I've seen similar problems...not with relayd, but it still may apply. I had
a server that was behind a Linksys router on a DSL connection, being
accessed by a remote user . The window size (iirc) at the remote user was
lower then usual, and the DSL provider was blocking the ICMP messages to
alter the window size. We had to lower a setting in Windows at the server
side to "fix" this.
Something similar could be happening here....when going through relayd, it
could be sending packets that are too large, and something is getting
dropped. A packet capture at both ends could help reveal this.
Just an idea.
--Brian
On Fri, Apr 3, 2009 at 1:47 PM, Gary Thornock <gthorn...@yahoo.com> wrote:
> My company has a web application running on a set of web servers
> that we're load balancing with relayd.
>
> We've recently learned of a problem where end users who have:
> - Comcast cable internet connections,
> - Linksys cable routers provided by Comcast, and
> - the Linksys router's "firewall protection" setting enabled (as
> it is by default)
> can't access our load balanced servers. We've watched the
> traffic, and it appears that our response packets are being
> dropped by the Linksys router. To confirm this further, if
> the Linksys "firewall protection" setting is disabled, then
> everything works fine.
>
> To further complicate matters, the users *can* access any single
> one of the web servers just fine. It's only when they try to use
> the relayd load balanced IP address that things break.
>
> More details, in case any of them help:
>
> relayd is running on a pair of stock Dell R200 machines, along
> with pf and carp. The installed OpenBSD version is 4.4 i386,
> running the generic kernel.
>
> relayd.conf looks like this:
>
> -----------------------------------------------------------------
>
> wsrv1=192.168.2.20
> wsrv2=192.168.2.21
> wsrv3=192.168.2.22
>
> interval 5
> timeout 200
>
> table <wwwhosts> { $wsrv1 $wsrv2 $wsrv3 }
>
> redirect "wsrv" {
> listen on a.b.c.d port 80
> tag RELAYD
> sticky-address
> forward to <wwwhosts> port 80 mode roundrobin check http "/robots.txt"
> code 200
> }
>
> redirect "wsrv-https" {
> listen on a.b.c.d port 443
> tag RELAYD
> sticky-address
> forward to <wwwhosts> port 443 mode roundrobin check https "/robots.txt"
> code 200
> }
>
> -----------------------------------------------------------------
>
> We're not completely certain that relayd is causing the issue,
> but we've eliminated everything else we can think of (except of
> course the Linksys firewall, but we can't very well tell every
> single possible end user in the world who might have a Linksys
> cable router to turn off its firewall setting.) If there's
> something obvious that we're doing wrong with the configuration,
> we'd love to know about it.
>
> Thanks!
>
>
--
_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_
Brian McCann
"I don't have to take this abuse from you -- I've got hundreds of
people waiting to abuse me."
-- Bill Murray, "Ghostbusters"
