Re: Cannot Connect to some website on linux
On Mon, Jul 28, 2003 at 01:04:01AM -0400, Greg Folkert wrote: > On Mon, 2003-07-28 at 00:43, Ron Johnson wrote: > <---SNIP---> > > # cat /proc/sys/net/ipv4/tcp_ecn > > 1 > > > > When /proc/sys/net/ipv4/tcp_ecn had the value "1", I couldn't get > > to thatpetplace either. However, I could, after I did this, and > > then restarted Mozilla: > > # echo "0" > /proc/sys/net/ipv4/tcp_ecn > > # cat /proc/sys/net/ipv4/tcp_ecn > > 0 > > > > Make sure to reenable tcp_ecn when you're finished! > > > > # echo "1" > /proc/sys/net/ipv4/tcp_ecn > > # cat /proc/sys/net/ipv4/tcp_ecn > > 1 > > Ron, as of this writing, 12:55AM EDT, I will have to disagree with you > about turning tcp_ecn back on. For about the next 2 years at least. [ snip 'windows doesn't do ECN' ] > Very little luck with website admins whom have "drunk the Microsoft > Kool-Aid" (I know drank is right but drunk get's the point across > better) stating they are using "Industry Standards" and so on... Er, RFCs are the standards. > Well, overall ECN is a great way to make the Internet "self-regulate" > and of course the biggest obstacle is M$ products. But for quite a while > yet, defaulting it to OFF is a good thing. I disagree. A better idea is to leave ECN on, and use iptables to mangle packets to sites that reject packets with ECN set. AFAIK there's support to do just this with built-in targets since 2.4.20. -- Nathan Norman - Incanus Networking mailto:[EMAIL PROTECTED] Warning: dates in calendar are closer than they appear. pgp0.pgp Description: PGP signature
Re: Cannot Connect to some website on linux
On Mon, 2003-07-28 at 06:13, Shawn Lamson wrote: > ><---SNIP---> > >> # cat /proc/sys/net/ipv4/tcp_ecn > >> 1 > > > >Ron, as of this writing, 12:55AM EDT, I will have to disagree with you > >about turning tcp_ecn back on. For about the next 2 years at least. > > > ... > <--SNIPPED--> > ... > >Well, overall ECN is a great way to make the Internet "self-regulate" > >and of course the biggest obstacle is M$ products. But for quite a > >while yet, defaulting it to OFF is a good thing. > > Could one of you briefly describe ECN and/or point me to a link? I > have never heard of it. Sure, the best one I have seen yet is Sally Floyd's page about it: http://www.icir.org/floyd/ecn.html It's one of her research projects. -- greg, [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cannot Connect to some website on linux
> At 11:48 PM 7/27/2003 -0400, ThanhVu Nguyen wrote: > >I use Debian Woody, with cable modem connected to the computer via eth0 > >, it get the ip via dhcp during bootup. The problem I have is that I > >cannot connect to the site www.thatpetplace.com , it just timed out. > >I've tried it on various browsers and same result. wget returns this > > > >wget www.thatpetplace.com > >--23:44:35-- http://www.thatpetplace.com/ > >=> `index.html' > >Resolving www.thatpetplace.com... done. > >Connecting to www.thatpetplace.com[208.30.147.3]:80... failed: > >Connection timed out. > I had this happen to me 2 weeks ago. Very annoying. For future reference, the easiest way to check for whether ECN is causing it is to use "tcptraceroute". Just use tcptraceroute , then try tcptraceroute -E . The second call with the -E switches on ECN. if the first gets to the destination, and the second doesn't, it's an ECN problem. You can either remove ECN support from the kernel, or: check the file: /proc/sys/net/ipv4/tcp_ecn If ECN is on, the file will contain a 1. Simply edit the file and change the 1 to a 0. FYI, the site I was trying was ananova.com Cheers, Andy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cannot Connect to some website on linux
At 11:48 PM 7/27/2003 -0400, ThanhVu Nguyen wrote: I use Debian Woody, with cable modem connected to the computer via eth0 , it get the ip via dhcp during bootup. The problem I have is that I cannot connect to the site www.thatpetplace.com , it just timed out. I've tried it on various browsers and same result. wget returns this wget www.thatpetplace.com --23:44:35-- http://www.thatpetplace.com/ => `index.html' Resolving www.thatpetplace.com... done. Connecting to www.thatpetplace.com[208.30.147.3]:80... failed: Connection timed out. I ran into a similar problem some time back. I used Firestarter to build a firewall and it (mistakenly) listed some now-public IP addresses as "non-routable" ones. Simple check, assuming you're running a iptables/ipchains firewall on this machine, is to disable it temporarily. Or, check the rules for the firewall to see if any 208.x.x.x addresses are listed anywhere. Hall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cannot Connect to some website on linux
On Mon, July 28 at 1:20 PM EDT Nicos Gollan <[EMAIL PROTECTED]> wrote: >On Monday 28 July 2003 12:13, Shawn Lamson wrote: >> Could one of you briefly describe ECN and/or point me to a link? I >> have never heard of it. > >It's described in RFC 3168: > >http://www.rfc-editor.org/rfc/rfc3168.txt > >(also in 2418 which is replaced by 3168 but has a short summary that is >IMO a bit easier to understand.) > >In short, it's a mechanism to actively signal network congestion >instead of implicitly signalling by dropping packets. Thanks Nicos. Shawn Lamson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cannot Connect to some website on linux
On Monday 28 July 2003 12:13, Shawn Lamson wrote: > Could one of you briefly describe ECN and/or point me to a link? I > have never heard of it. It's described in RFC 3168: http://www.rfc-editor.org/rfc/rfc3168.txt (also in 2418 which is replaced by 3168 but has a short summary that is IMO a bit easier to understand.) In short, it's a mechanism to actively signal network congestion instead of implicitly signalling by dropping packets. -- Got Backup? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cannot Connect to some website on linux
On Mon, July 28 at 1:04 AM EDT Greg Folkert <[EMAIL PROTECTED]> wrote: >On Mon, 2003-07-28 at 00:43, Ron Johnson wrote: ><---SNIP---> >> # cat /proc/sys/net/ipv4/tcp_ecn >> 1 >> >> When /proc/sys/net/ipv4/tcp_ecn had the value "1", I couldn't get >> to thatpetplace either. However, I could, after I did this, and >> then restarted Mozilla: >> # echo "0" > /proc/sys/net/ipv4/tcp_ecn >> # cat /proc/sys/net/ipv4/tcp_ecn >> 0 >> >> Make sure to reenable tcp_ecn when you're finished! >> >> # echo "1" > /proc/sys/net/ipv4/tcp_ecn >> # cat /proc/sys/net/ipv4/tcp_ecn >> 1 > >Ron, as of this writing, 12:55AM EDT, I will have to disagree with you >about turning tcp_ecn back on. For about the next 2 years at least. > ... <--SNIPPED--> ... >Well, overall ECN is a great way to make the Internet "self-regulate" >and of course the biggest obstacle is M$ products. But for quite a >while yet, defaulting it to OFF is a good thing. Could one of you briefly describe ECN and/or point me to a link? I have never heard of it. Shawn Lamson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cannot Connect to some website on linux
On Mon, 2003-07-28 at 00:43, Ron Johnson wrote: <---SNIP---> > # cat /proc/sys/net/ipv4/tcp_ecn > 1 > > When /proc/sys/net/ipv4/tcp_ecn had the value "1", I couldn't get > to thatpetplace either. However, I could, after I did this, and > then restarted Mozilla: > # echo "0" > /proc/sys/net/ipv4/tcp_ecn > # cat /proc/sys/net/ipv4/tcp_ecn > 0 > > Make sure to reenable tcp_ecn when you're finished! > > # echo "1" > /proc/sys/net/ipv4/tcp_ecn > # cat /proc/sys/net/ipv4/tcp_ecn > 1 Ron, as of this writing, 12:55AM EDT, I will have to disagree with you about turning tcp_ecn back on. For about the next 2 years at least. You see, Windoze Boxen interpret the ECN Bit as a spoofing attempt. Snort on Windows sends an alert... Most router respect the bit, but "lame firewalls" like Checkpoint and thier ilk also reject those packets with that bit set. Try and goto Office Depot Commercial Service over https... watch it BARF. I had a HUGE Squid Cache 100GB of cache, 4GB of Memory on an IBM Netfinity... same Problem Helpdesk kept getting Phone calls that they can't get to this and such websites... If they turned of the proxy and used the straight connect. No Probs. If they used the Proxy no go. I argued and "vehemently discussed" the situation with the Website operator... everyone said NOBODY ELSE is calling about it... Well, Office Depot stood a good chance at losing my organization over this single little problem they wouldn't budge on. My President called thier President... amazingly it was changed, within minutes my user could connect. Very little luck with website admins whom have "drunk the Microsoft Kool-Aid" (I know drank is right but drunk get's the point across better) stating they are using "Industry Standards" and so on... Well, overall ECN is a great way to make the Internet "self-regulate" and of course the biggest obstacle is M$ products. But for quite a while yet, defaulting it to OFF is a good thing. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cannot Connect to some website on linux
On Sun, 2003-07-27 at 22:59, Kent West wrote: > ThanhVu Nguyen wrote: > > >I use Debian Woody, with cable modem connected to the computer via eth0 > >, it get the ip via dhcp during bootup. The problem I have is that I > >cannot connect to the site www.thatpetplace.com , it just timed out. > >I've tried it on various browsers and same result. wget returns this > > > >wget www.thatpetplace.com > >--23:44:35-- http://www.thatpetplace.com/ > > => `index.html' > >Resolving www.thatpetplace.com... done. > >Connecting to www.thatpetplace.com[208.30.147.3]:80... failed: > >Connection timed out. > > > > > > > That redirects to this address: > http://www.thatpetplace.com/intro/main.html > > I'm not sure why you can't go to the original address, though. # cat /proc/sys/net/ipv4/tcp_ecn 1 When /proc/sys/net/ipv4/tcp_ecn had the value "1", I couldn't get to thatpetplace either. However, I could, after I did this, and then restarted Mozilla: # echo "0" > /proc/sys/net/ipv4/tcp_ecn # cat /proc/sys/net/ipv4/tcp_ecn 0 Make sure to reenable tcp_ecn when you're finished! # echo "1" > /proc/sys/net/ipv4/tcp_ecn # cat /proc/sys/net/ipv4/tcp_ecn 1 -- +-+ | Ron Johnson, Jr.Home: [EMAIL PROTECTED] | | Jefferson, LA USA | | | | "I'm not a vegetarian because I love animals, I'm a vegetarian | | because I hate vegetables!"| |unknown | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cannot Connect to some website on linux
ThanhVu Nguyen wrote: I use Debian Woody, with cable modem connected to the computer via eth0 , it get the ip via dhcp during bootup. The problem I have is that I cannot connect to the site www.thatpetplace.com , it just timed out. I've tried it on various browsers and same result. wget returns this wget www.thatpetplace.com --23:44:35-- http://www.thatpetplace.com/ => `index.html' Resolving www.thatpetplace.com... done. Connecting to www.thatpetplace.com[208.30.147.3]:80... failed: Connection timed out. That redirects to this address: http://www.thatpetplace.com/intro/main.html I'm not sure why you can't go to the original address, though. -- Kent West ([EMAIL PROTECTED]) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Cannot Connect to some website on linux
I use Debian Woody, with cable modem connected to the computer via eth0 , it get the ip via dhcp during bootup. The problem I have is that I cannot connect to the site www.thatpetplace.com , it just timed out. I've tried it on various browsers and same result. wget returns this wget www.thatpetplace.com --23:44:35-- http://www.thatpetplace.com/ => `index.html' Resolving www.thatpetplace.com... done. Connecting to www.thatpetplace.com[208.30.147.3]:80... failed: Connection timed out. - But when I switch to windows using mozilla (also same setting & account, cable modem, dhcp), it works just fine. Did I miss some settings ? --- - Here's a copy of what I have in /etc/network/interface # The loopback interface auto lo iface lo inet loopback # The first network card - this entry was created during the Debian install ation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet dhcp /etc/resolv.con has these lines but they were put in by the network I think, because I didn't put them in search lpaxtn01.pa.comcast.net nameserver 68.82.0.6 nameserver 68.82.0.5 -- ThanhVu Nguyen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
