On 19/03/2014 18:17, Ryan Coleman wrote:
95% of HTTP traffic does not pass. In fact if you load Yahoo.com it stalls when
it hits a new hostname (s.yimg.com, for example, as part of their CDN).
A couple of things spring to mind.
(1) MTU problem / PMTU discovery / blocked ICMP
It could be that the remote host is trying to send you 1500-byte
datagrams, but some intervening host is blocking them and either not
sending back ICMP fragmentation-needed, or ICMP is being blocked.
Difficult to prove without being able to tcpdump on the far end. If you
happen to have access to a remote web server (e.g. a free virtual
machine in EC2 with Apache installed) and can replicate the problem to
that webserver, and do a tcpdump at that side, and you see the same TCP
packet being re-sent repeatedly at increasing intervals - that would
prove it.
Another way to test it is to manually configure the browser machine with
a lower MTU, say 1400, and see if that makes the problem go away.
However, this doesn't explain why mail and the like are unaffected.
(2) Transparent web proxy inline
Some upstream inline web proxy is present, intercepting your port 80
traffic, but it is broken. This is relatively unusual these days.
The way I would test:
telnet news.bbc.co.uk 80
GET / HTTP/1.0
Host: www.google.com
<hit enter>
If you get back the BBC response (which is a redirect to
http://www.bbc.co.uk/news/) then you probably don't have a cache inline.
If you get back the google response, then you have a transparent cache
in the way.
Restoring settings doesn’t resolve the issue under any circumstances, it
requires a new image.
That is, if you re-image the board, and then restore the XML, it starts
working again?? Then I have no idea :-)
Regards,
Brian.
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
