Page 1 of 1

Access problems to certain sites.

Posted: Fri Nov 20, 2009 12:30 pm
by smurphy
Hi Folks,

I wonder if you also see these issues sometime.
When I - b.e. go to https://live.xbox.com to set up a account, I am not able tor each the site- e.g. the website is not loaded correctly.

Note that it happens mostly with sites from Microsoft I noticed. According to blacklist checks, my IP is not blacklisted by any iof the usual rbl sites.

When I perform a standard request to that page - the browser is loading constantly, but never gets through.
Here is the tshark output of that connection request.
smurphy@firebird:~$ sudo tshark -i wlan0 host live.xbox.com
Running as user "root" and group "root". This could be dangerous.
Capturing on wlan0
  0.000000     10.0.4.4 -> 65.55.42.141 TCP 48011 > https [FIN, ACK] Seq=1 Ack=1 Win=92 Len=0 TSV=285737 TSER=287388832 SLE=1441 SRE=1449
  0.356708     10.0.4.4 -> 65.55.42.141 TCP 48032 > https [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=285825 TSER=0 WS=6
  0.528079 65.55.42.141 -> 10.0.4.4     TCP https > 48032 [SYN, ACK] Seq=0 Ack=1 Win=4356 Len=0 MSS=1440 WS=0 TSV=287409003 TSER=285825
  0.528126     10.0.4.4 -> 65.55.42.141 TCP 48032 > https [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=285869 TSER=287409003
  0.528480     10.0.4.4 -> 65.55.42.141 SSLv2 Client Hello
  0.701845 65.55.42.141 -> 10.0.4.4     SSL [TCP Previous segment lost] Continuation Data
  0.701913     10.0.4.4 -> 65.55.42.141 TCP [TCP Dup ACK 5#1] 48032 > https [ACK] Seq=85 Ack=1 Win=5888 Len=0 TSV=285912 TSER=287409003 SLE=1441 SRE=1449
  4.196035     10.0.4.4 -> 65.55.42.141 TCP 48010 > https [FIN, ACK] Seq=1 Ack=1 Win=92 Len=0 TSV=286777 TSER=287325920 SLE=1441 SRE=1449
  8.422020     10.0.4.4 -> 65.55.42.141 TCP 48011 > https [FIN, ACK] Seq=1 Ack=1 Win=92 Len=0 TSV=287801 TSER=287388832 SLE=1441 SRE=1449
  9.048985     10.0.4.4 -> 65.55.42.141 TCP 48008 > https [FIN, ACK] Seq=1 Ack=1 Win=92 Len=0 TSV=287999 TSER=287292450 SLE=1441 SRE=1449
 24.767989     10.0.4.4 -> 65.55.42.141 TCP 48011 > https [FIN, ACK] Seq=1 Ack=1 Win=92 Len=0 TSV=291929 TSER=287388832 SLE=1441 SRE=1449
 37.951996     10.0.4.4 -> 65.55.42.141 TCP 48010 > https [FIN, ACK] Seq=1 Ack=1 Win=92 Len=0 TSV=295225 TSER=287325920 SLE=1441 SRE=1449
Note - I do have a RouterBoar RB493AH system, and configured the firewall according to the WiKi and howtos around, and I limited only the incoming traffic, added DDOS Attack dynamic blacklisting (connecting to these site does not trigger it though).

Note also, that there are only certain sites I have issues with. Most sites make no problems at all.
The Internet connection is a Standard ADSL Line, while the MTU Size inside my network is set to 1500 (default actually - I did not configure it), and on the ADSL Connection drop to 1492. IMHO it has nothing to do with it.

Anything else I could provide to help troubelshooting this ? This is starting to be annoying ;)
Thx

Joerg

Re: Access problems to certain sites.

Posted: Fri Nov 20, 2009 3:54 pm
by smurphy
Fixed it. Seems the WebSite is negociating the MTU with the browser itself to transfer data. So - the PPPoE connection MTU seems to not be respected, and this locks the data-transfer.
Forcing the MTU/MRU on the PPPoE Interface to MTU/MRU-40 fixed it.
My PPPoE MTU being negotiated to 1492, setting the MTU/MRU to 1452 makes it working correctly without issues.