nour salameh May 18, 2026 · 5:21 PM

some sites wont load on our new fiber connection but ping works fine???

so we switched ISPs last week, moved from DSL to a fiber connection. everything seemed fine for the first couple days but now users are complaining that certain websites just refuse to load. stuff like youtube, google maps, a couple banking sites. but lighter pages like google.com or our internal apps open instantly with no issues. weirdest part is ping works to literally everything. ping 8.8.8.8, ping 1.1.1.1, traceroute completes fine, no packet loss anywhere. tried on different machines on the same subnet and same problem across all of them. but the other subnets in the office that still go through the old DSL backup link work perfectly on the same sites. also noticed that sometimes the top part of a page starts rendering and then it just freezes mid-load. refreshing doesnt help, clearing cache doesnt help. been staring at this for like 2 hours and i genuinely have no idea what direction to even look. any ideas?

4 Comments

khaled almansour May 18, 2026 · 5:39 PM

pretty sure this is an MTU issue. when you switched ISPs the new fiber link probably has a different MTU, and if its PPPoE it drops to 1492 instead of 1500. your old DSL line most likely had MSS clamping set up either on your router or by the ISP automatically, and now you dont have that on the new interface. reason ping works is because ICMP packets are tiny. but when TCP tries to send a full-size segment for a webpage, if the packet is too big the next hop drops it and sends back an ICMP "fragmentation needed" message. if anything is blocking those ICMP messages your machine never gets told to reduce its packet size and the connection just stalls. quickest way to confirm - run this: ping -M do -s 1400 8.8.8.8 if that fails or gives you a fragmentation error you found your problem. from there you either lower the MTU on your WAN interface or add MSS clamping on the router. the clamping approach is usually easier and less disruptive.

sara alotaibi May 18, 2026 · 5:55 PM

yep MTU black hole, classic symptom. the partial page loading is kind of a giveaway too, first chunk comes through fine then it stalls waiting for a segment that never arrives. if youre on cisco the fix on your WAN interface is: ip tcp adjust-mss 1452 try 1452 first, if still broken drop it to 1400. you can also check if ICMP type 3 code 4 is getting blocked somewhere in your firewall rules — thats the "fragmentation needed" message and a lot of people accidentally block it with an overly broad "block all ICMP" rule which makes this way worse. wireshark on the client side makes this super obvious btw. youll see the TCP window fill up and then nothing, no RST, no FIN, just silence.

tariq barakat May 18, 2026 · 6:12 PM

had the exact same thing when we moved to a new datacenter earlier this year. half a day wasted before someone suggested MTU. sara's point about the broad ICMP block rule caught us too, we had a "deny icmp any any" somewhere in the chain that we forgot about lol. once you fix it, worth going back and explicitly allowing ICMP type 3 even if you block the rest.

nour salameh May 18, 2026 · 6:31 PM

ok so khaled was right, ran the big ping test and it failed immediately. checked the router config and sure enough the previous guy had MSS clamping configured on the DSL interface but never touched the fiber one. added ip tcp adjust-mss 1452 on the WAN interface and everything came back within seconds. youtube, maps, the banking sites, all working. sara the ICMP thing was also a problem on our end, found an old deny rule blocking type 3. so it was kind of a double issue which is probably why it seemed so broken. thanks all, marked solved