[UCIMC-Tech] Re: Google via IMC wired ethernet [was:
bikeproject computer]
Stuart Levy
slevy at ncsa.uiuc.edu
Sat Sep 27 14:21:45 CDT 2008
On Thu, Sep 25, 2008 at 02:04:33PM -0500, Stuart Levy wrote:
> After Dave Young's explanation and a little digging,
> here's a possible workaround for disabling TCP window scaling on a Mac:
>
> (in a Terminal window)
>
> sudo /usr/sbin/sysctl -w net.inet.tcp.rfc1323=0
>
> Note no spaces around the "=" sign.
>
> The sudo command will prompt for your password and run the sysctl
> command as root. I haven't been able to test this yet but it may work.
I tried this with a MacOS 10.5 machine from inside the IMC,
and confirm that the above is necessary and sufficient to get access to Google.
I don't know whether Macs read /etc/sysctl.conf; mine does
not have that file. There is a man page for the file, but not sure
whether it'd actually be used.
> The above recipe is MacOS X-specific.
> It will revert to the old behavior each time you reboot the Mac,
> so you'll need to keep doing this.
>
>
> On Linux, the corresponding trick would be
>
> sudo /sbin/sysctl -w net.ipv4.tcp_window_scaling=0
>
> This too will revert on each reboot. On at least some linux flavors,
> you can add an entry to the text file "/etc/sysctl.conf" reading
> net.ipv4.tcp_window_scaling = 0
> to reinstall on each reboot.
>
> I don't know the corresponding Windows recipe -- it might be OK by default
> on XP, but if Vista enables window scaling by default then I'm not sure
> how to disable it.
>
>
>
> > Details:
> > Just like with the Bike Project BSD machine,
> > every site worked except for Google sites, and sites that halted waiting
> > for googlesyndication.com and Google metrics.
> >
> > My laptop has been on scores (hundreds?) of wireless networks, UCIMC
> > is the only place where I've seen "everything works except Google".
> > Since this is a public wireless network, it should probably work with
> > standard configuration machines.
> >
> > As I might have told you earlier, Bike Project is relying incresingly
> > on an external wiki which uses googlesyndication, so works everyhwere
> > except in Bike Project (using local Mediawiki would be better, yes), and
> > have lots of call to access Google mail and Google docs.
> >
> >
> >
> > Cheers,
> >
> > Barry
> >
> > On Tue, Sep 02, 2008 at 03:36:20PM -0500, Barry Isralewitz wrote:
> > > Hi Josh,
> > >
> > >
> > > On Wed, Aug 06, 2008 at 10:38:34AM -0500, Josh King wrote:
> > > > Hey Barry,
> > > >
> > > > Oh, it is most definitely a problem with the firewall. The thing is,
> > > > it's not something that can be fixed without overhauling the operating
> > > > system on the firewall. The whole thing is actually symptomatic of an
> > > > obscure bug in the way that OpenBSD (which is on the firewall) and Linux
> > > > (and apparently FreeBSD, judging from your computer), interact when
> > > > managing TCP/IP streams.
> > >
> > > Okay, I will try and get Ubuntu installed on the Bike Project machine
> > > shortly -- I've been meaning to do this for a while for unreleated
> > > reasons.
> > >
> > > After I install the Ubuntu machine, will I have to make any changes to
> > > allow it to work with the wired building network? Are there any recent
> > > firewall changes that happened at end of August 2008 (last few days)
> > > that I should know about?
> > >
> > > Observations:
> > > I last week witnessed Ubuntu machines in IMC (one upstairs in the
> > > Production Room) reach Google without trouble. On the other hand, I do
> > > see non-BSD machines in basement ('computer lab' Ubuntu, laptops connecting over
> > > basement wireless) having trouble reaching Google / not reaching Google
> > > at all.. Bike Project machine still not reaching Google, when I last
> > > checked on Friday, Aug. 29.
> > >
> > >
> > > Cheers,
> > >
> > > Barry
> > >
> > > > The thing is, it's a super-easy fix on a linux
> > > > system to get it to work right with our firewall (adding
> > > > net.ipv4.tcp_window_scaling = 0 to the /etc/sysctl.conf file) but a
> > > > super-hard one to fix on the firewall itself. All the workstations and
> > > > public access terminals in the building already have that fix set up,
> > > > and the problem doesn't even seem to effect most computers. I've just
> > > > never had to fix the problem on a FreeBSD box before, so I'm still
> > > > trying to ascertain the correct sysctl.conf directive
> > > > (net.inet.tcp.rfc1323 = 0 is the correct fix from everything I've read).
> > > > We plan on completely overhauling the firewall; it's just that up to
> > > > this point it would mean a significant amount of downtime for the whole
> > > > building while the firewall's operating system is replaced and
> > > > recompiled. We only recently managed to afford the hardware for
> > > > outfitting a secondary firewall box; once we set that up, when OJC moves
> > > > out (freeing up the wattage in the server room, since we can't even
> > > > squeeze one more box in there on the current circuit) we'll stick the
> > > > second firewall in, bridge the connections across, then take out the
> > > > first firewall for recompiling, thus minimizing downtime. I'm still
> > > > trying to implement a fix, but at worst everything will work when we
> > > > overhaul the network at the end of the month.
> > > >
> > > > Barry Isralewitz wrote:
> > > > > On Fri, Aug 01, 2008 at 08:57:32PM -0500, Josh King wrote:
> > > > >
> > > > >> Hey Barry,
> > > > >>
> > > > >> Damn. I'm pretty certain that the thing I'm trying to fix (the size of
> > > > >> the TCP packet frames) is the problem, since as it turns out the
> > > > >> computer in the library has developed the same issue where it can't
> > > > >> reach google, and the TCP frames is a familiar bugfix which eliminated
> > > > >> the problem on the library computer. However, I've never had to
> > > > >> implement that fix before on a FreeBSD computer. It may be that I have
> > > > >> the option wrong. I'll look into it a little more and get back to you,
> > > > >> sorry about that.
> > > > >
> > > > > Thanks much for the work on this.
> > > > >
> > > > > Any chance this is a problem with a router setting in the building, and not
> > > > > the FreeBSD machine? Quick test (which I wish I'd done the last time I was in
> > > > > the IMC): unplug the RJ-45 from Bike Project machine (temporarily),
> > > > > so you can plug it in a known-good laptop. If the laptop behaves the same way
> > > > > as the Bike Project FeeBSD machine, (i.e. can reach everything except google),
> > > > > might help figure out where the problem is. Apologies if you've already
> > > > > thought of this ...
> > > > >
> > > > >
> > > > > Cheers,
> > > > >
> > > > > Barry
> > > > >
> > > > >> Barry Isralewitz wrote:
> > > > >>> Hi,
> > > > >>>
> > > > >>> On Fri, Aug 01, 2008 at 01:32:25PM -0500, Josh King wrote:
> > > > >>>> Hey Barry,
> > > > >>>>
> > > > >>>> I forgot that your computer doesn't have sudo installed, so my account
> > > > >>>> on there doesn't have administrative access. In any event, I believe
> > > > >>>> that the fix is to add the line:
> > > > >>>>
> > > > >>>> net.inet.tcp.rfc1323 = 0
> > > > >>>>
> > > > >>>> to the end of the file /etc/sysctl.conf, and either restart the computer
> > > > >>>> or run the command (as root) sysctl -f /etc/sysctl.conf
> > > > >>>>
> > > > >>>> If that works, then you can remove my account (`pw userdel jking` should
> > > > >>>> work) and shut off sshd (change enable_sshd="YES" to enable_sshd="NO" in
> > > > >>>> /etc/rc.conf, and run /etc/rc.d/sshd stop). Let me know whether this is
> > > > >>>> successful.
> > > > >>>> --
> > > > >>>> Josh King
> > > > >>> Thanks!
> > > > >>>
> > > > >>> I added above net.inet line and rebooted, but did not seem to help much...
> > > > >>>
> > > > >>>
> > > > >>> Cheers,
> > > > >>>
> > > > >>> Barry
> > > > >>>> --
> > > > >>>> josh at ucimc.org
> > > > >>>> --
> > > > >>>> System Administrator, Chambana.net (http://www.chambana.net)
> > > > >>>> --
> > > > >>>> "I am an Anarchist not because I believe Anarchism is the final goal,
> > > > >>>> but because there is no such thing as a final goal." -Rudolf Rocker
> > > > >>>>
> > > > >>>>
> > > > >>>
> > > > >>>
> > > > >> --
> > > > >> Josh King
> > > > >> --
> > > > >> josh at ucimc.org
> > > > >> --
> > > > >> System Administrator, Chambana.net (http://www.chambana.net)
> > > > >> --
> > > > >> "I am an Anarchist not because I believe Anarchism is the final goal,
> > > > >> but because there is no such thing as a final goal." -Rudolf Rocker
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > >
> > > >
> > > > --
> > > > Josh King
> > > > --
> > > > josh at ucimc.org
> > > > --
> > > > System Administrator, Chambana.net (http://www.chambana.net)
> > > > --
> > > > "I am an Anarchist not because I believe Anarchism is the final goal,
> > > > but because there is no such thing as a final goal." -Rudolf Rocker
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Barry Isralewitz, Ph. D.
> > > Theoretical and Computational Biophysics Group,
> > > University of Illinois at Urbana-Champaign
> > > Beckman 3043 Phone: (217) 244-1612 Home Phone: (217) 337-6364
> > > email: barryi at ks.uiuc.edu http://www.ks.uiuc.edu/~barryi
> >
> > --
> > Barry Isralewitz, Ph. D.
> > Theoretical and Computational Biophysics Group,
> > University of Illinois at Urbana-Champaign
> > Beckman 3043 Phone: (217) 244-1612 Home Phone: (217) 337-6364
> > email: barryi at ks.uiuc.edu http://www.ks.uiuc.edu/~barryi
> > _______________________________________________
> > IMC-Tech mailing list
> > IMC-Tech at lists.ucimc.org
> > http://lists.chambana.net/cgi-bin/listinfo/imc-tech
> _______________________________________________
> IMC-Tech mailing list
> IMC-Tech at lists.ucimc.org
> http://lists.chambana.net/cgi-bin/listinfo/imc-tech
More information about the IMC-Tech
mailing list