I’ve had an issue for a while, being unable to access certain websites such as https://fon.com, but also certain parts of the Apple, Fortis and Microsoft site, while other (https) websites worked fine.
Running Wireshark I found that only about 5ish packets got transferred, and all other data to that website abruptly stopped.
I’m using ADSL (EDPnet), which has an MTU of 1492, however, I was able to access all websites from the router (using lynx, for example), but not from any other PC within the network.
# ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:18.104.22.168 P-t-P:22.214.171.124 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:38804442 errors:0 dropped:0 overruns:0 frame:0 TX packets:28930886 errors:0 dropped:5020 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:45941523311 (42.7 GiB) TX bytes:2887926670 (2.6 GiB)
As it had worked before without any issues, I was more thinking about a kernel problem (or a module of it), however, stripping down unnecessary modules and updating my kernel a few times didn’t resolve the issue. I even booted an old kernel I had still lying around from when I could access the websites. However, all these attempts were in vain.
Thinking it might have been a firewall issue, I flushed all my iptables rules, and started over from scratch. However, this too didn’t solve my issue.
When I VPN’ed or used my Macbook Pro directly as PPPoE device (by-passing the Gentoo router) I was able to access all the websites as well.
After being close to giving up, I found the following iptables rule:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -t mangle
And try again.
This did solve my issue. 🙂
This is because the default 100mbit MTU is 1500, instead of 1492 for PPPoE.