Read This If You Can't Access Some Websites From Ubuntu Gutsy Gibbon

Once I fixed my wireless connection problem with Ubuntu Gutsy Gibbon I had to figure out why one website was not loading: Campaign Monitor.

I found a few articles mentioning the IPv6 problems with Ubuntu Gutsy Gibbon, tried the suggested fixes but still had the problem. The IPv6 issue causes slow connections, but there's a connection at the end, I couldn't even connect, my browser was timing out.

It wasn't a problem related to DNS resolution either, I was already using OpenDNS.

After a huge headache and lots of sweating I found bug 59331: a change in kernel 2.6.17 (Gutsy runs 2.6.22-14) caused many websites to stop loading.

One user reported one website not loading and giving the same error I had with Campaign Monitor, the site was Ohio State University.

If you've read till here and you can't load either site, Campaign Monitor and Ohio State University, I'm almost sure you have the same problem I had, keep reading for the solution.

You need to disable tcp_window_scaling following these steps:

  • sudo vi /etc/sysctl.conf
  • Add the line: net.ipv4.tcp_window_scaling = 0
  • sudo sysctl -p

Update: It seems that disabling window_scaling is too drastic, instead you can add these lines to sysctl.conf:

net.ipv4.tcp_wmem = 4096 16384 131072
net.ipv4.tcp_rmem = 4096 87380 174760

And then run sudo sysctl -p to activate the change.

After the change I could access Ohio State University and thought my problem with Campaign Monitor should be fixed too, I was wrong. In my laptop I was able to access Campaign Monitor site but not their members and API site, which runs at a subdomain, and my desktop couldn't even see their home page.

I needed to read a comment by Michael Doube, in the discussion of bug 59331, to get the definitive fix:

An alternative solution is to install Firestarter, which I think works by using this iptables line: sudo iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -clamp-mss-to-pmtu

So I did that, installed Firestarter:

sudo apt-get install firestarter

Then I opened Firestarter from Applications > Internet, followed the instructions to enable the firewall and got the change in TCP.

Neat! Campaign Monitor's site is loading now and I can continue with my job. Not bad for almost 8 hours lost in this damn thing.

I hope Canonical releases a bugfix soon, there are many users, and I guess many websites too, having this problem.

Some additional data: It seems the problem is not an Ubuntu problem after all, but something related to some routers not conrrectly working when used with some Linux kernels, anyway, Ubuntu and other distributions should find a workaround while routers manufacturer fix their hardware or release updated firmware.