Network connection problem

Sun Jul 11 20:37:18 UTC 2004

I'm having problems making TCP connections using fedora core 2. Basically the
connection fails the first time, but succeeds on the second try. Here's a 
typical
tcpdump output:

21:03:55.440626 IP 192.168.2.5.32770 > 158.152.1.58.domain:  24038+% [1au] 
AAAA? www.slashdot.org. (45)
21:03:55.634467 IP 158.152.1.58.domain > 192.168.2.5.32770:  24038 0/1/1 (104)
21:03:55.638763 IP 192.168.2.5.32770 > 158.152.1.58.domain:  55126+% [1au] A? 
www.slashdot.org. (45)
21:03:55.663188 IP 158.152.1.58.domain > 192.168.2.5.32770:  55126 1/0/1 A 
66.35.250.151 (61)
21:03:55.667139 IP 192.168.2.5.32770 > 158.152.1.58.domain:  27563+% [1au] 
PTR? 151.250.35.66.in-addr.arpa. (55)
21:03:55.693671 IP 158.152.1.58.domain > 192.168.2.5.32770:  27563 2/0/1 CNAME 
151.0/24.250.35.66.in-addr.arpa., PTR star.slashdot.org. (109)
21:03:55.695857 IP 192.168.2.5.32770 > 158.152.1.58.domain:  12851+% [1au] 
PTR? 151.0/24.250.35.66.in-addr.arpa. (60)
21:03:55.722429 IP 158.152.1.58.domain > 192.168.2.5.32770:  12851 1/0/1 PTR 
star.slashdot.org. (91)
21:04:00.439395 arp who-has 192.168.2.2 tell 192.168.2.5
21:04:00.439866 arp reply 192.168.2.2 is-at 02:60:8c:a9:c5:2b
21:04:38.863595 arp who-has 192.168.2.5 tell 192.168.2.2
21:04:38.863629 arp reply 192.168.2.5 is-at 00:a0:c9:44:70:f9
21:04:39.395528 IP 192.168.2.5.33034 > 66.35.250.151.http: S 
3814521770:3814521770(0) win 5840 <mss 1460,sackOK,timestamp 11851250 
0,nop,wscale 0>
21:04:39.569715 IP 66.35.250.151.http > 192.168.2.5.33034: S 
3763613294:3763613294(0) ack 3814521771 win 5792 <mss 1460,sackOK,timestamp 
47247504 11851250,nop,wscale 0>
21:04:39.569818 IP 192.168.2.5.33034 > 66.35.250.151.http: . ack 1 win 5840 
<nop,nop,timestamp 11851424 47247504>
21:04:39.570133 IP 192.168.2.5.33034 > 66.35.250.151.http: P 1:426(425) ack 1 
win 5840 <nop,nop,timestamp 11851425 47247504>
21:04:39.760805 IP 66.35.250.151.http > 192.168.2.5.33034: . ack 426 win 6432 
<nop,nop,timestamp 47247523 11851425>

In the above: 
192.168.2.5 is the Fedora Core 2 box where the problem lies,
158.152.1.58 is one of my ISP's nameservers
192.168.2.2 is the default router (a RH9 box)
66.35.250.151 is a machine at slashdot.

So ... first attempt at 21:03:55 does a DNS lookup for the site, but does not
attempt to connect. Then there is an exchange of arp packets (huh? how did
the dns request work if we didn't have the router's MAC address?). Then the
second attempt at 21:04:39 works, with no DNS lookup.

Attempting this with telnet produces an error message:
telnet: connect to address xxx.xxx.xxx.xxx: Resource temporarily unavailable
telnet: Unable to connect to remote host: Resource temporarily unavailable

This is with BIND running locally (and providing DNS service for a couple
of windows boxes on the internal LAN, which connect out with no problems).
The effect is similar if I bypass the local BIND by pointing resolv.conf
directly at 158.152.1.58.

I've tried enabling/disabling IPV6 and messed around with MTUs to no avail.

Questions:

1. Has anyone else seen this or is it just me? (someone told me it had
been seen before, but I haven't found anything in the archives of this
list or comp.os.linux.*)

2. Where should I look next?

Peter
-- 
	Peter Greenwood		peterg at reel.demon.co.uk
				01253 827304
				07802 666591
				http://www.reel.demon.co.uk