the default debian kernel or your own compiled kernel, but I belive you will find the reason you cannot connect is because you have ECN (Explicit Congestion Notification enabled in the running kernel, some internet firewalls unforunately are rather broken and drop packets sent from machines with ECN enabled, to check if you have ECN enabled go to your Linux source directory (should be /usr/src/linux) and type
"grep CONFIG_INET_ECN .config" if the output is CONFIG_INET_ECN=y then ECN is enabled, and if you want to access these sites either wait till the firewalls are fixed / replaced (an E-mail to the admin might help!) or disable ECN, you could either recompile and reboot or much easier, echo "0" >/proc/sys/net/ipv4/tcp_ecn for a temporary fix, you should find it works fine now.
Iain
-
That worked quite well. Thank you very much
-
No problem, Glad to Help (http://smile.gif)
-
quote:
Originally posted by psitau:
No problem, Glad to Help (http://smile.gif)
Great job psitau! We could use your expertise around here.