Website is accessible via WIFI but not LAN
up vote
0
down vote
favorite
Everyday I access a 3rd party website either via my browser directly or requesting files via a javascript application I developed. This morning, my connection to that site has been so slow that the majority of my requests timeout.
I did some testing and I can access the site just fine via my WIFI network, but it doesn't work via LAN. My WIFI network is simply a WIFI access point connected to my LAN so both are using the same subnet and gateway. I've had the same issues on multiple computers and it only seems to be related to this one website. The rest of the sites I have visited are problem-free.
I'm completely baffled. We've called technical support for the site and they said it must be a problem on our end because all their diagnostics check out.
Any ideas why a particular domain would only work on a WIFI access point and not on the LAN itself?
networking wireless-networking router internet lan
asked Jan 7 '14 at 19:11
Brian
12124
add a comment |
up vote
0
down vote
favorite
Everyday I access a 3rd party website either via my browser directly or requesting files via a javascript application I developed. This morning, my connection to that site has been so slow that the majority of my requests timeout.
I did some testing and I can access the site just fine via my WIFI network, but it doesn't work via LAN. My WIFI network is simply a WIFI access point connected to my LAN so both are using the same subnet and gateway. I've had the same issues on multiple computers and it only seems to be related to this one website. The rest of the sites I have visited are problem-free.
I'm completely baffled. We've called technical support for the site and they said it must be a problem on our end because all their diagnostics check out.
Any ideas why a particular domain would only work on a WIFI access point and not on the LAN itself?
networking wireless-networking router internet lan
asked Jan 7 '14 at 19:11
Brian
12124
Does your AP do any address translation?
– Ron Trunk
Jan 7 '14 at 19:49
It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
– JohnnyVegas
Sep 21 at 23:26
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Everyday I access a 3rd party website either via my browser directly or requesting files via a javascript application I developed. This morning, my connection to that site has been so slow that the majority of my requests timeout.
I did some testing and I can access the site just fine via my WIFI network, but it doesn't work via LAN. My WIFI network is simply a WIFI access point connected to my LAN so both are using the same subnet and gateway. I've had the same issues on multiple computers and it only seems to be related to this one website. The rest of the sites I have visited are problem-free.
I'm completely baffled. We've called technical support for the site and they said it must be a problem on our end because all their diagnostics check out.
Any ideas why a particular domain would only work on a WIFI access point and not on the LAN itself?
networking wireless-networking router internet lan
asked Jan 7 '14 at 19:11
Brian
12124
Everyday I access a 3rd party website either via my browser directly or requesting files via a javascript application I developed. This morning, my connection to that site has been so slow that the majority of my requests timeout.
I did some testing and I can access the site just fine via my WIFI network, but it doesn't work via LAN. My WIFI network is simply a WIFI access point connected to my LAN so both are using the same subnet and gateway. I've had the same issues on multiple computers and it only seems to be related to this one website. The rest of the sites I have visited are problem-free.
I'm completely baffled. We've called technical support for the site and they said it must be a problem on our end because all their diagnostics check out.
Any ideas why a particular domain would only work on a WIFI access point and not on the LAN itself?
networking wireless-networking router internet lan
networking wireless-networking router internet lan
asked Jan 7 '14 at 19:11
Brian
12124
asked Jan 7 '14 at 19:11
Brian
12124
asked Jan 7 '14 at 19:11
Brian
12124
asked Jan 7 '14 at 19:11
Brian
12124
asked Jan 7 '14 at 19:11
Brian
12124
12124
Does your AP do any address translation?
– Ron Trunk
Jan 7 '14 at 19:49
It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
– JohnnyVegas
Sep 21 at 23:26
add a comment |
Does your AP do any address translation?
– Ron Trunk
Jan 7 '14 at 19:49
It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
– JohnnyVegas
Sep 21 at 23:26
Does your AP do any address translation?
– Ron Trunk
Jan 7 '14 at 19:49
Does your AP do any address translation?
– Ron Trunk
Jan 7 '14 at 19:49
It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
– JohnnyVegas
Sep 21 at 23:26
It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
– JohnnyVegas
Sep 21 at 23:26
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.
As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.
To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.
TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.
To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:
# Normal small pings first, just to see if pings work
ping badwebsite.example.com
# Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
ping -s 1472 badwebsite.example.com
(I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)
If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.
answered Jan 7 '14 at 19:56
Spiff
76.1k10116158
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.
As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.
To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.
TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.
To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:
# Normal small pings first, just to see if pings work
ping badwebsite.example.com
# Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
ping -s 1472 badwebsite.example.com
(I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)
If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.
answered Jan 7 '14 at 19:56
Spiff
76.1k10116158
add a comment |
up vote
0
down vote
If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.
As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.
To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.
TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.
To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:
# Normal small pings first, just to see if pings work
ping badwebsite.example.com
# Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
ping -s 1472 badwebsite.example.com
(I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)
If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.
answered Jan 7 '14 at 19:56
Spiff
76.1k10116158
add a comment |
up vote
0
down vote
up vote
0
down vote
If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.
As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.
To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.
TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.
To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:
# Normal small pings first, just to see if pings work
ping badwebsite.example.com
# Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
ping -s 1472 badwebsite.example.com
(I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)
If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.
answered Jan 7 '14 at 19:56
Spiff
76.1k10116158
If the Wi-Fi AP is acting as a NAT gateway (which assumes its WAN port is plugged into the upstream router's LAN port), it may be doing DNS differently, or it may be doing a better job of TCP MSS Clamping than your upstream NAT gateway is doing.
As for DNS, suppose your upstream NAT gateway, when giving out DHCP leases to wired Ethernet client, tells clients to use DNS Server A. Support your Wi-Fi AP, when giving out DHCP leases to Wi-Fi clients, tells clients to use DNS Server B. Now suppose DNS Server A has a bug where it chokes on DNS responses for one website's domain name. All of your Ethernet clients would fail to find the IP address they need to use to connect to that website, so they'd all fail to connect. But your Wi-Fi clients would be asking DNS Server B, which doesn't have that bug, so they'd get the answers they were looking for and would be able to connect.
To test if DNS is the problem, make sure your Ethernet and Wi-Fi clients are all getting the same DNS server addresses.
TCP MSS Clamping is a method where a NAT gateway thinks it knows more about upstream MTUs (MTU = Maximum Transmission Unit; think of it as a maximum IP packet size) than its clients do, so if it ever sees a client try to negotiate a TCP MSS (an MSS is a TCP-layer Maximum Segment Size, which is the TCP-layer equivalent of the IP-layer's "MTU" concept) that's bigger than will fit in the upstream pipe, the NAT gateway rewrites those TCP MSS negotiation fields in the TCP SYN packets to trick the TCP endpoints into agreeing to a smaller MSS which should actually work given what the NAT gateway knows about MTU restrictions on the other network hops.
To test if MTU stuff is the problem, trying pinging the problem website with both a normal ~64-byte ICMP echo request, and then try again with an ICMP echo request that fills the whole 1500 byte frame:
# Normal small pings first, just to see if pings work
ping badwebsite.example.com
# Now pad the pings out to 1472 so that, after headers are added, it's a full 1500 byte frame.
ping -s 1472 badwebsite.example.com
(I suppose I shouldn't have to say this, but just in case, make sure you did those ping tests from an Ethernet client, not a Wi-Fi client.)
If small pings work but large pings fail, it indicates an MTU problem. Try different values after -s to see what's the maximum value that works for you. Add 28 to it to find out what MTU you can safely set on your Ethernet clients. Actually, better than manually setting a smaller MTU on your Ethernet clients, fix your upstream NAT to do proper MSS clamping or something.
answered Jan 7 '14 at 19:56
Spiff
76.1k10116158
answered Jan 7 '14 at 19:56
Spiff
76.1k10116158
answered Jan 7 '14 at 19:56
Spiff
76.1k10116158
answered Jan 7 '14 at 19:56
Spiff
76.1k10116158
76.1k10116158
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f698275%2fwebsite-is-accessible-via-wifi-but-not-lan%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Does your AP do any address translation?
– Ron Trunk
Jan 7 '14 at 19:49
It's not the network equipment or the domain, it's the computer. run ipconfig /flushdns then reboot - Does the problem persist?
– JohnnyVegas
Sep 21 at 23:26