I was converted to LLU about 1 month ago. After some very poor performance, including frequent outages, I noticed that speeds have improved the last couple of evenings, and IP block addresses have been changed. They are being allocated in a new range - my IP address as I type is now in the 91.104.*.* range. Previously it was always in the 84.*.*.* or 195.*.*.* range.
However, now I have found that NAT is blocked. I can connect normally from one computer, but if I try through my NAT router then connections are blocked from other computers in my local network - it seems as if port translation is being detected and intercepted at the service provider's end. Is anyone else noticing this?
Considering the livebox is a NAT router it would be an insane thing to do to knowingly block NAT somehow.
Are you saying through your router only 1 pc works and all the others won't? Can they show any sort of connection at all? Like accessing email, pinging a website, pinging an ip address etc?
I agree it seems very odd, but yes something has gone wrong with address/port translation as of about 10 hours ago. I can ping to the internet from any computer on my network so the network is working OK from that point of view, but whenever port translation to a server on the internet comes into play, as from earlier today it now fails unless from an unNATed computer. This has definitely coincided with the change of block IP addresses which (according to my logs) also occurred earlier today.
My situation is someone unusual. I have one computer (actually running Linux) which maintains the internet connection (via a Speedtouch USB modem) and provides NAT for the other (Windows) computers on my local network. It is the Linux computer, rather than the router, which does the NATing, and it is working (and NATing) normally. The router provides DHCP services for the rest of the network (as well of course as routing for the local network).
One other thing I notice is that the address of the remote side ppp connection (the default route) is 91.104.0.1, which does not give a valid reverse DNS look-up; however I don't see why that should make any difference.
It would be helpful if anyone else allocated an address in the 91.104.*.* range could report on their experiences.
I do not subscribe to the unlimited/Livebox service - I wonder if subscribers to the limited service are being restricted to a single non-NATable connection.
A couple of other things: I have tried repeatedly dropping the ppp connection and then reestablishing it again, and the remote side IP address is always 91.104.0.1 - my allocated local IP address varies within the 91.104.*.* range, as one would expect.
I also see that pinging 91.104.0.1 gives me a "packet filtered" message, so something appears to be up.
Still it makes no sense to go to the effort of determining if a connection is through a livebox and if not then interfere with it. If it was effecting all then it would be a major or local outage which wouldn't go unnoticed.
Can you give an example of what you can and can't actually access from the windows pcs? Also was the ping tests you ran URL, IP address or both?
From the look of the IP you provided it appears to be on LLU, do you know if you are or have been for a while?
I mentioned that I have been on LLU for about a month. Yesterday the remote peer address, and local peer address range, changed.
On the windows PCs I can ping the internet successfully using both URL and decimal dotted IP notation, so DNS is working OK. I can bring up a few web pages, such as a search page on google at www.google.co.uk and (my son found this) the introductory page (but no other) on the www.liverpoolfc.tv website (my other son feels this is discriminatory as we cannot bring up www.chelseafc.com). It can listen to France Info on mms://viptvr2.yacast.net/encoderfranceinfo provided that I do not do so via the web interface. Most web pages fail to load, such as www.bbc.co.uk, and I can find no explanation why a few do happen to load .
It seems to me that port 80 is being monkeyed around with. It may be an artifact of the interface between linux iptables NATing and whatever port/address redirection is being done by Orange on 91.104.0.1. Whether it is a more widespread problem which may affect Liveboxes, we will find out - it looks as if Orange are just rolling this out in their North London service area.
I mentioned that I have been on LLU for about a month. Yesterday the remote peer address, and local peer address range, changed.
Oh yeah, I missed that, just noticed a mention of LLU looking at that IP.
Quote:
On the windows PCs I can ping the internet successfully using both URL and decimal dotted IP notation, so DNS is working OK. I can bring up a few web pages, such as a search page on google at www.google.co.uk and (my son found this) the introductory page (but no other) on the www.liverpoolfc.tv website (my other son feels this is discriminatory as we cannot bring up www.chelseafc.com). It can listen to France Info on mms://viptvr2.yacast.net/encoderfranceinfo provided that I do not do so via the web interface. Most web pages fail to load, such as www.bbc.co.uk, and I can find no explanation why a few do happen to load.
Ah now things are starting to make some sense, I'll explain at the end.
Quote:
It seems to me that port 80 is being monkeyed around with. It may be an artifact of the interface between linux iptables NATing and whatever port/address redirection is being done by Orange on 91.104.0.1. Whether it is a more widespread problem which may affect Liveboxes, we will find out - it looks as if Orange are just rolling this out in their North London service area.
This is one of those problems that crops up from time to time on LLU but it's very vague, however there has been mention of it on here before and I've heard a few other bits about it. It's apparantly down to the MTU setting, I'm not certain if just changing the linux system for that or if you'd need to do all the windows systems for it or both.
There was a program mentioned in the thread before but it was a trial version.
this sounds exactly like the problem I';m having. But I have a third party AP (US Robotics) and can't find where I would adjust these settings. Can you tell me where I would go to change these settings please?
Fixed - Quick search revealed a similar problem at AOL where the LLU migration had meant connections were PPPoE, and not ATM. Flipped the router over and everything seems OK!
This is the complete story arising from the solutions I have tried, for those interested.
1. The issue arises because the Orange LLU ppp remote server on 91.104.0.1 refuses to agree a MTU request of 1500. It will only negotiate a MTU of 1492, which is the normal size for PPPoE. PPPoA normally uses a MTU of 1500, so why Orange do this is not clear - perhaps they want to leave open changing to PPPoE later, or perhaps they just haven't set it up correctly.
2. This of itself would not be problematic, except that the upstream Orange router does not properly send, receive and/or deal with fragmentation requests arising from the MTU of 1492 established from the default MTU/MRU negotiation.
3. I have verified that I can successfully deal with the problem by changing the ethernet MTU for all the windows computers on my home network to 1492. They will then negotiate that as the packet size (instead of the usual Windows/ethernet size of 1500 bytes) when the user establishes connections to internet web sites.
4. However, I have also found that if the local ppp connection has its MRU set at higher than 1500, then that will cause Orange to defragment packets correctly. 1501 will do, but I have set mine to 1600. I cannot explain why this works, but it does.
5. I believe it can also be done by MSS clamping in the NATing router (where the router can do MSS clamping, as it can with my iptables NATing), but since either 3 or 4 above work, I have not tried this out.
In summary: if you set the MRU to 1501 or higher with Orange LLU, then things seem to work OK.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
