Hi Roberto,Chris Linton-Ford wrote: > Hi, > > I've had a recurring problem on our office network where some computers > suddenly stop being able to access certain websites. We're currently > using a mixture of FC3-5 behind an OpenBSD gateway, which performs > firewalling and NAT; however we had the same problem when using an FC5 > gateway. > > The computer in question at the moment is running FC4, has no problems > resolving the IP address of the website, and its routing tables are > fine. It doesn't have a firewall, and can access all other websites no > problems, as far as we can tell. Doing a tcpdump shows that the http > packets are going out and ack packets are coming back, but no http data > comes back from the website. > > I've tried accessing the website using Firefox, elinks and using telnet > to do the basic GET /index.htm etc. They all hang after the sending the > request. Can you sniff the packets on the external interface of the gateway to understand if something is blocked by the firewall on the gateway? Some things I'd check: 1) "ifconfig eth0 mtu 1000" on the FC4 box to use smaller packets 2) "cat /proc/sys/net/ipv4/tcp_window_scaling"; if it is enabled, try disabling it 3) "cat /proc/sys/net/ipv4/tcp_ecn" to see if ECN is enabled (better if disabled, but it should be 0 by default) Best regards. -- Roberto Ragusa mail at robertoragusa.it
Changing the MTU size didn't help, but disabling tcp_window_scaling did the trick. Having looked around various groups, it sounds like this is a problem with the 2.6.17-1.2139 kernel; is it a better idea for me to permanently disable window scaling on our machines or wait until a fix comes out for the kernel? Is window scaling a Good Thing?
Thanks for your help,
Chris
