<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">An update, after several months.<br>
<br>
After the last message, I adjusted the MTU size down to 1400.
Doing a <tt>tracert</tt>, after this change, to <tt>forum.lazarus.freepascal.org</tt>
now succeeds, but I am still unable to connect via my desktop (Win
7 Pro 64bit) to the address from neither Chrome nor Firefox (I get
a timeout). I can connect without a problem via the original
Kindle Fire tablet from the same LAN, so that seems to eliminate
the router as a problem.<br>
<br>
At that point I tried to figure out what is wrong without
bothering the folks here on the list.<br>
<br>
I have taken up the habit of every time I get access to someone's
desktop or other device to try accessing the forum. About 1 out of
4 Win-7 desktop computers I have tried will not connect (I did not
check which versions of Win-7). The few Linux boxes I have tried
have all succeeded in connecting. Same successful connection via
the Mac and Android/Linux tablets and phones I have tried. I have
not tried any iOS, XP, or Win 8 devices/laptops/boxes. In the
computers that did not connect, it did not seem to matter if I
used Chrome, Firefox, or IE (if one failed, they all failed).<br>
<br>
Using the IP address explicitly does not seem to make a
difference.<br>
<br>
Using Wireshark for monitoring, the connection seems to hit a wall
once a SYN packet is sent during the handshake (no SYN-ACK packet
is returned from 80.123.225.56, the IP of the forum).<br>
<tt>192.168.1.3 → 80.123.225.56, TCP protocol, length 66B, port
51683→80</tt><tt><br>
</tt><tt>[SYN] Seq=0; Win=8192; Len=0; MSS=1360; WS=4; SACK_PERM=1</tt><br>
After the packet doesn't get acknowledged, it retransmits the same
packet twice, then transmits the packet *without* the Window
Scaling=4 parameter (other information is the same) twice. Then it
repeats the entire process until the timeout hits.<br>
<br>
I have tried figuring this out, but after several months, I seem
to not be getting any further in solving this. I am not sure what
else I need to check.<br>
<br>
On 1/31/2015 4:26 PM, Helmut Hartl wrote:<br>
</div>
<blockquote cite="mid:54CD649E.1070006@firmos.at" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
hi, i am helmut<br>
<br>
i am one of the admins of the hosting facility that the lazarus
website<br>
lives in. <br>
The lazarus website/mailinglist is hosted here in graz/austria.<br>
the servers external ip is 80.123.225.56, while the firewalls ip
is<br>
80.120.208.116 ( here your packets seem to end, so you are<br>
just 2 feet away from the data :-) )<br>
<br>
The firewall disallows icmp packet to go through to the webserver.<br>
<br>
I changed this now because the firewall drops also fragmented
packets,<br>
icmp is needed for mtu path discovery to work - It<br>
may be a problem that you emit fragmented packets along your path,<br>
which reach us but then get dropped (for security reasons).<br>
<br>
Maybe my change helps you. <br>
<br>
You can also try to use lazarus.firmos.at, which is the same ip<br>
and may rule out some strange dns problems.<br>
<br>
Another thing you could do is to try to change the mtu of<br>
your networking equipment (network card that you are using<br>
to browse to the site) downwards (say from 1500 -> 1400<br>
to test).<br>
Just google or<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.networkworld.com/article/2224654/cisco-subnet/mtu-size-issues.html">http://www.networkworld.com/article/2224654/cisco-subnet/mtu-size-issues.html</a><br>
<br>
<br>
HTH,<br>
<br>
helmut </blockquote>
<br>
</body>
</html>