Bug 116692

Summary:	(NET IPV6)certain web sites not accessible
Product:	[Fedora] Fedora	Reporter:	Don Hardaway <hardawayd>
Component:	distribution	Assignee:	Bill Nottingham <notting>
Status:	CLOSED CURRENTRELEASE	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	rawhide	CC:	davem, rvokal
Target Milestone:	---
Target Release:	---
Hardware:	i386
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2004-07-08 12:35:55 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Don Hardaway 2004-02-24 13:55:28 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040217

Description of problem:
When browsing certain web sites it says resolving host and never
brings up the web site page.  I added the following line to the
sysctl.conf file based on some other feedback provided.  It helped
some in that one of the sites that I could not previously access now
works but there are still other sites that this did not help.  The two
sites in particular are credit card and a bank site if that helps.


# Disable ECN
net.ipv4.tcp_ecn = 0


Version-Release number of selected component (if applicable):
kernel-2.6.3-1.97

How reproducible:
Always

Steps to Reproduce:
1.open browser
2.put in usbank.com or firstusa.com
3.
    

Actual Results:  it says resolving hosts and never brings up the site

Expected Results:  opening page would be displayed

Additional info:

I am also running my laptop from a wireless router in my home.

Comment 1 Dave Jones 2004-02-24 15:21:47 UTC

put..
net.ipv4.tcp_ecn = 0

in /etc/sysctl.conf

And let your router vendor know that they need to fix their firmware
to comply with internet RFCs (In this case ECN).

You might find there's already a firmware update fixing this..

Comment 2 Don Hardaway 2004-02-24 19:32:28 UTC

I have already put net.ipv4.tcp_ecn = 0 in /etc/sysctl.conf and
although it allowed me to reach a few more sites, it still does not
work with all of them.  Core 1 worked with all of them using the same
router equipment.  I am a little confused why it would work with core
1 but not now with core 2 given the router is the same.

Comment 3 Dave Jones 2004-02-24 19:43:25 UTC

hmm, apologies, I missed that when I first read the report.

Comment 4 Don Hardaway 2004-02-27 02:30:42 UTC

I just tried again after update to the latest--kernel-2.6.3-1.109 etc.
Still when i put in usbank.com all i get is resolving host message. If
i reboot and use core 1 or windoz i get it right away.  Wish i new
what was different in core 2.

Comment 5 Don Hardaway 2004-03-09 19:01:14 UTC

Still can not access certain web sites from browser with the latest
updates.  Core 1 works fine though.

Comment 6 Don Hardaway 2004-03-22 15:19:15 UTC

I have the latest of all core 2 software updated on my machine and am
still having a problem when trying to access my bank at usbank.com and
to a lesser degree firstusa.com.  The browser sits there for 5 minutes
or so saying resolving host at the bottom of the screen.  This was not
the case with core 1 or windows and is a serious problem---something
with how it handles networking i assume.

Comment 7 Dave Jones 2004-03-30 17:05:03 UTC

*** Bug 119432 has been marked as a duplicate of this bug. ***

Comment 8 Dave Jones 2004-03-30 17:16:15 UTC

Ok, I finally got around to trying to reproduce this.
Both sites worked just fine for me.  Some things to try..

1. Do you have any firewall rules in place ? Try without.

2. What happens when you telnet www.firstusa.com 80
Does it connect ? Do you get data if you type GET /  ?

3. If all else fails, a tcpdump capture of a failing connection might
be useful.

Comment 9 Don Hardaway 2004-03-31 04:24:07 UTC

OK--the firstusa.com site worked after a noticeable wait and i was
able to telnet into it -- but-- the usbank.com site will not work -- i
can not telnet into it either. what should i do about it?

Comment 10 Don Hardaway 2004-04-02 02:59:20 UTC

OK--i just did a clean install of test 2 and full updates---now i have
more problems accessing web sites than ever. here is a tcpdump of
trying to access two sites.

[root@localhost etc]# tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
21:02:35.821245 IP 192.168.0.2.32781 > 192.168.0.1.domain:  53264+
AAAA? prism54 .org. (29)
21:02:35.834835 IP 192.168.0.1.domain > 192.168.0.2.32781:  53264
0/1/0 (104)
21:02:35.835118 IP 192.168.0.2.32781 > 192.168.0.1.domain:  53265+
AAAA? prism54 .org.localdomain. (41)
21:02:35.847813 IP 192.168.0.2.32782 > 192.168.0.1.domain:  15038+
PTR? 1.0.168. 192.in-addr.arpa. (42)
21:02:35.871752 IP 192.168.0.1.domain > 192.168.0.2.32781:  53265
NXDomain 0/1/0  (116)
21:02:35.872252 IP 192.168.0.2.32783 > 192.168.0.1.domain:  53266+ A?
prism54.or g. (29)
21:02:35.914453 IP 192.168.0.1.domain > 192.168.0.2.32782:  15038
NXDomain 0/1/0  (129)
21:02:35.915147 IP 192.168.0.2.32784 > 192.168.0.1.domain:  15039+
PTR? 2.0.168. 192.in-addr.arpa. (42)
21:02:35.973342 IP 192.168.0.1.domain > 192.168.0.2.32783:  53266
1/2/0 A mcgrof .com (91)
21:02:35.973991 IP 192.168.0.2.32785 > 192.168.0.1.domain:  53267+
PTR? 166.77.1 39.66.in-addr.arpa. (44)
21:02:36.026322 IP 192.168.0.1.domain > 192.168.0.2.32784:  15039
NXDomain 0/1/0  (129)
21:02:36.027302 IP 192.168.0.2.32786 > 192.168.0.1.domain:  15040+
PTR? 166.77.1 39.66.in-addr.arpa. (44)
21:02:36.082129 IP 192.168.0.1.domain > 192.168.0.2.32785:  53267
1/2/2 (148)
21:02:36.082761 IP 192.168.0.2.32827 > mcgrof.com.http: S
3546221514:3546221514( 0) win 5840 <mss 1460,sackOK,timestamp 523458
0,nop,wscale 0>
21:02:36.141164 IP 192.168.0.1.domain > 192.168.0.2.32786:  15040
1/2/2 (148)
21:02:39.082347 IP 192.168.0.2.32827 > mcgrof.com.http: S
3546221514:3546221514( 0) win 5840 <mss 1460,sackOK,timestamp 526459
0,nop,wscale 0>
21:02:40.820048 arp who-has 192.168.0.1 tell 192.168.0.2
21:02:40.822205 arp reply 192.168.0.1 is-at 00:09:5b:87:28:3e
21:02:45.081432 IP 192.168.0.2.32827 > mcgrof.com.http: S
3546221514:3546221514( 0) win 5840 <mss 1460,sackOK,timestamp 532459
0,nop,wscale 0>
21:02:56.087929 IP 192.168.0.2.32786 > 192.168.0.1.domain:  53268+
AAAA? usbank. com. (28)
21:02:56.119340 IP 192.168.0.1.domain > 192.168.0.2.32786:  53268
0/1/0 (80)
21:02:56.126361 IP 192.168.0.2.32786 > 192.168.0.1.domain:  53269+
AAAA? usbank. com.localdomain. (40)
21:02:56.170030 IP 192.168.0.1.domain > 192.168.0.2.32786:  53269
NXDomain 0/1/0  (115)
21:02:56.170346 IP 192.168.0.2.32786 > 192.168.0.1.domain:  53270+ A?
usbank.com . (28)
21:02:56.227110 IP 192.168.0.1.domain > 192.168.0.2.32786:  53270
1/2/0 A 170.13 5.241.199 (80)
 
25 packets captured
35 packets received by filter
0 packets dropped by kernel
[root@localhost etc]#

Comment 11 Arjan van de Ven 2004-04-02 08:44:53 UTC

hummm it looks like you're trying to use ipv6......

Comment 12 Don Hardaway 2004-04-02 17:37:20 UTC

don't know if this helps but when i use the ip address 170.135.241.199
instead of the domain name usbank.com the site comes up immediately.
The problem has something to do with domain names.  It continues to
work under other os though when using usbank.com.

Comment 13 Don Hardaway 2004-04-05 21:01:26 UTC

Finally got the problem solved by scanning the Internet. Had to put
this "alias net-pf-10 off" in the modprobe.conf file. The guy that
solved it said that the browser trys to use ip6 instead of ip4 or
something to that effect.  I can not believe that redhat put out some
code like that without realizing the consequences.

Comment 14 Alan Cox 2004-05-03 18:52:39 UTC

Moving to distribution. IPv6 configuration seems to a policy matter.
The kernel is not buggy here.

Comment 15 Bill Nottingham 2004-05-03 20:28:03 UTC

Does this still persist?

Comment 16 Don Hardaway 2004-05-03 21:04:42 UTC

No i solved it by following someone else suggestion--look at comment
#13.  It should not look for IPv6 first though--that is what caused a
whole lot of trouble.

Comment 17 Bill Nottingham 2004-05-03 21:12:32 UTC

But the issue is that that *shouldn't* cause problems. For example, I
can reach prism54.org just fine.

Comment 18 Don Hardaway 2004-05-04 00:00:58 UTC

i could not reach usbank.com before i made the change. I also had some
delay with firtusa.com.  These are both two major commercial
institutions.  It was a stopper for me if the system could not access
them.  Thats all i know.

Comment 19 Bill Nottingham 2004-05-04 03:54:26 UTC

I'm assuming this is some sort of online banking app? I can get to the
front page of both of those URLs ok.

Comment 20 Don Hardaway 2004-05-04 08:23:34 UTC

I could not before I made the changes mentioned above.

Comment 21 Bill Nottingham 2004-05-04 14:49:01 UTC

What sort of hardware is between you and the internet, if any?

Comment 22 Don Hardaway 2004-05-04 15:06:28 UTC

i have a dell c800 latitude laptop with a netgear wg511 pcmcia
wireless card connecting to a netgear router running 54mb.  The router
plugs into a cable modem and out to the Internet.