You are not logged in.
- Topics: Active | Unanswered
#1 2017-12-29 21:49:13
- adrianmay
- Member
- Registered: 2017-12-19
- Posts: 64
Some web sites masqueraded better than others
Hi All,
I made a wireless router using Arch Linux and create_ap.sh. It's the usual setup:
* Dials ppp on the ethernet
* Runs hostapd on the high-gain USB WLAN dongle
* NATs them together with iptables
* Runs dnsmasq on the wireless
* Runs haveged too
I get this completely bizarre set of results:
* On a wireless client I can surf to bbc.co.uk
* On the Arch router I can curl either bbc.co.uk or zen.co.uk
* On the wireless client, zen.co.uk times out !!!
* On my phone using 3G, zen.co.uk looks fine.
So when two web sites are up and running and visible to the router, why would one be accessible from a wireless client and not the other? The only strange thing I noticed about zen is that they don't respond to pings. Zen also uses https, but I can see gmail (also https) from the wireless client.
From the wireless client, nc -w 1 zen.co.uk 80 or 443 both time out, but both connect from the router.
First I blamed create_ap so I spent all night doing the same stuff by hand, and got exactly the same result. I also replaced create_ap's iptables rules with the more conventional "-m contrac --ctstate RELATED,ESTABLISHED" style with no effect.
TIA, Adrian.
Offline
#2 2017-12-29 22:08:29
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,190
Re: Some web sites masqueraded better than others
Are you using IPv4 for all tests or is there an ipv6 address somewhere mixed in?
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#3 2017-12-30 09:42:56
- adrianmay
- Member
- Registered: 2017-12-19
- Posts: 64
Re: Some web sites masqueraded better than others
IPv4. Haven't attempted to play with IPv6 yet.
I forgot to mention that I have an older self-made router based on ubuntu which works fine. I couldn't see any significant difference in the config files so guess it must be down to the versions. Has anything in iptables (since kernel 4.4.0) or hostapd (since 2.4) started assuming servers are pingable?
Also, I noticed that theguardian.com loads but the icon in the tab bar keeps going round forever, and a look at the taskbar shows that it's waiting on beacon.gu-web.net. This server is just like zen in that it behaves fine from the router but any attempts to ping it or connect to its 80 or 443 from the wireless clients time out.
Offline
#4 2017-12-30 09:54:41
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,190
Re: Some web sites masqueraded better than others
Then I have no further idea. Did you already compare the dns results on both machines?
getent ahosts zen.co.uk
nslookup zen.co.uk
dig zen.co.uk Last edited by progandy (2017-12-30 09:55:08)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#5 2017-12-30 09:56:51
- adrianmay
- Member
- Registered: 2017-12-19
- Posts: 64
Re: Some web sites masqueraded better than others
DNS is fine. The names are always resolved to IPs.
Offline