EDIT: I think I found the root of the problem. You can probably skip reading this and go right to my third post.
I have been building an router using Ubuntu. Just to give an idea of the general things going on that might affect the problem, here is the router's general setup:
Router connects to WAN (eth0) with default DHCP client.
dnsmasq serves DHCP addresses to LAN (eth2). eth2 is connected to a gigabit switch to allow multiple clients.
A DD-WRT router configured as an access point is connected to the switch to allow wireless clients.
iptables is configured like this:
Code:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -s localhost -d localhost -j ACCEPT
iptables -A INPUT -i eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -s 192.168.42.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth2 -d 192.168.42.0/255.255.255.0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
A variety of other services are running on the router including software RAID, SAMBA, Apache, PHP, DynamicDNS updater and OpenVPN.
The problem I am having is this: Occasionally, when attempting to visit a site, Chrome will give these two errors:
Error 103 - Connection Aborted
Error 324 - Empty Response
I tried with some other browsers and Firefox seems to say "The connection was reset", while Internet Explorer just says "Internet explorer cannot display the webpage".
This problem typically affects one site at a time; any other site still loads properly. The problem happens somewhat frequently, but seems to be restricted to a few sites. I have had a problem with google.com, tumblr.com and cracked.com. No other sites visited have ever exhibited this problem. (If it weren't for google, this problem might not even be worth fixing).
After encountering this problem, it usually persists for 10-30min, then resolves itself. Occasionally the problem just seems to be totally intermittent (refresh, it doesn't work; refresh again it works).
Certain computers in the house seem to see this problem frequently: My Windows 7 desktop (wired connection) and my roommate's Windows 8 laptop. Other computer never seem to have the problem: My Ubuntu laptop, my roommate's Windows XP laptop. However, when the Windows 8 laptop cannot access google.com, the Windows 7 desktop does not necessarily lose connection at the same time, but sometimes does.
When the problem occurs, resetting network adapter seems to solve the problem temporarily.
Because the problem is intermittent, I have had a hard time troubleshooting. I have managed to start tcpdump in time to capture a number of failed transmissions and they always seem to follow this format:
Client->Server: SYN.
Server->Client: SYN-ACK.
Client->Server: ACK.
Client->Server: HTTP GET request
Client->Server: Continuation of HTTP request
Server->Client: TCP Window Update. This packet is not seen in every case. No response from server is ever heard past this point.
Client->Server: Numerous TCP re-transmissions.
Client->Server: TCP reset
Sometimes the TCP resets are scattered through the numerous TCP re-transmissions.
When loading the page and no problems occur, sometimes an ICMP "destination not reachable (fragmentation needed)" is sent from the router to the client after a particularly long http request (ex. 1314 bytes), which prompts the re-transmission of the request in smaller packets. Many times, isolated duplicate ACKs are seen. Occasionally there are two consecutive duplicate ACKs followed by a number of re-transmissions. I don't know much about the first issue, but from my understanding of TCP, the duplicate ACKs are ok.
So this leads me to three questions: 1) What other data can I/should I be gathering to help diagnose this? 2) What other info would it be helpful for me to post here? 3) Does anybody have any ideas what could be causing this problem?
I am a bit concerned about doing things like posting whole tcpdump captures here because of the information I might be unintentionally revealing in it. If it would help to post those, what Wireshark filters should I use to extract only the relevant information? Right now I am using "ip.addr==<client-ip>&&ip.addr==<server-ip>".
Bookmarks