Fedora Linux Support Community & Resources Center
  #1  
Old 9th August 2012, 05:07 AM
daytooner Offline
Registered User
 
Join Date: Apr 2009
Posts: 210
linuxfirefox
Weird access problem

I have spent over 30 years researching and designing networks - from the time before there was an internet, or tcp/ip, or even ethernet - so I'm not exactly a noob with regards to networking. But this problem has me stumped. And I've had this same problem before, with previous version of Fedora, and it seemed to get resolved only when I upgraded to a newer version of Fedora.

Anyways, here's the problem:

I have three computers. All are connected to the same switch, which is connected to my firewall (a cisco pix), which is connected to my DSL router. Two of these boxes are running Fedora 17 (kernel 3.5.0-2.fc17). Both have the linux firewall disabled, as well as selinux. The third box is running WinXP.

Everything was fine until a few days ago: I started seeing that I could not access certain sites. One of these sites is mozilla.org (another is facebook.com). I can ping the sites, and I can open a tcp connection to them (eg, telnet to port 80). But if I send an HTTP GET - either with firefox, or just wget - no response comes back.What's really weird, though, is that on the WinXP box I have no problems accessing these sites. (Note again that all three are connected to the same ethernet switch.)

So, after a process of elimination, it seems there must be some issue with linux networking (more specifically, its HTTP) and these sites.

Other things I've tried:

- replaced my pix firewall with a simple netgear gateway. Same problems.

- changed wan IP address ( I have three, and tried all of them).

- Checked with a friend who has the same ISP, and is running F17. He has no problems.

- sniffed the network traffic on one of the Fedora boxes, via wireshark: saw tcp req sent, tcp ack received, HTTP GET sent, but only tcp ack (for the first tcp req) retransmitted. Saw basically the same thing on the wan side of the firewall.

Weird, huh? This is driving me nuts. Not only can I not accessed these sites, but I just can't understand why not. I must be missing something very simple somewhere.

So any help will be greatly appreciated.

TIA

ken
Reply With Quote
  #2  
Old 9th August 2012, 07:10 AM
solo2101 Offline
Registered User
 
Join Date: Jan 2010
Location: behind that screen...
Posts: 808
unknownfirefox
Re: Weird access problem

just Firefox?
Reply With Quote
  #3  
Old 9th August 2012, 09:00 AM
daytooner Offline
Registered User
 
Join Date: Apr 2009
Posts: 210
linuxfirefox
Re: Weird access problem

Quote:
Originally Posted by solo2101 View Post
just Firefox?
No.wget as well:

Code:
[ken@Elmer ~]$ wget -v http://www.mozilla.org
--2012-08-08 23:51:37--  http://www.mozilla.org/
Resolving www.mozilla.org... 63.245.215.20
Connecting to www.mozilla.org|63.245.215.20|:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--2012-08-08 23:54:59--  (try: 2)  http://www.mozilla.org/
Connecting to www.mozilla.org|63.245.215.20|:80... connected.
HTTP request sent, awaiting response... ^C
[ken@Elmer ~]$
I also telnet to that site, on port 80 - and I do get a connection opened - then type "GET /" with CR. I should get back some kind of HTTP response from their server. But I get nothing.

ken
Reply With Quote
  #4  
Old 9th August 2012, 11:32 AM
flyingfsck Online
Registered User
 
Join Date: Aug 2010
Location: Al Ain, UAE
Posts: 1,927
linuxfirefox
Re: Weird access problem

Run a little experiment and set one Linux box EXACTLY the same as the working Windows box in terms of:
IP Address, Netmask, Gateway Address, DNS and Default Route

Of course unplug he other machines when you do that.
Reply With Quote
  #5  
Old 9th August 2012, 04:46 PM
daytooner Offline
Registered User
 
Join Date: Apr 2009
Posts: 210
linuxfirefox
Re: Weird access problem

Quote:
Originally Posted by flyingfsck View Post
Run a little experiment and set one Linux box EXACTLY the same as the working Windows box in terms of:
IP Address, Netmask, Gateway Address, DNS and Default Route

Of course unplug he other machines when you do that.
Thought of that one. No dice. Even tried DHCP for both a linux box and WinXP box. Still the same: WinXP okay, linux no.

To make things even weirder, I connected my Android phone to my LAN via a wireless router. It wouldn't work with those sites - although it did work a few days earlier (before an update?), as well as working via its broadband link.

It seems that - for the linux boxes (and Android) - the remote site never gets the HTTP GET request. I can look at the traffic on the wan side of my firewall, and I see that request going out, but nothing coming back.

This is just too weird.

Thanks for helping. Keep those suggestions/ideas coming.

ken
Reply With Quote
  #6  
Old 9th August 2012, 07:50 PM
flyingfsck Online
Registered User
 
Join Date: Aug 2010
Location: Al Ain, UAE
Posts: 1,927
linuxfirefox
Re: Weird access problem

Also plug it into the same switch port as the Windows machine.
Reply With Quote
  #7  
Old 10th August 2012, 05:26 AM
solo2101 Offline
Registered User
 
Join Date: Jan 2010
Location: behind that screen...
Posts: 808
linuxfirefox
Re: Weird access problem

by any chance....

do you assing statics IP to your machines?

---------- Post added at 08:26 PM ---------- Previous post was at 05:58 PM ----------

Quote:
Originally Posted by daytooner View Post
Thought of that one. No dice. Even tried DHCP for both a linux box and WinXP box. Still the same: WinXP okay, linux no.
Oops miss that one...


I can only think in the firewall...

for DNS I use Google's... 8.8.8.8 on my router
Reply With Quote
  #8  
Old 11th August 2012, 03:56 AM
daytooner Offline
Registered User
 
Join Date: Apr 2009
Posts: 210
linuxfirefox
Re: Weird access problem

Okay, I (kind of) solved this. Well, I figured out where the problem is.

HTTP traffic is not being passed through my firewall for (at least) these two IP addresses (63.245.215.20 = www.mozilla.org, and 69.171.234.21 = www.facebook.com), and ONLY with linux boxes (not WinXP).

More specifically, I have a cisco pix firewall. I can watch the traffic coming into it on the inside interface- from my linux box - and also watch traffic going out on the wan interface.

If I telnet into one of theses addresses, on port 80, I see a connection established - on both the wan interface and the inside interface. If I then type single letters (eg, 'G' 'E' 'T' '/'), I see them on the inside interface, but not on the wan. If I do this to an IP of a site other than these two, I do see the letters passed out to the wan, and will get an HTTP response back from the site - which means it did receive the traffic.

The really weird part is that if I do this from my WinXP box, with either of these two IPs, I see the letters going into the inside interface, and also going out the wan interface. And even weirder, I know that I could access these sites previously.

So, something in my firewall has changed, but I can't find it. I have rebooted it, and also reset it back to the defaults and then re-configured it. But still no dice.

So that's where I'm at. If anyone has any experience with cisco pix firewalls, I'd love to hear from you. This problem is driving me nucking futs.

Thanks again to all for your help.

ken
Reply With Quote
  #9  
Old 11th August 2012, 08:15 AM
flyingfsck Online
Registered User
 
Join Date: Aug 2010
Location: Al Ain, UAE
Posts: 1,927
linuxfirefox
Re: Weird access problem

Why don't you chuck the Pix and use one of the Linux boxes as a router for the others? Why bother even with that - just get a dinky little Dlink/Linksys box and be done with it?
Reply With Quote
  #10  
Old 13th August 2012, 10:29 PM
daytooner Offline
Registered User
 
Join Date: Apr 2009
Posts: 210
linuxfirefox
Re: Weird access problem

Quote:
Originally Posted by flyingfsck View Post
Why don't you chuck the Pix and use one of the Linux boxes as a router for the others? Why bother even with that - just get a dinky little Dlink/Linksys box and be done with it?
The PIX was free (from a dying company). Up till now, it was working great. I have several "dinky" router/gateway/firewalls. And they are just that: "dinky". They don't quite handle large volume net traffic like the PIX.

Besides, I just want to understand what is going on here...

ken
Reply With Quote
Reply

Tags
access, no http response, problem, weird

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Weird problem with NFS zbamus EOL (End Of Life) Versions 7 2nd February 2011 10:53 PM
Weird networking issue: can ping out in terminal and in ssh, but no internet access tiskemanis Servers & Networking 1 6th July 2008 06:21 AM
Weird (but then again not so weird) SSH problem SkyFlyer Servers & Networking 2 28th August 2007 08:35 PM
Weird - I can google but can't access my ECI router with Mozila FC6 Motiab EOL (End Of Life) Versions 1 13th April 2007 10:39 PM


Current GMT-time: 06:50 (Monday, 24-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Jumilla Travel Photos - South Portland Travel Photos - Maintal Travel Photos on Instagram