[lug] Connection problems from Europe

John Hernandez John.Hernandez at noaa.gov
Thu Mar 11 10:01:33 MST 2004

Jeff- I think you may be on the right track with the firewall.  When 
they send pings, can you run tcpdump and see their packets on your 
firewall's external interface.  If so, do you see an echo reply from 
your server?  If no response, maybe your firewall is losing track of the 
connection.  Could the conntrack state tables be filling up?

Jeff Schroeder wrote:

>Hey all--
>I don't know what to make of this, so I figured I'd post a quick note to 
>the group to see if anyone is experiencing the same problem, or can 
>shed some light on what might be happening.
>I'm running a few web sites out of Boulder, and from where I sit 
>everything looks fine.  However, some users in Europe are unable to 
>access the sites at all.  They can get to other sites in the world, and 
>they can even get to other sites on the *same* server... but it seems 
>like certain IP's are simply not working.
>In particular, a user in England is able to see the site 
>http://test.sketchup.com (  However, he isn't able to 
>see http://www.sketchup.com ( which is running on the 
>same server.
>Another user in the Netherlands has the reverse situation: he can see 
>http://www.sketchup.com but not http://test.sketchup.com.
>Both users can see http://www.bitrelay.net (, which is 
>obviously on the same subnet but a different server.  And neither can 
>see http://www.doublearon.org (, which is on that 
>server as well.  I should point out that both users are network-savvy 
>and are using different ISPs and OSes, so it's unlikely to be user 
>All in all, there doesn't seem to be a pattern to the madness.  Several 
>other European users have the same problem, but in different 
>combinations.  Note that tests throughout the United States-- from CA 
>to NY-- indicate no problems whatsoever.  It's only these European 
>users having issues.
>I can't help but think there's something odd going on with my firewall 
>(iptables, doing masquerading), but the firewall has been running 
>smoothly for years and hasn't been updated or otherwise changed 
>Does anyone have experience with random but consistent network problems 
>like this?  Is there anything I should try in order to eliminate 
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list