RE: [users@httpd] No response recieved from Apache at some external locations, but not others

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Fantastic, thanks very much; that's likely to be it, I have a very vague recollection of fiddling with MTU on my router, something to do with trying to get it to keep the ADSL PPPoE connection alive for longer, but I didn't really know what I was doing so I should have left it well alone.  I will work on this basis and see what happens.  Thanks very much for the pointer, I would never have got there otherwise.
 
Jeff McAdams wrote:
 
Robert Elliot wrote:
> OK, try http://www.lidalia.org.uk <http://www.lidalia.org.uk>  - should show the Apache splash page.

Unless I'm mistaken, this site is hosted on a DSL connection that uses
PPPoE?

What I think is happening is that data is getting sent from one side or
the other assuming a fairly standard MTU of 1500 on the network
connections.  Your DSL connection (assuming I'm right above) can only
handle packet sizes of 1492 (because of PPPoE overhead).  Additionally,
one side or the other is unable to figure out that the packets aren't
getting through.

This would line up with firewalls being involved.  If a firewall
is...we'll say "shortsightedly"...block all ICMP messages, then the ICMP
"Host Unreachable, Fragmentation Needed, but DF (Don't Fragment) bit was
set" message won't get through, meaning that the host won't know that it
needs to limit itself to sending smaller packets for that connection.

This whole overall process is called PMTUD, or Path MTU Discovery, and
firewalls blocking all ICMP prevent it from working correctly.

Some systems have the ability to deal with this...I think Linux calls it
PMTU Blackhole Discovery.

Another possible solution would be to set the MTU on your interface down
smaller (in Linux, "ifconfig <ifname> mtu 1400" should do it).

FWIW, I was unable to hit the page...I set my MTU in that manner, and I
was then able to pull up the page.
--
Jeff McAdams
"They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety."
                                       -- Benjamin Franklin

<<winmail.dat>>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux