If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Inability to reach Microsoft sites from behind NAT firewall
Hello,
I've been trying to get my girlfriend's Windows XP Home laptop working from behind my firewall computer, a Linux box which performs NATting for all computers behind it. I've never operated a Windows computer, and have no idea what has to be done, plus this version of Windows is in Chinese only, and it takes me an impractically long time to walk through menus labelled in Chinese. It appears that she can reach all websites except those belonging to Microsoft, and one Yahoo! site. Everything else works fine. Here are my observations: - she cannot reach hotmail, a message appears asking her to check her Internet connection - she could, for a while, see her hotmail messages through MSN explorer, a program which seems to be included in the OS, but that has stopped working also - she cannot reach a "Windows update" server, it again claims that the Internet connection is down - she cannot reach the yahoo Taiwan site, but can reach other yahoo sites such as yahoo Japan. - she can, from Windows, reach every other site attempted, painlessly - she can reach hotmail, yahoo, etc. from the Linux desktops behind the firewall, it is only the Windows machine which has trouble The troubles with hotmail are not occasional, they happen without fail, every time an attempt is made to access from Windows XP. If she directs Internet Explorer window at the yahoo Taiwan site, then goes off to work on something else, she sometimes receives an incomplete page after 7 or 8 hours. These problems did not manifest when the laptop was in Taiwan, sharing an Internet connection with another desktop machine there. Since arriving in Canada and being configured (incorrectly?) for the local network here, the laptop has never successfully connected to those websites it cannot reach, so this isn't some progressive bitrot. The Linux box is NATting a static IP number, cneufeld.ca. Surely it is not an unusual setup to have a Windows machine hiding behind a stateful NAT firewall. I've done TCP dumps of good connections from Linux and broken connections from Windows XP, both to login.passport.net, to try to see what's going wrong. Here's a sequence from the failed connection to http://login.passport.net from the Windows XP laptop. Along the way, it picked up a redirection in the URL, which appears to have been trying to set her specific login details. laptop opens a connection (#1) to login.passport.net, SYN, SYN-ACK, ACK laptop pushes seq 425 login.passport.net pushes seq 424, ACKs the 425 login.passport.net pushes seq 438 login.passport.net sends FIN laptop ACKs the 438 laptop ACKs the 439 (the FIN) laptop sends FIN laptop looks up login.passport.com laptop opens a connection (#2) to login.passport.com, SYN, SYN-ACK, ACK login.passport.net (connection #1) ACKs the laptop's FIN laptop pushes seq 489 (INCLUDES get for /login.srf?lc=...") login.passport.com pushes seq 366, ACKs the 489 login.passport.com pushes seq 1278 login.passport.com sends FIN laptop ACKs the 1278 laptop ACKs the 1279 (the FIN) laptop sends FIN laptop opens a connection (#3) to login.passport.net, SYN, SYN-ACK, ACK login.passport.com (connection #2) ACKs the laptop's FIN laptop pushes seq 788 (INCLUDES redirector /uilogin.srf?id=...") login.passport.net pushes seq 284, ACKs the 788 laptop ACKs the 284 --- Pause of 11 seconds laptop sends a 77 byte UDP packet to port 3544 of baym-td1.msgr.hotmail.com A 109 byte response from baum-td1.msgr.hotmail.com is delivered --- Pause of 33 seconds laptop sends a 77 byte UDP packet to port 3544 of baym-td1.msgr.hotmail.com A 109 byte response from baum-td1.msgr.hotmail.com is delivered --- Pause of 3 seconds login.passport.net sends a RST to connection #3, sequence number 4664, with ACK on 788 Total end-to-end time, 48 seconds. The UDP packets appear to be periodic on the network, I don't think they're part of the passport login sequence. So, the sequence number on that RST packet shows that we lost almost 4 kilobytes of TCP data somewhere out in the world. It didn't bounce off the firewall, that data never arrived back at the NAT box. The successful authentication from Linux involves no UDP packets (naturally), and no mysteriously vanished data. I thought it might be some bad proxying setup, that some packets are trying to go through the Taiwanese ISP, but the proxying settings appear all to be blank, and proxying should hurt all sites equally, not just those controlled by Microsoft. It doesn't appear to be a fragmentation issue, I have seen an oversized packet go through the network, saw the NAT box send back the ICMP must-fragment error, and saw the laptop then reissue the data in smaller packets. My best theory right now, based on the never-delivered packets, is that something in the TCP data exchanged is telling the passport server on the third connection to route packets back to the NAT-ted IP number through a specific Taiwanese ISP gateway machine, and the ISP is discarding those packets because they don't live on its network. No data is being sent from the laptop to any other Intenet hosts during this interval, so it is not establishing any sort of tunneling proxy with a remote ISP. If somebody can offer me some suggestions, I would really appreciate it, I've searched through a pile of microsoft.com help pages without seeing anything which appears to explain or fix this problem. If you can suggest menus to view in the configuration, please mention the alphabetic shortcut key which invokes the button (the letter between parentheses), since all of the buttons are labelled in Chinese characters and the translation might not be exact, but I assume the shortcut keys are consistent across locales. -- Christopher Neufeld Home page: http://www.cneufeld.ca/neufeld "Don't edit reality for the sake of simplicity" |
Ads |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Run command not working right | Chuck Humphrey | General XP issues or comments | 9 | November 19th 04 09:35 AM |
many in one (questions) | Noname | Windows XP Help and Support | 3 | October 4th 04 04:08 AM |
Computer running a little slow | Linda | New Users to Windows XP | 5 | September 22nd 04 09:05 PM |
Runner Error/Windows XP | Mac Man | New Users to Windows XP | 8 | September 6th 04 03:43 PM |
Burning DVD Stop Error | Neil | Hardware and Windows XP | 0 | July 27th 04 09:56 PM |