A computer components & hardware forum. HardwareBanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » HardwareBanter forum » Motherboards » Asus Motherboards
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Strange web access problem



 
 
Thread Tools Display Modes
  #1  
Old December 3rd 04, 07:07 PM
Chris
external usenet poster
 
Posts: n/a
Default Strange web access problem

Hi there,

I am seeing a strange problem with my system:

Asus K8NE deluxe
Windows XP home and Windows XP 64, xp firewall disabled
Mozilla 1.7 / Firefox / IE

With the Nvidia motherboard firewall enabled (even on low setting), I
get the error message "operation timed out when attempting to
contact..." with certain websites, eg:

www.tesco.com
www.dabs.com
www.insight.com

If I turn the Nvidia firewall off, I can access the websites no problem.
I assume I need to create a rule in the firewall to allow something
through, but am not sure what? There are no entries in the firewall log,
but the information tab shows that some outgoing packets are being blocked.

All I can think to do is install ethereal and try and spot which packets
are getting stopped.

Can anyone suggest an easier option (other than turning off the firewall ?)

Cheers,

Chris.


--
cut along the dotted line to reply
  #2  
Old December 3rd 04, 11:14 PM
Paul
external usenet poster
 
Posts: n/a
Default

In article , Chris
wrote:

Hi there,

I am seeing a strange problem with my system:

Asus K8NE deluxe
Windows XP home and Windows XP 64, xp firewall disabled
Mozilla 1.7 / Firefox / IE

With the Nvidia motherboard firewall enabled (even on low setting), I
get the error message "operation timed out when attempting to
contact..." with certain websites, eg:

www.tesco.com
www.dabs.com
www.insight.com

If I turn the Nvidia firewall off, I can access the websites no problem.
I assume I need to create a rule in the firewall to allow something
through, but am not sure what? There are no entries in the firewall log,
but the information tab shows that some outgoing packets are being blocked.

All I can think to do is install ethereal and try and spot which packets
are getting stopped.

Can anyone suggest an easier option (other than turning off the firewall ?)

Cheers,

Chris.


Port number assignments are listed he
http://www.iana.org/assignments/port-numbers

Port 80 is used to http and port 443 is used for https.

Probably better to use an interface to the firewall, that
filters based on application type, as all the ports for
secure or non-secure browser operation could be opened
with one operation in the interface.

There might be a web page somewhere, that groups the port
numbers by application.

This page hints at the nature of the problem. Any URL that
uses an explicitly set port like 8000 or 8080, is going to
be stopped by your firewall. In the old days, people using
custom port numbers for web servers was common, but that
of course, makes programming a firewall an unscalable task.

http://www.firetower.com/faqs/proxie...rts-other.html

Is there an interface in the Nvidia software, to make setting
up the firewall, as a function of application type ? Like
selecting "browser" turns on 80 and 443 ?

Paul
  #3  
Old December 4th 04, 02:24 PM
Chris
external usenet poster
 
Posts: n/a
Default

Paul wrote:

Port number assignments are listed he
http://www.iana.org/assignments/port-numbers

Port 80 is used to http and port 443 is used for https.

Probably better to use an interface to the firewall, that
filters based on application type, as all the ports for
secure or non-secure browser operation could be opened
with one operation in the interface.

There might be a web page somewhere, that groups the port
numbers by application.

This page hints at the nature of the problem. Any URL that
uses an explicitly set port like 8000 or 8080, is going to
be stopped by your firewall. In the old days, people using
custom port numbers for web servers was common, but that
of course, makes programming a firewall an unscalable task.

http://www.firetower.com/faqs/proxie...rts-other.html

Is there an interface in the Nvidia software, to make setting
up the firewall, as a function of application type ? Like
selecting "browser" turns on 80 and 443 ?

Paul


Hi Paul,

Thanks for the response. There are wizards to setup different access (eg
web browser) but using them hasn't helped. The puzzle is that I have
only come across 3 maybe 4 websites that I can't access in the 3+ months
I have had this motherboard - everything else (non secure, secure,
plugins etc) has worked fine.

I have run ethereal with firewall on and firewall off and can't really
spot any difference (except for the fact that I can access the problem
websites when it is off) - the only thing is some packet checksum errors
which I guess might cause the packet to be blocked?

Cheers,

Chris

--
cut along the dotted line to reply
  #4  
Old December 5th 04, 04:04 PM
Paul
external usenet poster
 
Posts: n/a
Default

In article , Chris
wrote:

Paul wrote:

Port number assignments are listed he
http://www.iana.org/assignments/port-numbers

Port 80 is used to http and port 443 is used for https.

Probably better to use an interface to the firewall, that
filters based on application type, as all the ports for
secure or non-secure browser operation could be opened
with one operation in the interface.

There might be a web page somewhere, that groups the port
numbers by application.

This page hints at the nature of the problem. Any URL that
uses an explicitly set port like 8000 or 8080, is going to
be stopped by your firewall. In the old days, people using
custom port numbers for web servers was common, but that
of course, makes programming a firewall an unscalable task.

http://www.firetower.com/faqs/proxie...rts-other.html

Is there an interface in the Nvidia software, to make setting
up the firewall, as a function of application type ? Like
selecting "browser" turns on 80 and 443 ?

Paul


Hi Paul,

Thanks for the response. There are wizards to setup different access (eg
web browser) but using them hasn't helped. The puzzle is that I have
only come across 3 maybe 4 websites that I can't access in the 3+ months
I have had this motherboard - everything else (non secure, secure,
plugins etc) has worked fine.

I have run ethereal with firewall on and firewall off and can't really
spot any difference (except for the fact that I can access the problem
websites when it is off) - the only thing is some packet checksum errors
which I guess might cause the packet to be blocked?

Cheers,

Chris


Have you been fiddling with MTU ? Maybe your problem is related to
packet length and the "don't fragment" bit. MTU problems can
results from packets passing through network devices that
encapsulate them (like PPPOE), as the extra header counts as
part of the maximum packet size, so the real payloads have to
be smaller than normal.

I had a problem once, where suddenly my email wouldn't work if
I had an attachment on outgoing email. A short email would get
through, but a large one wouldn't. I phoned tech support at my
ISP, and they were all "oh, sir, it is your crappy misadjusted
equipment causing the problem", when in fact, they had been
changing the email server, and I had to set the MTU on my email
computer, to work with their email server, even though every other
site I connected to worked fine.

The email server was apparently implementing what I believe is
called a "black hole". As I understand it (it has been a while
since I fixed this), normally a computer sends a packet, and
if the packet gets jammed somewhere along the way, the offender
sends something back, and then your node can fragment the packet
into pieces and try again. I think this may involve an ICMP
packet. Well, ICMP is also used for "ping", and ping is
used for buffer overflow attacks on Internet machines. So,
clever IT staff turn off ICMP on a machine (like my email
server), to stop that kind of thing. Everything would have
been fine, if the email server had a normal sized MTU, but
for some reason it didn't. When a too big packet goes to that
machine, no ICMP with the bad news comes back, and TCP in
my case at that point was deadlocked. I would have to kill
my email client to escape.

This thread gives some sample terminology:
http://groups.google.com/groups?thre...%40tkmsftngp04

Now, I tried sniffing to your sample sites, and I don't see
any weird port numbers. My sniffing tool doesn't have the
notion of CRC errors, and you would think my router would
drop an errored packet anyway. I also tried the ping -l
style test, and in fact, had trouble sooner with my own
ISP's web site, than I did with Dabs. So, I'm not convinced
there is a black hole problem here. (Right now, I can ping
two of them, and not the third.)

The three sites are commercial. Is that significant ?

I'm afraid I've run out of ideas. I don't know if your CRC
error observation is significant or not. I don't even
know if CRC is carried through the Internet (end to end
protection), or whether it is point to point. Since
TCP/IP is a reliable protocol, I would think it would be
acceptable for an interface somewhere along the path between
source and dest, for an errored packet to be dropped. I
don't think there is any benefit to carrying an errored
packet all the way to the final receiver. Does that mean
the errors you are detecting are in the final hop to your
computer ?

In your position, I would either play with the MTU or
the black hole detection in the Registry. In any case,
plenty of Googling ahead for you :-) Hope you can
reach Google :-)))

Perhaps someone in a networking newsgroup could help ?

Paul
  #5  
Old December 6th 04, 09:23 PM
Chris
external usenet poster
 
Posts: n/a
Default

Paul wrote:

In your position, I would either play with the MTU or
the black hole detection in the Registry. In any case,
plenty of Googling ahead for you :-) Hope you can
reach Google :-)))

Perhaps someone in a networking newsgroup could help ?

Paul


Hi Paul,

Thanks again for your help. MTU settings all seem to be at default. All
the problem websites have checksum erors (maybe just a coincidence) on
packets outgoing from my pc but I haven't seen a setting to prevent
these being blocked by the firewall (if they are being blocked).

Interestingly, one website that used to be a problem was
www.richersounds.com. The website has been redesigned, and now I can
access it.

Time to ask in one of the networking newsgroups (now that I have
hopefully established it's not something blindingly obvious).

Cheers,

Chris.

--
cut along the dotted line to reply
  #6  
Old December 8th 04, 03:41 AM
mmiserus@VERWIJDER_DITxs4all.nl.invalid
external usenet poster
 
Posts: n/a
Default

Hello,

On Fri, 03 Dec 2004 18:07:17 +0000, Chris
wrote:

Hi there,

I am seeing a strange problem with my system:

Asus K8NE deluxe
Windows XP home and Windows XP 64, xp firewall disabled
Mozilla 1.7 / Firefox / IE

With the Nvidia motherboard firewall enabled (even on low setting), I
get the error message "operation timed out when attempting to
contact..." with certain websites, eg:

www.tesco.com
www.dabs.com
www.insight.com

If I turn the Nvidia firewall off, I can access the websites no problem.
I assume I need to create a rule in the firewall to allow something
through, but am not sure what? There are no entries in the firewall log,
but the information tab shows that some outgoing packets are being blocked.

All I can think to do is install ethereal and try and spot which packets
are getting stopped.

Can anyone suggest an easier option (other than turning off the firewall ?)

Cheers,

Chris.


--

Does your Nvidia firewall include a popup killer?
It seems that some sites cannot be accessed with a popup killer in
function.
Does your firewall include a blacklist with forbidden sites?
Then take a look at that blacklist.

Max M.


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange sound problem on Win XP G Homebuilt PC's 3 July 26th 04 04:43 AM
Strange P4G8X Deluxe Problem Geoffrey DeWan Asus Motherboards 3 July 4th 04 08:33 PM
Strange FSB problem mark palmquist Overclocking AMD Processors 8 March 12th 04 02:29 PM
strange asus motherboard/graphics card problem Scott Asus Motherboards 5 January 8th 04 02:19 PM
Strange video problem: Random standby mode switching ttvp Homebuilt PC's 0 June 23rd 03 11:37 PM


All times are GMT +1. The time now is 02:12 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 HardwareBanter.
The comments are property of their posters.