[kwlug-disc] No web on LAN - but everything else works...

john at netdirect.ca john at netdirect.ca
Wed Dec 17 12:29:47 EST 2008


I'd also be tempted to wireshark a web page request. With mtu issues you see the starts of a conversation, the request and one reponse packet, then nothing until timeout. 



----- Original Message -----
From: "L.D. Paniak" [ldpaniak at fourpisolutions.com]
Sent: 12/17/2008 12:22 PM EST
To: KWLUG discussion <kwlug-disc at kwlug.org>
Subject: Re: [kwlug-disc] No web on LAN - but everything else works...



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's a cable modem and the MTU is reported at 576.  I thought this was
ridiculously low.  Nowhere near the 1500/1492 I'd expect.

I'll give ping a try with big packets.


john at netdirect.ca wrote:
> This isn't a comprehensive response but how about MTU? Is it possible that the MtU for the dsl is too large and packet fragmentation is causing problems with large packets?  Use ping options that create large payloads for testing. 
> 
> 
> 
> ----- Original Message -----
> From: "L.D. Paniak" [ldpaniak at fourpisolutions.com]
> Sent: 12/17/2008 12:10 PM EST
> To: kwlug-discussion <kwlug-disc at kwlug.org>
> Subject: [kwlug-disc] No web on LAN - but everything else works...
> 
> 
> 
> OK, I'm at my wit's end with this one.  Maybe you guys and gals can
> point out what I'm missing.
> 
> Background:  Samba fileserver running Debian Lenny with Shorewall
> firewall connected to (dhcp) cable modem on eth0 and a lan on br0 (a
> bridge of lan on eth1, openvpn tap0 and an admin network on eth2).
> 
> modem -- eth0 -- shorewall -- br0 (eth1,2 and tap0)
> 
> Everything worked well until last Thursday when a power outage resulted
> in an 'awkward' shutdown.
> 
> On reboot, there was no network connectivity on eth0 and eth1.  Both
> ports are on a dual-port Intel e1000 gigabit card.  Apparently the
> onboard nvram became corrupted.  Reflashing the card fixed that and
> restored network connectivity (mostly-read on).
> 
> Now from the server, all connectivity to the Internet (including
> http/https) and the LAN is OK.  Speeds good, no packet problems reported
> in ifconfig.  From the LAN, Samba is there along with other machines on
> the LAN and all internet services are good with excellent speed.
> 
> The problem is with Internet access from computers on the LAN.  A
> computer on the LAN has no web access.  Strangely, e-mail works and
> Skype can log in.  Pings from the LAN to the internet work and name
> resolution is good.  ie. ping google.ca gives a good result.
> 
> It seems that the server is refusing to return requested Internet web
> traffic to the appropriate LAN client.  NAT is configured in Shorewall
> via the masq file.  Here it looks like:
> 
> eth0	br0
> 
> Very simple and worked until last Friday.
> 
> Is there something I should be looking for in iptables?  Why should
> e-mail be different than web traffic - I do not differentiate anywhere
> in the firewall? Is there something 'stuck'?...
> 
> Thanks for any and all insight!
> Lori

_______________________________________________
kwlug-disc_kwlug.org mailing list
kwlug-disc_kwlug.org at kwlug.org
http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJSTVH8h2PnOHbiQcRAohnAJ42BejK/UM9cQhmRDiWQqpyuYDR1gCgkqIw
zUGEzuwuF4PRPahcytIJ5MA=
=fpBg
-----END PGP SIGNATURE-----

_______________________________________________
kwlug-disc_kwlug.org mailing list
kwlug-disc_kwlug.org at kwlug.org
http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the kwlug-disc_kwlug.org mailing list