Bug 189522 - Browse of http hangs with FC5 as GateWay
Browse of http hangs with FC5 as GateWay
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-20 14:34 EDT by Manfredo Hopp
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-19 10:35:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Manfredo Hopp 2006-04-20 14:34:23 EDT
Description of problem:

Using FC5 as Gateway enabling MASQ for LAN, I cannot browse http URls.

Version-Release number of selected component (if applicable):

FC5 (Bordeaux)

How reproducible:
From a box in a LAN with FC5 as Gateway browse
http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp


Steps to Reproduce:

1.Install FC5
2.Connect a box thru ethX (XP in my case)
3.Connect FC5 to internet (.i.e ueagle-atm module with pppd -ppd options as
described in your Fedora page for eagle-usb modems) 
4.Use following iptable :

# Reset Default Policies
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT

# Flush all rules
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F

# Erase all non-default chains
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X

5. from box connected in step 2, browse this URL:
http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp



  
Actual results:
browser timing out.


Expected results:
Show URL 

Additional info:
Comment 1 Thomas Woerner 2006-04-21 05:10:23 EDT
I think you should use masquerading.
Comment 2 Manfredo Hopp 2006-04-21 11:47:15 EDT
If I had not beeing using MASQ, how do you think that I can see this page. IN
fact I can see a lot of URLs in this machine using FC5 as Gateway, but NOT the
one I am reporting. I repeat that address.
http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp(In reply to
comment #1)
Comment 3 Thomas Woerner 2006-04-24 06:02:11 EDT
Can you please perform these tests with a linux box in your network:

1) ping www.hsbc.com.ar
2) traceroute www.hsbc.com.ar
3) lynx http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp

You wrote: "Use following iptable" and there is no masquerading rule in there.
Comment 4 Manfredo Hopp 2006-04-24 12:21:50 EDT
(In reply to comment #3)
> Can you please perform these tests with a linux box in your network:
> 
> 1) ping www.hsbc.com.ar
> 2) traceroute www.hsbc.com.ar
> 3) lynx http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp
> 
> You wrote: "Use following iptable" and there is no masquerading rule in there.
> 

Sorry about misunderstanding, I tried to avoid all rules to trace the problem,
so please add to the previous rules the following:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o XXX -j MASQUERADE (where XXX = your interface)

Here are the results of tests (numbered in same order as yours)
 Result of 1:

#  ping www.hsbc.com.ar
PING www.hsbc.com.ar (200.5.78.16) 56(84) bytes of data.

--- www.hsbc.com.ar ping statistics ---
801 packets transmitted, 0 received, 100% packet loss, time 799957ms

=============================
Result of 2:

# traceroute www.hsbc.com.ar
traceroute to www.hsbc.com.ar (200.5.78.16), 30 hops max, 38 byte packets
 1  pclinux (192.168.1.2)  0.266 ms  0.184 ms  0.308 ms
 2  200.51.241.235 (200.51.241.235)  16.557 ms  12.484 ms  11.829 ms
 3  192.168.99.234 (192.168.99.234)  11.851 ms  11.874 ms  11.952 ms
 4  200.73.185.130 (200.73.185.130)  11.956 ms  11.895 ms  11.914 ms
 5  200.73.172.41 (200.73.172.41)  11.981 ms  14.875 ms  14.962 ms
 6  npcR06-tibR01-02775.metrored.net.ar (200.49.69.217)  62.939 ms  32.746 ms 
32.790 ms
 7  host089201.metrored.net.ar (200.49.89.201)  56.773 ms  104.855 ms  131.919 ms
 8  host129242.metrored.net.ar (200.59.129.242)  275.908 ms  159.089 ms  116.939 ms
 9  * * *
10  * * *

=================================

Result of 3:

# rpm -i /media/cdrecorder/Fedora/RPMS/lynx-2.8.5-18.i386.rpm
# lynx http://www.hsbc.com.ar/hsbc_group_asp/pc_banking/pc_banking.asp

Making HTTPS connection to hbsrv.pcbanking.hsbc.com.ar
~
========================================================
Comments about result 3: it hangs with the last message shown 

General comments: this results are similar (without performing above tests), to
the ones performed on a XP box. (Hanging of page)

Comment 5 Thomas Woerner 2006-04-26 11:25:17 EDT
Your FC5 gateway seems to work, because the packages are going out - see the
traceroute output. 
Are you sure, that this is a problem with FC-5 only?
Comment 6 Manfredo Hopp 2006-04-26 14:33:54 EDT
(In reply to comment #5)
> Are you sure, that this is a problem with FC-5 only?
Sorry, I dont have any other gateway to check. This problem appeared after Fc5
installation, and with different browsers as you can see, i.e. Lynx , Netscape ,
Firefox ,etc. Though I cannot browse from the LAN, I can still browse the
problematic URL from the gateway itself.
Do you have any FC5 Gateway to check all this?
Comment 7 Manfredo Hopp 2006-07-19 10:35:04 EDT
Changing MTU on client machine solves the problem. 
Description: on FC5 ueagle-usb driver is within distribution. This also changes
link configuration as from previous drivers. One of the changes is MTU size now
changed to 1492. As a result, some http flow hangs. I changed MTU on client
machine to 1454 (using DRTCP) and now I can browse those sites.

Note You need to log in before you can comment on or make changes to this bug.