DGN1000 Firewall schedule interferes with some websites

[DavidUK567]

DGN1000 v1.1.00.41, several devices connect to the router. ISP is Plusnet.

Each device that connects to the router has a static IP assigned to it.
Each device has a firewall rule to either 'allow by schedule, otherwise block', or 'allow always'.
A schedule exists from 5am to 11pm.

2 PC's (both XP home, one wired, one wireless) that are 'allowed by schedule, otherwise block' cannot access certain websites. The browser tries to display the page but no content appears. Hotmail and Yahoo are consistent problems, while other sites can be browsed normally at the same time.

Deactivating the firewall rule and refreshing the browser page allows the problem website to be displayed normally.

Other devices that have 'allow always' rules do not suffer the same problem.

Anyone resolved this?

Thanks
David

[jmizoguchi]

Are you using block sites as well ?

[DavidUK567]

Quote:

Originally Posted by jmizoguchi

Are you using block sites as well ?

No. I noticed with a previous netgear router that blocking sites did not work if a schedule rule was set. There are a lot of bugs in the advanced functions of these routers.

[jmizoguchi]

If schedule work and rest of domain site works then I would contact support sat my.netgear.com

[DavidUK567]

@jmizoguchi

You seem to know a lot about this stuff.

This from netgear about MTU. I'm wondering if the firewall rule 'adds' data to the packet, therefore taking it over the max MTU? It would explain the issue. I'll report back in a couple of days when I can try dropping the MTU right down and testing.

[DavidUK567]

This from Netgear about MTU.

I wonder if the firewall rule modifies the data packet somehow, therefore taking it over the MTU?

I'll report back in a couple of days after I have tested.

[jmizoguchi]

DSL is common to be 1492

Usually range amount is 1400-1500
It is possible the MTU packet can cause some site issues. I had to deal with https site before

Test with lowering 10 at a time

[DavidUK567]

So finally a resolution. MTU seems to have been the issue, though I have not found an explanation why. Note, that this behaviour was found when I tested both netgear routers I have access to: DGN1000 and DG834Gv4, but not my old DG834Gv2.

To recap. If a schedule is in place to limit internet access to certain times (allow by schedule, otherwise block), PCs running WinXP or Ubuntu linux were unable to access certain websites at any time (Hotmail & Yahoo mail). Removing the schedule and refreshing the browser page with no other action being taken allowed the website to load.

Solution:
Set router MTU to 1458 as recommended by plusnet if there are issues.
Set MTU in linux (simple, but took a while to work out how to make the change permanent) to the same.
Set MTU in windows (the microsoft tool did not seem to work. Dr TCP did though) also to the same.

Subsequently the problem sites have loaded no problem with the schedule in place.

[jmizoguchi]

This is something you should contact support for bug at my.netgear.com