189522 – Browse of http hangs with FC5 as GateWay

Bug 189522 - Browse of http hangs with FC5 as GateWay

Summary: Browse of http hangs with FC5 as GateWay

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	iptables
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-04-20 18:34 UTC by Manfredo Hopp
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-07-19 14:35:04 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Manfredo Hopp 2006-04-20 18:34:23 UTC

Description of problem:

Using FC5 as Gateway enabling MASQ for LAN, I cannot browse http URls.

Version-Release number of selected component (if applicable):

FC5 (Bordeaux)

How reproducible:
From a box in a LAN with FC5 as Gateway browse
http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp


Steps to Reproduce:

1.Install FC5
2.Connect a box thru ethX (XP in my case)
3.Connect FC5 to internet (.i.e ueagle-atm module with pppd -ppd options as
described in your Fedora page for eagle-usb modems) 
4.Use following iptable :

# Reset Default Policies
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT

# Flush all rules
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F

# Erase all non-default chains
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X

5. from box connected in step 2, browse this URL:
http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp



  
Actual results:
browser timing out.


Expected results:
Show URL 

Additional info:

Comment 1 Thomas Woerner 2006-04-21 09:10:23 UTC

I think you should use masquerading.

Comment 2 Manfredo Hopp 2006-04-21 15:47:15 UTC

If I had not beeing using MASQ, how do you think that I can see this page. IN
fact I can see a lot of URLs in this machine using FC5 as Gateway, but NOT the
one I am reporting. I repeat that address.
http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp(In reply to
comment #1)

Comment 3 Thomas Woerner 2006-04-24 10:02:11 UTC

Can you please perform these tests with a linux box in your network:

1) ping www.hsbc.com.ar
2) traceroute www.hsbc.com.ar
3) lynx http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp

You wrote: "Use following iptable" and there is no masquerading rule in there.

Comment 4 Manfredo Hopp 2006-04-24 16:21:50 UTC

(In reply to comment #3)
> Can you please perform these tests with a linux box in your network:
> 
> 1) ping www.hsbc.com.ar
> 2) traceroute www.hsbc.com.ar
> 3) lynx http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp
> 
> You wrote: "Use following iptable" and there is no masquerading rule in there.
> 

Sorry about misunderstanding, I tried to avoid all rules to trace the problem,
so please add to the previous rules the following:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o XXX -j MASQUERADE (where XXX = your interface)

Here are the results of tests (numbered in same order as yours)
 Result of 1:

#  ping www.hsbc.com.ar
PING www.hsbc.com.ar (200.5.78.16) 56(84) bytes of data.

--- www.hsbc.com.ar ping statistics ---
801 packets transmitted, 0 received, 100% packet loss, time 799957ms

=============================
Result of 2:

# traceroute www.hsbc.com.ar
traceroute to www.hsbc.com.ar (200.5.78.16), 30 hops max, 38 byte packets
 1  pclinux (192.168.1.2)  0.266 ms  0.184 ms  0.308 ms
 2  200.51.241.235 (200.51.241.235)  16.557 ms  12.484 ms  11.829 ms
 3  192.168.99.234 (192.168.99.234)  11.851 ms  11.874 ms  11.952 ms
 4  200.73.185.130 (200.73.185.130)  11.956 ms  11.895 ms  11.914 ms
 5  200.73.172.41 (200.73.172.41)  11.981 ms  14.875 ms  14.962 ms
 6  npcR06-tibR01-02775.metrored.net.ar (200.49.69.217)  62.939 ms  32.746 ms 
32.790 ms
 7  host089201.metrored.net.ar (200.49.89.201)  56.773 ms  104.855 ms  131.919 ms
 8  host129242.metrored.net.ar (200.59.129.242)  275.908 ms  159.089 ms  116.939 ms
 9  * * *
10  * * *

=================================

Result of 3:

# rpm -i /media/cdrecorder/Fedora/RPMS/lynx-2.8.5-18.i386.rpm
# lynx http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp

Making HTTPS connection to hbsrv.pcbanking.hsbc.com.ar
~
========================================================
Comments about result 3: it hangs with the last message shown 

General comments: this results are similar (without performing above tests), to
the ones performed on a XP box. (Hanging of page)

Comment 5 Thomas Woerner 2006-04-26 15:25:17 UTC

Your FC5 gateway seems to work, because the packages are going out - see the
traceroute output. 
Are you sure, that this is a problem with FC-5 only?

Comment 6 Manfredo Hopp 2006-04-26 18:33:54 UTC

(In reply to comment #5)
> Are you sure, that this is a problem with FC-5 only?
Sorry, I dont have any other gateway to check. This problem appeared after Fc5
installation, and with different browsers as you can see, i.e. Lynx , Netscape ,
Firefox ,etc. Though I cannot browse from the LAN, I can still browse the
problematic URL from the gateway itself.
Do you have any FC5 Gateway to check all this?

Comment 7 Manfredo Hopp 2006-07-19 14:35:04 UTC

Changing MTU on client machine solves the problem. 
Description: on FC5 ueagle-usb driver is within distribution. This also changes
link configuration as from previous drivers. One of the changes is MTU size now
changed to 1492. As a result, some http flow hangs. I changed MTU on client
machine to 1454 (using DRTCP) and now I can browse those sites.

Note You need to log in before you can comment on or make changes to this bug.