Bug 116692
Summary: | (NET IPV6)certain web sites not accessible | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Don Hardaway <hardawayd> |
Component: | distribution | Assignee: | Bill Nottingham <notting> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | davem, rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-07-08 12:35:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Don Hardaway
2004-02-24 13:55:28 UTC
put.. net.ipv4.tcp_ecn = 0 in /etc/sysctl.conf And let your router vendor know that they need to fix their firmware to comply with internet RFCs (In this case ECN). You might find there's already a firmware update fixing this.. I have already put net.ipv4.tcp_ecn = 0 in /etc/sysctl.conf and although it allowed me to reach a few more sites, it still does not work with all of them. Core 1 worked with all of them using the same router equipment. I am a little confused why it would work with core 1 but not now with core 2 given the router is the same. hmm, apologies, I missed that when I first read the report. I just tried again after update to the latest--kernel-2.6.3-1.109 etc. Still when i put in usbank.com all i get is resolving host message. If i reboot and use core 1 or windoz i get it right away. Wish i new what was different in core 2. Still can not access certain web sites from browser with the latest updates. Core 1 works fine though. I have the latest of all core 2 software updated on my machine and am still having a problem when trying to access my bank at usbank.com and to a lesser degree firstusa.com. The browser sits there for 5 minutes or so saying resolving host at the bottom of the screen. This was not the case with core 1 or windows and is a serious problem---something with how it handles networking i assume. *** Bug 119432 has been marked as a duplicate of this bug. *** Ok, I finally got around to trying to reproduce this. Both sites worked just fine for me. Some things to try.. 1. Do you have any firewall rules in place ? Try without. 2. What happens when you telnet www.firstusa.com 80 Does it connect ? Do you get data if you type GET / ? 3. If all else fails, a tcpdump capture of a failing connection might be useful. OK--the firstusa.com site worked after a noticeable wait and i was able to telnet into it -- but-- the usbank.com site will not work -- i can not telnet into it either. what should i do about it? OK--i just did a clean install of test 2 and full updates---now i have more problems accessing web sites than ever. here is a tcpdump of trying to access two sites. [root@localhost etc]# tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 21:02:35.821245 IP 192.168.0.2.32781 > 192.168.0.1.domain: 53264+ AAAA? prism54 .org. (29) 21:02:35.834835 IP 192.168.0.1.domain > 192.168.0.2.32781: 53264 0/1/0 (104) 21:02:35.835118 IP 192.168.0.2.32781 > 192.168.0.1.domain: 53265+ AAAA? prism54 .org.localdomain. (41) 21:02:35.847813 IP 192.168.0.2.32782 > 192.168.0.1.domain: 15038+ PTR? 1.0.168. 192.in-addr.arpa. (42) 21:02:35.871752 IP 192.168.0.1.domain > 192.168.0.2.32781: 53265 NXDomain 0/1/0 (116) 21:02:35.872252 IP 192.168.0.2.32783 > 192.168.0.1.domain: 53266+ A? prism54.or g. (29) 21:02:35.914453 IP 192.168.0.1.domain > 192.168.0.2.32782: 15038 NXDomain 0/1/0 (129) 21:02:35.915147 IP 192.168.0.2.32784 > 192.168.0.1.domain: 15039+ PTR? 2.0.168. 192.in-addr.arpa. (42) 21:02:35.973342 IP 192.168.0.1.domain > 192.168.0.2.32783: 53266 1/2/0 A mcgrof .com (91) 21:02:35.973991 IP 192.168.0.2.32785 > 192.168.0.1.domain: 53267+ PTR? 166.77.1 39.66.in-addr.arpa. (44) 21:02:36.026322 IP 192.168.0.1.domain > 192.168.0.2.32784: 15039 NXDomain 0/1/0 (129) 21:02:36.027302 IP 192.168.0.2.32786 > 192.168.0.1.domain: 15040+ PTR? 166.77.1 39.66.in-addr.arpa. (44) 21:02:36.082129 IP 192.168.0.1.domain > 192.168.0.2.32785: 53267 1/2/2 (148) 21:02:36.082761 IP 192.168.0.2.32827 > mcgrof.com.http: S 3546221514:3546221514( 0) win 5840 <mss 1460,sackOK,timestamp 523458 0,nop,wscale 0> 21:02:36.141164 IP 192.168.0.1.domain > 192.168.0.2.32786: 15040 1/2/2 (148) 21:02:39.082347 IP 192.168.0.2.32827 > mcgrof.com.http: S 3546221514:3546221514( 0) win 5840 <mss 1460,sackOK,timestamp 526459 0,nop,wscale 0> 21:02:40.820048 arp who-has 192.168.0.1 tell 192.168.0.2 21:02:40.822205 arp reply 192.168.0.1 is-at 00:09:5b:87:28:3e 21:02:45.081432 IP 192.168.0.2.32827 > mcgrof.com.http: S 3546221514:3546221514( 0) win 5840 <mss 1460,sackOK,timestamp 532459 0,nop,wscale 0> 21:02:56.087929 IP 192.168.0.2.32786 > 192.168.0.1.domain: 53268+ AAAA? usbank. com. (28) 21:02:56.119340 IP 192.168.0.1.domain > 192.168.0.2.32786: 53268 0/1/0 (80) 21:02:56.126361 IP 192.168.0.2.32786 > 192.168.0.1.domain: 53269+ AAAA? usbank. com.localdomain. (40) 21:02:56.170030 IP 192.168.0.1.domain > 192.168.0.2.32786: 53269 NXDomain 0/1/0 (115) 21:02:56.170346 IP 192.168.0.2.32786 > 192.168.0.1.domain: 53270+ A? usbank.com . (28) 21:02:56.227110 IP 192.168.0.1.domain > 192.168.0.2.32786: 53270 1/2/0 A 170.13 5.241.199 (80) 25 packets captured 35 packets received by filter 0 packets dropped by kernel [root@localhost etc]# hummm it looks like you're trying to use ipv6...... don't know if this helps but when i use the ip address 170.135.241.199 instead of the domain name usbank.com the site comes up immediately. The problem has something to do with domain names. It continues to work under other os though when using usbank.com. Finally got the problem solved by scanning the Internet. Had to put this "alias net-pf-10 off" in the modprobe.conf file. The guy that solved it said that the browser trys to use ip6 instead of ip4 or something to that effect. I can not believe that redhat put out some code like that without realizing the consequences. Moving to distribution. IPv6 configuration seems to a policy matter. The kernel is not buggy here. Does this still persist? No i solved it by following someone else suggestion--look at comment #13. It should not look for IPv6 first though--that is what caused a whole lot of trouble. But the issue is that that *shouldn't* cause problems. For example, I can reach prism54.org just fine. i could not reach usbank.com before i made the change. I also had some delay with firtusa.com. These are both two major commercial institutions. It was a stopper for me if the system could not access them. Thats all i know. I'm assuming this is some sort of online banking app? I can get to the front page of both of those URLs ok. I could not before I made the changes mentioned above. What sort of hardware is between you and the internet, if any? i have a dell c800 latitude laptop with a netgear wg511 pcmcia wireless card connecting to a netgear router running 54mb. The router plugs into a cable modem and out to the Internet. |