Quoting "Julien Goodwin" <jgoodwin@studio442.com.au>
On 25/11/13 17:45, Petros wrote:
Hi,
I have a new ADSL connection for our office, and a new firewall behind it.
I pointed a proxy server (squid) to it, and.. it works most of the time.
Just a few websites don't seem to like it. E.g.:
1385361294.211 18410 192.168.50.199 TCP_MISS/502 1217 GET http://www.zeit.de/index - DIRECT/217.13.68.220 text/html
There are a few sites that don't work, most of the time it is a 502, occasionally a 504.
I suspected the new firewall but cannot see any related packets dropped (and logged) there.
Check that you haven't disabled the "forwarded for" setting in squid.
Thanks, I will keep that in mind. However, the same config works on the ADSL line in production. I stripped back the whole network just to have my own PC directly on it. MTU to 1492, 100MBit/s full duplex to the NetComm NB9WAXXTLAN modem, no proxy or so - still the problem exists. Weird that only some worksites don't work.. it's a bit how a friend living over in China describes it - randomly some stuff is blocked. I hope we are not there yet.. Well, at the end I lodged a fault at the ISP. Will see what comes out of it. Sadly I did not catch the problem last weekend when installing. It frustrated people Monday morning so I moved back to the old line. Thanks again Peter
On 26 November 2013 11:10, Petros <Petros.Listig@fdrive.com.au> wrote:
Well, at the end I lodged a fault at the ISP. Will see what comes out of it.
Do they have a transparent proxy? If so, their proxy might be returning the 502/504 errors, not you. Normally a proxy error should include HTML content that includes extra details, e.g. the server that generated the error. Some browsers (e.g. IE) won't display this by default, however this information could be really useful too. -- Brian May <brian@microcomaustralia.com.au>
On 26/11/2013 11:10 AM, Petros wrote:
Weird that only some worksites don't work.. it's a bit how a friend living over in China describes it - randomly some stuff is blocked. I hope we are not there yet..
Yes, well, I had an issue with getting to the Billion website in AU ... the ISP claimed no block, Billion claimed no block -- I got a temporary extra block of IPs to test and another IP was fine from the same ISP, but they never did find out what was blocking my normal IP, not the ISP, nor Billion. In the end I just routed the connection via another service, but most people don't have multiple services to /choose/ from. MTU can be an issue, maybe 1492 is too high for those sites. Try pinging with different byte counts and see if you can get through with lesser values, then adjust the MTU down accordingly if it helps. It would be /good/ if ping was a reliable testing tool, it is normally, but some people think that blocking ping makes them invisible on the net ... or their equipment supplier has that as the default. Cheers A.
participants (3)
-
Andrew McGlashan -
Brian May -
Petros