Website is accessible via WIFI but not LAN











up vote
0
down vote

favorite












Everyday I access a 3rd party website either via my browser directly or requesting files via a javascript application I developed. This morning, my connection to that site has been so slow that the majority of my requests timeout.



I did some testing and I can access the site just fine via my WIFI network, but it doesn't work via LAN. My WIFI network is simply a WIFI access point connected to my LAN so both are using the same subnet and gateway. I've had the same issues on multiple computers and it only seems to be related to this one website. The rest of the sites I have visited are problem-free.



I'm completely baffled. We've called technical support for the site and they said it must be a problem on our end because all their diagnostics check out.



Any ideas why a particular domain would only work on a WIFI access point and not on the LAN itself?










share|improve this question






















  • Does your AP do any address translation?
    – Ron Trunk
    Jan 7 '14 at 19:49










  • It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
    – JohnnyVegas
    Sep 21 at 23:26

















up vote
0
down vote

favorite












Everyday I access a 3rd party website either via my browser directly or requesting files via a javascript application I developed. This morning, my connection to that site has been so slow that the majority of my requests timeout.



I did some testing and I can access the site just fine via my WIFI network, but it doesn't work via LAN. My WIFI network is simply a WIFI access point connected to my LAN so both are using the same subnet and gateway. I've had the same issues on multiple computers and it only seems to be related to this one website. The rest of the sites I have visited are problem-free.



I'm completely baffled. We've called technical support for the site and they said it must be a problem on our end because all their diagnostics check out.



Any ideas why a particular domain would only work on a WIFI access point and not on the LAN itself?










share|improve this question






















  • Does your AP do any address translation?
    – Ron Trunk
    Jan 7 '14 at 19:49










  • It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
    – JohnnyVegas
    Sep 21 at 23:26















up vote
0
down vote

favorite









up vote
0
down vote

favorite











Everyday I access a 3rd party website either via my browser directly or requesting files via a javascript application I developed. This morning, my connection to that site has been so slow that the majority of my requests timeout.



I did some testing and I can access the site just fine via my WIFI network, but it doesn't work via LAN. My WIFI network is simply a WIFI access point connected to my LAN so both are using the same subnet and gateway. I've had the same issues on multiple computers and it only seems to be related to this one website. The rest of the sites I have visited are problem-free.



I'm completely baffled. We've called technical support for the site and they said it must be a problem on our end because all their diagnostics check out.



Any ideas why a particular domain would only work on a WIFI access point and not on the LAN itself?










share|improve this question













Everyday I access a 3rd party website either via my browser directly or requesting files via a javascript application I developed. This morning, my connection to that site has been so slow that the majority of my requests timeout.



I did some testing and I can access the site just fine via my WIFI network, but it doesn't work via LAN. My WIFI network is simply a WIFI access point connected to my LAN so both are using the same subnet and gateway. I've had the same issues on multiple computers and it only seems to be related to this one website. The rest of the sites I have visited are problem-free.



I'm completely baffled. We've called technical support for the site and they said it must be a problem on our end because all their diagnostics check out.



Any ideas why a particular domain would only work on a WIFI access point and not on the LAN itself?







networking wireless-networking router internet lan






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 7 '14 at 19:11









Brian

12124




12124












  • Does your AP do any address translation?
    – Ron Trunk
    Jan 7 '14 at 19:49










  • It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
    – JohnnyVegas
    Sep 21 at 23:26




















  • Does your AP do any address translation?
    – Ron Trunk
    Jan 7 '14 at 19:49










  • It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
    – JohnnyVegas
    Sep 21 at 23:26


















Does your AP do any address translation?
– Ron Trunk
Jan 7 '14 at 19:49




Does your AP do any address translation?
– Ron Trunk
Jan 7 '14 at 19:49












It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
– JohnnyVegas
Sep 21 at 23:26






It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
– JohnnyVegas
Sep 21 at 23:26












1 Answer
1






active

oldest

votes

















up vote
0
down vote













If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.



As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.



To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.



TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.



To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:



# Normal small pings first, just to see if pings work
ping badwebsite.example.com
# Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
ping -s 1472 badwebsite.example.com


(I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)



If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f698275%2fwebsite-is-accessible-via-wifi-but-not-lan%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.



    As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.



    To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.



    TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.



    To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:



    # Normal small pings first, just to see if pings work
    ping badwebsite.example.com
    # Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
    ping -s 1472 badwebsite.example.com


    (I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)



    If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.






    share|improve this answer

























      up vote
      0
      down vote













      If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.



      As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.



      To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.



      TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.



      To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:



      # Normal small pings first, just to see if pings work
      ping badwebsite.example.com
      # Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
      ping -s 1472 badwebsite.example.com


      (I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)



      If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.






      share|improve this answer























        up vote
        0
        down vote










        up vote
        0
        down vote









        If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.



        As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.



        To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.



        TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.



        To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:



        # Normal small pings first, just to see if pings work
        ping badwebsite.example.com
        # Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
        ping -s 1472 badwebsite.example.com


        (I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)



        If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.






        share|improve this answer












        If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.



        As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.



        To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.



        TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.



        To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:



        # Normal small pings first, just to see if pings work
        ping badwebsite.example.com
        # Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
        ping -s 1472 badwebsite.example.com


        (I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)



        If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 7 '14 at 19:56









        Spiff

        76.1k10116158




        76.1k10116158






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f698275%2fwebsite-is-accessible-via-wifi-but-not-lan%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Probability when a professor distributes a quiz and homework assignment to a class of n students.

            Aardman Animations

            Are they similar matrix