# [Solved] Win7 Can't Access Some Sites Behind Gentoo Router

## solamour

I think I'm asking in a wrong forum, but I have a hunch I might be able to get some useful guides from gentoo experts, so here it is.

I have a simple gentoo box acting as a router. A bunch of boxes are sharing Internet connection through gentoo, and gentoo is running Shorewall (firewall).

```
Internet ---- gentoo ---- switch ---- bunch o' boxes
```

The bunch of boxes is composed of several Linux distributions as well as Windows XP and Windows 7 (x64). Everything works fine, except that I can't access only certain web sites from Windows 7; all other web sites are OK, except a few that the web browsers (Firefox, Chrome, IE) try to open but eventually time out. Some other sites, such as Amazon and Google, take a lot longer than others to load.

Funny thing is, when I set the browser to use gentoo's Squid (web proxy), all the troubling sites work fine, so it must be something between Windows 7 and gentoo. Windows XP and all other Linux boxes don't have this problem. I tried turning off Windows 7's firewall and gentoo's Shorewall without success.

I'd appreciate any suggestions on what to look for. Thank you.

__

solLast edited by solamour on Sat May 05, 2012 6:19 am; edited 1 time in total

----------

## cach0rr0

a few random shots in the dark, for whatever that's worth:

-IPV6

-MTU problem

Those are the two things that spring to mind that would be added/removed from the picture based on going through a proxy or not

start with DNS lookups from the Win7 box, maybe a packet cap, see if it's trying to connect to an IPV6 address

----------

## solamour

I thought about IPv6, but other than checking it off in Win7, I'm not sure what I can do about it.

I read something about MTU, but messing with it didn't make much difference, possibly because I wasn't doing it right.

Just to make sure I'm not missing anything, brought the Win7 laptop to work and verified everything worked as expected. But when I bring the laptop home, and it wouldn't load certain sites.

Frankly I really don't care too much about the troubling sites, because I don't go there often enough to bother me, and when I need to, I can always use the web proxy server in Gentoo router. But it's still puzzling, and I'm not sure I'd feel good about it.

__

sol

----------

## Hu

What is the output of ip a on the Gentoo machine?  Blank the public IP address if you want.  I want to see the interface properties, rather than their actual addresses.  Have you checked a packet capture of the Windows 7 machine accessing the problematic site versus an internal Linux machine (not the Gentoo router) accessing that same site successfully?

----------

## PaulBredbury

 *solamour wrote:*   

> MTU

 

Check that your firewall is not blocking ICMP packets (used e.g. for MTU negotiation).

----------

## solamour

Here is the output of "ip a".

```
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 576 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:01:c0:04:03:f3 brd ff:ff:ff:ff:ff:ff

    inet --.---.---.--/25 brd 255.255.255.255 scope global eth0

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000

    link/ether 00:01:c0:04:0c:ba brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.254/24 brd 192.168.0.255 scope global eth1

    inet6 fe80::201:c0ff:fe04:cba/64 scope link

       valid_lft forever preferred_lft forever

4: sit0: <NOARP> mtu 1480 qdisc noop state DOWN

    link/sit 0.0.0.0 brd 0.0.0.0

6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100

    link/none

    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0

38: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000

    link/ether 00:25:9c:06:13:8f brd ff:ff:ff:ff:ff:ff

```

Not sure how to capture packets from Windows 7, but if you'd give me some directions, I'd be able to share the result.

Firewall was the first place I checked, but making it wide open didn't make any difference. Besides, it doesn't seem to explain why Windows XP, Linux, Android phone, iPod Touch, and even Wii are OK.

Also if I hook up Windows 7 directly to the cable modem with nothing in between, everything is working fine.

__

sol

----------

## PaulBredbury

Check the MTU that Windows 7 is using. I'm sure you can google as to how.

 *Quote:*   

> mtu 576

 

That's the lowest setting - why so low?

 *Quote:*   

>     link/ether 00:01:c0:04:03:f3 brd ff:ff:ff:ff:ff:ff
> 
>     inet --.---.---.--/25 brd 255.255.255.255 scope global eth0

 

So it's only set up for IPV6?

----------

## solamour

Changing MTU of gentoo's eth0 from 576 to 1500 fixed the problem. Not sure why it was set to 576, because I don't remember doing it.

```
# ifconfig eth0 mtu 1500
```

Thank you everyone for taking time to respond. I knew Gentoo forum is the place to go.

__

sol

----------

## PaulBredbury

Probably your dhcp changes it.

----------

## solamour

Indeed. I noticed that gentoo's MTU was changed back to 576 automatically, and when I commented out "option interface_mtu" in "/etc/dhcpcd.conf", the value has been staying as is so far. Thanks for the help.

__

sol

----------

## cach0rr0

 *solamour wrote:*   

> 
> 
> Not sure how to capture packets from Windows 7, but if you'd give me some directions, I'd be able to share the result.
> 
> 

 

realize this is solved, but for future reference Wirehsark is available for Windows. 

Download, run installer, capture=>interfaces=>start

----------

## Hu

I wanted to see the network capture as done by the Gentoo router, but with clients running on the working and non-working internal systems.

With regard to the MTU, I have encountered DHCP servers that suggest the minimum MTU to the DHCP client, even when, as in this case, a more common MTU of 1500 works at least as well, if not better.  These servers are usually operated by individuals who are unaware that their server is wrong, unable to fix it, or uninterested in fixing it.  Advertising an unnecessarily low MTU is bad practice, so anyone who can fix their server to advertise the proper MTU should do so.  In my opinion, anyone who runs a DHCP server exposed to end users should know that this is bad practice and should have fixed it before the end users ever discovered the bad advertisement.  As described in WP: MTU, there are some situations where advertising a smaller MTU is better, but I doubt that any of those justifications apply here.

----------

## solamour

When I ran Wireshark on Windows 7 to capture data, I noticed that with gentoo box's MTU set 576, a lot of "Time-to-live exceeded (Fragment reassembly time exceeded)" were in the log. With 1500, everything went through smoothly. Perhaps that might be the cause some sites load properly while some others don't.

I'd share the network capture from the gentoo router, if someone shows me how to do so. The gentoo box doesn't have the graphical interface, so I need to use a console-based tool.

__

sol

----------

## cach0rr0

 *solamour wrote:*   

> When I ran Wireshark on Windows 7 to capture data, I noticed that with gentoo box's MTU set 576, a lot of "Time-to-live exceeded (Fragment reassembly time exceeded)" were in the log. With 1500, everything went through smoothly. Perhaps that might be the cause some sites load properly while some others don't.
> 
> I'd share the network capture from the gentoo router, if someone shows me how to do so. The gentoo box doesn't have the graphical interface, so I need to use a console-based tool.
> 
> __
> ...

 

tcpdump will work on the gentoo box

e.g.

```

tcpdump -s0 -w somefilename.pcap

```

wireshark can also save .cap/.pcap (i think it's just file=>save, but i dont have wireshark handy here)

in addition you can read the pcap made from tcpdump on the gentoo machine, using Wireshark on the Windows machine (usual File=>Open stuff). 

there are more flags you can add to tcpdump to prune out data, but the -s0 makes sure full packets are captured, and the -w specifies to write the output to a file (with the file name taken as the argument to -w )

----------

## solamour

Not sure it's safe to share the capture files with the world (let me know if that's not the case), but in the name of experiment, here they are. The captures were done from the gentoo box using tcpdump.

http://dl.dropbox.com/u/9810590/mtu1500_good.pcap

http://dl.dropbox.com/u/9810590/mtu576_bad.pcap

I see a lot of texts in red color entries when I open "mtu576_bad.pcap" in Wireshark, which, I believe, is not a good sign. Anyhow, I now know what the problem is and how to solve it. The troubling web sites are loading blazingly fast. Thank you all.

__

sol

----------

