On Tue, 2010-02-09 at 17:04 -0500, Andrey Gordon wrote: > Thx to all the folks replying off the list. > > The more I trouble shoot the more I'm convinced that it's not the sites that > are doing rate-limiting. I went to a website of one of my previous employers > (a small company). Chances of them having a fancy reverse proxy with some > sort of black list filtering are slim to none, yet their site barely opens > up as well. > > Must be something that either my firewall device is doing (which is what is > doing the NATting) or I don't' know what else. I'm working with my firewall > guy since f/w is his domain and I have no clue about that vendor of the > firewalls (PaloAlto). > > Thanks all for the suggestions. I'll keep digging. >
A few months ago I was involved in a hard-to-troubleshoot intermittent problems similar to yours. I finally diagnosed a faulty or overloaded state table somewhere in one of the cheap plastic routers they were using. All problems ended when I replaced the cheap plastic stuff with a x86 hardware running pf or iptables, I forget exactly which (irrelevant). Could it be that you have some arp-poisoning going on? That was my first thought in the above situation, but Wireshark showed otherwise. The clue to the state tables - it was mainly SSL/TLS that was getting expired/dropped. Gord
