Ok so I have two boards so I’ll set up the other board at home (the one that’s not working right now) so I’ll fire it up and test it out tomorrow morning or tonight if I ever get out of the bar.
:) No, I’m not drinking - working all day. Boo. On Mar 19, 2014, at 3:33 PM, Brian Candler <[email protected]> wrote: > On 19/03/2014 18:17, Ryan Coleman wrote: >> 95% of HTTP traffic does not pass. In fact if you load Yahoo.com it stalls >> when it hits a new hostname (s.yimg.com, for example, as part of their CDN). > A couple of things spring to mind. > > (1) MTU problem / PMTU discovery / blocked ICMP > > It could be that the remote host is trying to send you 1500-byte datagrams, > but some intervening host is blocking them and either not sending back ICMP > fragmentation-needed, or ICMP is being blocked. > > Difficult to prove without being able to tcpdump on the far end. If you > happen to have access to a remote web server (e.g. a free virtual machine in > EC2 with Apache installed) and can replicate the problem to that webserver, > and do a tcpdump at that side, and you see the same TCP packet being re-sent > repeatedly at increasing intervals - that would prove it. > > Another way to test it is to manually configure the browser machine with a > lower MTU, say 1400, and see if that makes the problem go away. > > However, this doesn't explain why mail and the like are unaffected. > > (2) Transparent web proxy inline > > Some upstream inline web proxy is present, intercepting your port 80 traffic, > but it is broken. This is relatively unusual these days. > > The way I would test: > > telnet news.bbc.co.uk 80 > GET / HTTP/1.0 > Host: www.google.com > <hit enter> > > If you get back the BBC response (which is a redirect to > http://www.bbc.co.uk/news/) then you probably don't have a cache inline. If > you get back the google response, then you have a transparent cache in the > way. > >> Restoring settings doesn’t resolve the issue under any circumstances, it >> requires a new image. > That is, if you re-image the board, and then restore the XML, it starts > working again?? Then I have no idea :-) > > Regards, > > Brian. > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
