Websites not loading


#1

Hello everyone, I have the latest Vyos installed in a VM and I use it as my router at home. I have a pppoe connection from my ISP.

I have set ip up correctly, calculated the right MTU but still certain websites are not loading, even though the addresses are resolved in DNS.

I do not have a firewall, or a block rule in squid.

As far as I know Vyatta had a known problem in iptables since version 6.6R1. If you had pppoe configuration on the ISP part and s-nat with masqueraded translation, it had some problems accessing some web pages on port 80.
Back then (when 6.6R1 appeared) I had managed to find a workaround on vyatta.org forum if you would set the following rule in iptables:

iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

After I set that rule it all worked fine, but now in Vyos that doesn’t work anymore.

Do you know what could be the problem ?

Thank you.


#2

It is possible that I have found the problem, it seems to be a bug in the kernel version 2.4.x when we are running masquearade translantions, and according to ibiblio these are the solutions ( I will try them tonight to see what works):

  • Enable PMTU clamping in PPPoE

  • This solution is mostly for modern 2.4.x and 2.2.x kernel users connected to the Internet via a PPPoE DSL or Cablemodem connections. This solution allows for changes to be done ONLY on the MASQ server itself and not on all of the internal MASQ clients.

  • Enable PMTU clamping via IPTABLES

  • This solution is only modern 2.4.x kernel users connected via ANY type of Internet connection. This solution allows for changes to be done ONLY on the MASQ server itself and not on all of the internal MASQ clients.

  • Change your MASQ server’s Internet Link MTU

  • This solution will work for any Linux kernel version but is is NOT a solution if you have a PPPoE connection for DSL or Cablemodem users.

  • It should be noted that some users will balk at this solution because it can hurt some latency specific programs like TELNET and Internet games but the impact is only slight. On the other hand, most HTTP and FTP traffic will SPEED UP!

  • Change the MTU of all internal MASQed machines

  • This solution requires the most work as you have to make minor changes to ALL of the internal IPMASQed machines. Basically, you would be changing the MTU on all of the internal machines to match the MTU of your MASQ server’s Internet connection. Fortunately, this solution is usually bulletproof where as some of the other solutions mentioned in this section might rarely not work.