Robert Elliot wrote:
> OK, try http://www.lidalia.org.uk <http://www.lidalia.org.uk> - should show the Apache splash page.
Unless I'm mistaken, this site is hosted on a DSL connection that uses
PPPoE?
What I think is happening is that data is getting sent from one side or
the other assuming a fairly standard MTU of 1500 on the network
connections. Your DSL connection (assuming I'm right above) can only
handle packet sizes of 1492 (because of PPPoE overhead). Additionally,
one side or the other is unable to figure out that the packets aren't
getting through.
This would line up with firewalls being involved. If a firewall
is...we'll say "shortsightedly"...block all ICMP messages, then the ICMP
"Host Unreachable, Fragmentation Needed, but DF (Don't Fragment) bit was
set" message won't get through, meaning that the host won't know that it
needs to limit itself to sending smaller packets for that connection.
This whole overall process is called PMTUD, or Path MTU Discovery, and
firewalls blocking all ICMP prevent it from working correctly.
Some systems have the ability to deal with this...I think Linux calls it
PMTU Blackhole Discovery.
Another possible solution would be to set the MTU on your interface down
smaller (in Linux, "ifconfig <ifname> mtu 1400" should do it).
FWIW, I was unable to hit the page...I set my MTU in that manner, and I
was then able to pull up the page.
--
Jeff McAdams
"They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety."
-- Benjamin Franklin
Attachment:
signature.asc
Description: OpenPGP digital signature
|