You are not logged in.

#1 2013-01-25 02:21:40

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

[resolved] Cannot access particular site

I cannot access http://www.philosophypages.com. I tested using the "is it down or is it me?" site and apparently, it is "just me". I can ping the site fine. But if I try to view the page in firefox, it hangs forever. I don't see any complaints in the error/warning/info console, though. If I try to access it with lynx, eventually it just times out and says it could not make the connection.

I've accessed the same site just fine before. I can access other sites just fine now.

Can anybody suggest ways to track the issue down?

$ traceroute www.philosophypages.com
traceroute to www.philosophypages.com (207.155.252.12), 30 hops max, 60 byte packets
 1  xx.x.x.x (x.x.x.x)  3.122 ms  7.112 ms  7.123 ms
 2  xx.xxx.xxx.x (xx.xxx.xxx.x)  13.841 ms  13.950 ms  21.623 ms
 3  xxxx-xxxx-xx-xxx-xxx.network.virginmedia.net (xx.xxx.xxx.xxx)  21.651 ms  21.716 ms  21.794 ms
 4  xxxx-xx-xx-xxx-x.network.virginmedia.net (xx.xxx.xxx.xxx)  27.572 ms  27.639 ms  27.630 ms
 5  xe-7-0-0.edge3.London2.Level3.net (195.50.91.129)  31.243 ms  31.287 ms  35.437 ms
 6  ae-0-11.edge4.London2.Level3.net (4.69.200.126)  36.044 ms  22.750 ms  21.694 ms
 7  ae-3-3.ebr1.London1.Level3.net (4.69.141.189)  22.314 ms  30.534 ms  30.419 ms
 8  ae-57-112.csw1.London1.Level3.net (4.69.153.118)  30.589 ms ae-58-113.csw1.London1.Level3.net (4.69.153.122)  32.039 ms ae-59-114.csw1.London1.Level3.net (4.69.153.126)  31.964 ms
 9  ae-1-51.edge4.London1.Level3.net (4.69.139.74)  31.659 ms  31.744 ms  32.072 ms
10  XO-level3-1x10G.London.Level3.net (4.68.70.134)  32.256 ms  32.341 ms  32.122 ms
11  vb1042.rar3.nyc-ny.us.xo.net (207.88.13.202)  107.633 ms  111.691 ms  107.710 ms
12  te-3-0-0.rar3.washington-dc.us.xo.net (207.88.12.74)  169.505 ms  167.730 ms  172.305 ms
13  te-11-0-0.rar3.sanjose-ca.us.xo.net (207.88.12.69)  173.591 ms  173.456 ms  173.677 ms
14  ae0d0.mcr1.fremont-ca.us.xo.net (216.156.0.138)  167.153 ms  165.860 ms  167.242 ms
15  ae1d0.mcr2.fremont-ca.us.xo.net (216.156.1.70)  166.037 ms  171.930 ms  171.810 ms
16  209.116.66.138 (209.116.66.138)  171.997 ms  164.010 ms  162.785 ms
17  206.251.128.138.ptr.us.xo.net (206.251.128.138)  162.577 ms  170.301 ms  170.335 ms
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Last edited by cfr (2013-02-23 22:57:57)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#2 2013-01-25 03:14:33

Kilz
Member
Registered: 2008-03-01
Posts: 140

Re: [resolved] Cannot access particular site

Have you tried to access the site with all extensions disabled? Have you tried to access the site through a anonymous proxy?

Last edited by Kilz (2013-01-25 03:15:49)


I trust Microsoft about as far as I can comfortably spit a dead rat.
Cinnamon is a wonderful desktop
"Faith is the substance of things hoped for, the evidence of things not seen."

Offline

#3 2013-01-25 04:36:04

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,728

Re: [resolved] Cannot access particular site

Works okay here.

 1  ewaller (192.168.1.1)  0.848 ms  1.473 ms  1.435 ms
 2  netblock-<redacted>.dslextreme.com (<redacted>)  10.585 ms  11.753 ms  12.152 ms
 3  lax1_cr1_gig_10_0_120.dslextreme.com (66.218.48.145)  13.750 ms  14.603 ms  16.036 ms
 4  ge-6-5.car4.LosAngeles1.Level3.net (4.71.128.1)  18.441 ms  18.798 ms  19.272 ms
 5  xo-level3-xe.losangeles9.level3.net (4.53.228.10)  21.344 ms  23.157 ms  24.477 ms
 6  207.88.14.209.ptr.us.xo.net (207.88.14.209)  41.759 ms  35.728 ms  32.297 ms
 7  ae0d0.mcr1.fremont-ca.us.xo.net (216.156.0.138)  33.857 ms  22.385 ms  20.789 ms
 8  ae1d0.mcr2.fremont-ca.us.xo.net (216.156.1.70)  22.237 ms  23.305 ms  23.283 ms
 9  209.116.66.138 (209.116.66.138)  24.918 ms  25.905 ms  27.264 ms
10  206.251.128.138.ptr.us.xo.net (206.251.128.138)  28.415 ms  29.845 ms  30.189 ms
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

It must be all those xx's in your IP  tongue

From the site:

	
Philosophy Pages
 . . . from Garth Kemerling


This site offers helpful information for students of the Western philosophical tradition. The elements you will find on this site include:

    The Dictionary of Philosophical Terms and Names. 
    A survey of the History of Western Philosophy. 
    A Timeline for the intellectual figures discussed here. 
    Detailed discussion of several major Philosophers 
    Summary treatment of the elementary principles of Logic 
    A generic Study Guide for students of philosophy. 
    Links to other philosophy Sites on the Internet. 

Edit:  We both found our way to 206.251.128.138.ptr.us.xo.net   .  hmm

Last edited by ewaller (2013-01-25 04:42:27)


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#4 2013-01-25 06:38:40

Mektub
Member
From: Lisbon /Portugal
Registered: 2008-01-02
Posts: 647

Re: [resolved] Cannot access particular site

I could not access several sites (one of them was tinyurl) when I was using jumbo frames.

Just my 2 cents.

Mektub


Follow me on twitter: https://twitter.com/johnbina

Offline

#5 2013-01-25 16:02:14

rasertux
Member
From: Florianópolis, Brazil
Registered: 2012-03-03
Posts: 46

Re: [resolved] Cannot access particular site

I had the same issue time ago. Set the MTU to 1400 and problem solved.

Offline

#6 2013-01-25 16:57:32

chris_l
Member
Registered: 2010-12-01
Posts: 390

Re: [resolved] Cannot access particular site

like rasertux said, try that.

If that solves your problem, check the Jumbo frames wiki article to use a systemd service to fix it on boot. (change the eth0=4000 part to the_name_of_your_ethernet_device=1400)


"open source is about choice"
No.
Open source is about opening the source code complying with this conditions, period. The ability to choose among several packages is just a nice side effect.

Online

#7 2013-01-25 21:15:32

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [resolved] Cannot access particular site

I was setting MTU to 1500 because otherwise I couldn't access AUR over ssl from home.

I guess it is not an extension problem because it affects lynx as well.

Anyway, I just tried setting MTU to 1400 but I'm still getting no connection in both firefox and lynx. In firefox, the attempt to connect never even seems to time out - firefox seems to just keep trying to connect forever. In lynx, the connection will time out eventually and tell me the connection wasn't possible.

I x'ed out the ips in the output only because Virgin apparently use ips and addresses which are a function of your account number.


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#8 2013-01-25 23:01:05

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: [resolved] Cannot access particular site

Playing with MTU is usually a bad idea. For a cable connection it should be 1500 (IIRC 1492 for DSL); jumbo frames for 10Gbps. Ideally, MTU is supposed to be set by the DHCP client, not you manually.

Regarding the website, it works here although those "*" in traceroute mean that the whole network after 206.251.128.138.ptr.us.xo.net is administered by an idiot which decided to block UDP... I'll try tracerouting it with pings or from a windows machine...

Since you can access other websites fine, I wonder whether the issue is somehow related to DNS. Can you try changing your DNS servers?


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#9 2013-01-26 02:41:22

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [resolved] Cannot access particular site

I know setting MTU manually is not usually necessary but my ISP appears to have set things up in a buggy way so if I'm at home I get a much lower MTU if I use "auto" which prevents me accessing AUR over ssl. Hence the need to specify something sane. On campus, it is fine. (That network has other problems just not this one.) Before anybody mentions it, the ISP is not my choice and the decision is not in my hands so switching to a saner ISP is not an option.

This is a cable connection (via a wireless LAN).

I thought it could not be DNS since the hostname is resolved correctly? Is the thought that it could be DNS somehow further down the line? Anyway, I can definitely look into this.


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#10 2013-01-26 08:50:41

hawkinstw
Member
Registered: 2013-01-26
Posts: 7

Re: [resolved] Cannot access particular site

I tried the method here, because I thought my problem might be the same. But apparently mine is soemthing else.   I can also tracepath sites, but (mostly http) is inaccessible from my network behind the arch gateway/proxy.  If I use the squid proxy or try without it then I connect to a website but nothing is transferred.  Using a ssh tunnel to the gateway and setting it as a SOCKS proxy works, as well as accessing the sites directly from the gateway/proxy.
My first thought was there is an error in squid.  Tried without it, still nothing,  Tried enabling and disabling ipv6 seperately in the proxy, dnsmasq and shorewall (iptables), and the kernel because the ISP does not yet support ipv6.  nothing.  Disabling and enabling ip and ip6 forwarding. Tried the mtu change here, nothing.
Any other possibilities?

EDIT:  I did set the log level in shorewall to 2 and kept an eye on the log files but nothing is being logged in journalctl as being dropped, well nothing except random external packets to a torrent port.

SOLVED: Apparently I had a problem with conntrack, amongst other things.  I used firewall builder instead of shorewall to create new iptables rules and when the script is run iptables complains about STATE method should be replaced with conntrack.  Well for now the STATE method still works. O, and squid.conf: workers 4 tries to bind too many times and crashes itself, stick to 1 process.

Last edited by hawkinstw (2013-01-27 08:37:01)

Offline

#11 2013-01-26 18:05:20

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: [resolved] Cannot access particular site

cfr wrote:

I know setting MTU manually is not usually necessary but my ISP appears to have set things up in a buggy way so if I'm at home I get a much lower MTU if I use "auto" which prevents me accessing AUR over ssl. Hence the need to specify something sane. On campus, it is fine. (That network has other problems just not this one.) Before anybody mentions it, the ISP is not my choice and the decision is not in my hands so switching to a saner ISP is not an option.

This is a cable connection (via a wireless LAN).

I thought it could not be DNS since the hostname is resolved correctly? Is the thought that it could be DNS somehow further down the line? Anyway, I can definitely look into this.

I figured, the website redirects your request somehow...

$ ping -c 1 philosophypages.com
PING philosophypages.com (207.155.252.18) 56(84) bytes of data.
64 bytes from leviathan.cnchost.com (207.155.252.18): icmp_seq=1 ttl=237 time=194 ms   <------ !!!

--- philosophypages.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 194.597/194.597/194.597/0.000 ms

Regarding MTU, ISP's are usually very broken. MTU=1500 is the default for ethernet these days. For instance, without any MTU info provided by my DHCP server, I have on the client

$ cat /sys/class/net/wlan0/mtu 
1500

This is set by the kernel. OTOH, Comcast (in my case) provides a *completely* wrong MTU info for the broadband cable connection:

% /usr/sbin/dhcpcd -U wan | grep mtu
interface_mtu=576

which is the protocol minimum corresponding to a dialup connection. All router makers I know (cisco, dlink, ...) ignore this and set MTU=1500. Of course, after several enlightening discussions with Comcast tech support, I just added "nohook mtu" to dhcpcd.conf... sigh.


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#12 2013-01-27 02:01:00

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [resolved] Cannot access particular site

Yes, I also get the wrong MTU if I let it be auto-negotiated. That' virginmedia for you. I didn't add nohook - I just commented out the option interface_mtu line and that seemed to fix the issue for me.

$ ping -c 1 philosophypages.com
PING philosophypages.com (207.155.252.97) 56(84) bytes of data.
64 bytes from elephant.cnchost.com (207.155.252.97): icmp_seq=1 ttl=235 time=162 ms

--- philosophypages.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 162.130/162.130/162.130/0.000 ms

It seems weird that I can ping it but not connect to it with http. Anyway, off to look into DNS switching...

I need to learn more about this stuff. I'm sure as a work around I could somehow use ssh since my work machine can connect to the site fine and I'm running a ssh server on that. Alas, my networking skills are not what they might be. Off to read...


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#13 2013-01-27 02:16:20

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [resolved] Cannot access particular site

I need to learn more about this stuff. I'm sure as a work around I could somehow use ssh since my work machine can connect to the site fine and I'm running a ssh server on that. Alas, my networking skills are not what they might be. Off to read...

cat Scripts/tunnel
#!/bin/bash

SSH_HOST="cfr@work"

up(){
    ssh -f -N -D 8080 -M -S /tmp/ssh_tunnel_%h.sock -o ExitOnForwardFailure=yes $SSH_HOST && \
    printf '%s\n' "ssh tunnel started successfully" || \
    printf '%s\n' "ssh tunnel failed to start"
}

down(){
    ssh -S /tmp/ssh_tunnel_%h.sock -O exit $SSH_HOST
}

if [[ "$1" = "up" ]]; then 
    up && chromium --proxy-server="socks://127.0.0.1:8080" &
elif [[ "$1" = "down" ]]; then
    down
else 
    printf '%s\n' "Tunnel is not running…"
fi

smile


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#14 2013-01-27 02:28:22

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: [resolved] Cannot access particular site

That's the reason why I suspected DNS in the first place. Of course, it can be your ISP doing something funny, but let's not get into conspiracy theories here smile

If you have ssh to outside your network, you can use "ssh -ND XXXXX remote.server.com" as a normal (non-root) user to open a SOCKS4 proxy port XXXXX on your system. Then, instruct firefox in the internet settings to use socks4, e.g. user@localhost.localdomain:XXXXX. Of course, that's a mere workaround...

Last edited by Leonid.I (2013-01-27 02:28:44)


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#15 2013-01-27 02:49:47

progandy
Member
Registered: 2012-05-17
Posts: 5,180

Re: [resolved] Cannot access particular site

Leonid.I wrote:

Regarding the website, it works here although those "*" in traceroute mean that the whole network after 206.251.128.138.ptr.us.xo.net is administered by an idiot which decided to block UDP... I'll try tracerouting it with pings or from a windows machine...

No need for windows, just the privileges for ICMP or TCP syn traces:

> sudo traceroute -I www.philosophypages.com
...
17  206.251.128.150.ptr.us.xo.net (206.251.128.150)  175.169 ms  175.168 ms  175.074 ms
18  leviathan.cnchost.com (207.155.252.18)  179.669 ms  176.011 ms  175.988 ms

> sudo traceroute -T www.philosophypages.com
...
17  206.251.128.146.ptr.us.xo.net (206.251.128.146)  182.617 ms  175.698 ms  179.401 ms
18  warrior.cnchost.com (207.155.252.219)  180.658 ms !X  178.463 ms !X  178.741 ms !X

Last edited by progandy (2013-01-27 02:50:40)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#16 2013-01-27 15:31:12

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [resolved] Cannot access particular site

So I got the other user on my network to try accessing the site and she can't get it either. The only difference is that she gets an explicit "timeout" message. That machine is running Fedora.

I then tried using Google's DNS servers. I use wicd and I'm not certain I did it correctly as I left "DNS doman" and "Search domain" blank. However, the servers got into resolv.conf and I can still access other pages so I guess it is using Google's DNS. philosophypages.com, however, is still no go.

Before I changed it, I noticed that resolv.conf was using a LAN address for nameserver. I was surprised by this but as everything works I guess it must somehow be correct.

Thanks very much to jasonwryan for the script. Think I had better try that next. A work around is definitely looking appealing right now even if it doesn't really "solve" the issue. It is driving me slightly nuts, though, as I can't understand what it might be. I was thinking firewalls etc. but since both machines are affected, that seems less likely. (The other machine has much more vanilla config than mine which rules out a great many configuration issues, though obviously not all.)


EDIT: Or should I be telling the airport base station to use something different rather than the computer?

Last edited by cfr (2013-01-27 15:35:09)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#17 2013-01-28 05:06:24

Kilz
Member
Registered: 2008-03-01
Posts: 140

Re: [resolved] Cannot access particular site

Is it possible the site has blocked your network's IP? I had it happen something similar happen once when I got the ip address of an idiot when my network was offline for a few days and my outside ip changed.

Last edited by Kilz (2013-01-28 05:07:41)


I trust Microsoft about as far as I can comfortably spit a dead rat.
Cinnamon is a wonderful desktop
"Faith is the substance of things hoped for, the evidence of things not seen."

Offline

#18 2013-02-01 01:19:45

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [resolved] Cannot access particular site

I doubt that our ip address has changed. Actually, somebody in work suggested I do two things: (1) check firefox is set to "no proxy" rather than autodetection (checked - it is); (2) get a new ip by switching off the router for a bit. I left it off for a few hours today but I'm still getting the same external ip when I switch it back on. Is there anyway to encourage the network to yield a new ip address?


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#19 2013-02-01 18:11:12

Kilz
Member
Registered: 2008-03-01
Posts: 140

Re: [resolved] Cannot access particular site

Not that I know of, thats why I recommended using a anonymous proxy like say tor to check if you can access the site, you will have a different ip. You can get the tor bundle, unzip it, and launch it from inside the folder it creates, no need to install anything. Afterwards just delete it.


I trust Microsoft about as far as I can comfortably spit a dead rat.
Cinnamon is a wonderful desktop
"Faith is the substance of things hoped for, the evidence of things not seen."

Offline

#20 2013-02-23 20:07:16

hawkinstw
Member
Registered: 2013-01-26
Posts: 7

Re: [resolved] Cannot access particular site

Most probably the site is blocked upstream, meaning either by the isp, the dns server, or the proxy server.  Using an external proxy would work (except in case of a banal packet inspection firewall) but not solve the issue in a general sense.

Offline

#21 2013-02-23 22:59:33

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [resolved] Cannot access particular site

Updating to say that this issue resolved when I randomly acquired a new ip address. I am not sure why that happened. I can't really say that the issue was "solved" in the sense that I found a solution. Hence "resolved" in the sense that something changed which resolved the issue. Still not really sure what.


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

Board footer

Powered by FluxBB