DSL connection (PPPOE): I only get a third of the internet

[mice]

I'm trying to connect through a DSL provider that needs a username and password. I'm plugged straight into the modem with an ethernet cable. In windows, I can enter my username and password and everything works no problem. In Fedora 11, although I can enter the same details under the DSL tab in NetworkManager/Edit Connections and that lets me connect, about two in three sites I visit in my browser don't work. One third seem to work fine.

For the sites that don't work, firefox just keeps waiting forever as though it is trying to contact the remote site. I'm pretty sure it's not a DNS problem: /etc/resolv.conf contains exactly the same entries as I get from ipconfig in windows, and ping and mtr can locate all the hosts that don't work in firefox. After searching the forums, I tried setting TCP window scaling to 0, but that didn't help. I also disabled SELinux but that doesn't help either.

I don't know if it's relevant, but the very first time I tried to connect, the connection wouldn't come up at all. It was only when I connected in windows for the first time and then went back to linux that it connected successfully (even without me changing any of the settings that hadn't worked to start with).

[asio_bob]

Sounds like it could be an MTU issue.
Can you adjust your MTU for your PPP connection to 1492 and try again? You can find the MTU optin in the WIRED tab when configuring a DSL connection in network manger

[mice]

Quote:

Originally Posted by asio_bob

Sounds like it could be an MTU issue.
Can you adjust your MTU for your PPP connection to 1492 and try again? You can find the MTU optin in the WIRED tab when configuring a DSL connection in network manger

Thanks for the reply. I tried this, and it doesn't seem to make any difference, though.

[mice]

The sets of sites that work and don't work are always the same: for example, google.com and youtube.com always work, but fedoraforum.org and news.bbc.co.uk never do.

Can anyone tell me what kind of problem might lead to only one group of sites being accessible? I don't know anything about networking, so I don't know where to start looking for the problem.

[sideways]

can you view the sites from a text browser like 'links', or another gui browser like konqueror or opera?

If so it may be a config issue in Firefox, eg IPv6 settings, try setting network.dns.disableIPv6 to 'true' in about:config

also, just to be 100% about the DNS server, add this as the top line in /etc/resolv.conf

nameserver 4.2.2.3

(4.2.2.1 - 4.2.2.6 are free public dns servers)

[David Becker]

Try the following modification to your firewall:

Code:

iptables -I FORWARD 1 -m state --state INVALID -j DROP
iptables -I FORWARD 2 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -I FORWARD 3 -m state --state RELATED,ESTABLISHED -j ACCEPT

David

[David Becker]

Quote:

Originally Posted by David Becker

Try the following modification to your firewall:

Code:

iptables -I FORWARD 1 -m state --state INVALID -j DROP
iptables -I FORWARD 2 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -I FORWARD 3 -m state --state RELATED,ESTABLISHED -j ACCEPT

David

Whoops, your linux box is not doing the routing/forwarding, so above commands won't help.

David

[David Becker]

Your linux box is probably doing masquerading. Either try without masquerading or try the following:

"...add the following line to your /etc/ppp/pppoe.conf file:"

CLAMPMSS=1412

From: http://tldp.org/HOWTO/IP-Masquerade-...tu-issues.html

David

[mice]

Thanks for your help! I tried adding the public nameserver to resolv.conf, but that didn't help. I also tried the iptables commands, and (as you expected) that didn't make a difference. I don't have a file at /etc/ppp/pppoe.conf, but I created one with just that line in it, and also added the line to the existing file /etc/ppp/pppoe-server-options. But that didn't make any difference either.

I haven't got links/lynx installed, but I tried using wget to contact the websites that are affected, and it seems to respond in exactly the same way as firefox. If I can't display the site in firefox, then wget also hangs after reporting "HTTP request sent, awaiting response..." So I guess it's not a firefox-specific issue. Also, of the two IMAP email accounts I have, one works and one does not (using Evolution).