--- On Sun, 11/14/10, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> From: Amos Jeffries <squid3_at_treenet.co.nz>
> Subject: Re: [squid-users] Problems with hotmail and facebook - rev
> To: squid-users_at_squid-cache.org
> Date: Sunday, November 14, 2010, 10:19 PM
> On Sun, 14 Nov 2010 18:38:06 -0800
> (PST), Landy Landy
> <landysaccount_at_yahoo.com>
> wrote:
> > --- On Sun, 11/14/10, Amos Jeffries <squid3_at_treenet.co.nz>
> wrote:
> >
> >> From: Amos Jeffries <squid3_at_treenet.co.nz>
> >> Subject: Re: [squid-users] Problems with hotmail
> and facebook
> >> To: "Landy Landy" <landysaccount_at_yahoo.com>
> >> Cc: squid-users_at_squid-cache.org
> >> Date: Sunday, November 14, 2010, 8:27 PM
> >> On Sun, 14 Nov 2010 17:04:10 -0800
> >> (PST), Landy Landy
> >> <landysaccount_at_yahoo.com>
> >> wrote:
> >> > --- On Sun, 11/14/10, Amos Jeffries <squid3_at_treenet.co.nz>
> >> wrote:
> >> >
> >> >> From: Amos Jeffries <squid3_at_treenet.co.nz>
> >> >> Subject: Re: [squid-users] Problems with
> hotmail
> >> and facebook
> >> >> To: "Landy Landy" <landysaccount_at_yahoo.com>
> >> >> Cc: squid-users_at_squid-cache.org
> >> >> Date: Sunday, November 14, 2010, 7:42 PM
> >> >> On Sun, 14 Nov 2010 16:19:41 -0800
> >> >> (PST), Landy Landy
> >> >> <landysaccount_at_yahoo.com>
> >> >> wrote:
> >> >> > Someone suggested to disable pmtu on
> squid
> >> and on the
> >> >> linux gw.
> >> >> >
> >> >> > I was able to disable it on linux:
> >> >> >
> >> >> > echo 1 >�
> >> /proc/sys/net/ipv4/ip_no_pmtu_disc
> >> >> >
> >> >> > That hasn't change anything.
> >> >> >
> >> >> > Now, do I really need to disable it
> on squid
> >> in order
> >> >> to work? I read
> >> >> this:
> >> >> >
> >> >> > disable-pmtu-discovery=
> >> >> > Control Path-MTU discovery usage:
> >> >> > off lets OS decide on what to do
> (default).
> >> >> > transparent disable PMTU discovery
> when
> >> transparent
> >> >> support is enabled.
> >> >> > always disable always PMTU
> discovery.
> >> >> >
> >> >> > In many setups of transparently
> intercepting
> >> proxies
> >> >> Path-MTU
> >> >> > discovery can not work on traffic
> towards the
> >> clients.
> >> >> This is
> >> >> > the case when the intercepting
> device does
> >> not fully
> >> >> track
> >> >> > connections and fails to forward
> ICMP must
> >> fragment
> >> >> messages
> >> >> > to the cache server. If you have
> such setup
> >> and
> >> >> experience that
> >> >> > certain clients sporadically hang or
> never
> >> complete
> >> >> requests set
> >> >> > disable-pmtu-discovery option to
> >> 'transparent'.
> >> >> >
> >> >> > but, that option is "unrecognized"
> by squid.
> >> Is it
> >> >> really necessary to
> >> >> > disable it on squid? If so, how?
> >> >>
> >> >> Strange. That option is accepted in all
> 3.0 and
> >> later
> >> >> releases.
> >> >> � http_port ...
> disable-pmtu-discovery=off
> >> >>
> >> >> Being the default it should not need to
> be set.
> >> But wont
> >> >> hurt for
> >> >> debugging.
> >> >>
> >> >>
> >> > Amos.
> >> >
> >> > I've tried with both 3.0.24 and 3.1.9:
> >> >
> >> > 2010/11/14 20:57:24| cache_cf.cc(363)
> >> parseOneConfigFile: squid.conf:406
> >> > unrecognized: 'disable-pmtu-discovery=off'
> >> > optimum-router:/home/landysaccount#
> >> /usr/local/squid3/sbin/squid
> >> >
> >> > 2010/11/14 20:58:30| cache_cf.cc(363)
> >> parseOneConfigFile: squid.conf:406
> >> > unrecognized: 'disable_pmtu_discovery=off'
> >> >
> >> >
> >> > 2010/11/14 21:00:38| cache_cf.cc(363)
> >> parseOneConfigFile: squid.conf:406
> >> > unrecognized: 'disable-pmtu-discovery'
> >> >
> >>
> >> Ah, it is a flag on http_port lines. Not a line by
> itself.
> >> I don't think its related to the problem though.
> The
> >> details so far given
> >> have been that the reply is broken and not being
> processed
> >> well. PMTU
> >> breakage leads to a "zero sized reply" error.
> >>
> >> > I'm going crazy with this hotmail problem
> can't get it
> >> working again. I
> >> > had to disable squid and just forward all
> traffic,
> >> even though it works,
> >> I
> >> > need squid running in the middle.
> >> >
> >> > What do you suggest???
> >> >
> >>
> >> Can you grab a tcpdump of one of these failing
> replies
> >> please?
> >>
> >> Amos
> >>
> > Amos.
> >
> > I ran two tcpdump and they are at:
> >
> > www.optimumrd.com/dumpresult1
> > and
> > www.optimumrd.com/dumpresult2
> > also my squid.conf is at:
> > www.optimumrd.com/squid.conf
>
> I'm getting deja vu looking at that trace. Did you send me
> one earlier?
>
> >
> > When I access hotmail.com the logon screen comes up.
> Next, I input my
> > credentials and it gets submited and thats when it
> hangs on "Waiting for
> > mail.live.com" and get this:
> >
> > ERROR
> >
> > El URL solicitado no se ha podido conseguir
> >
> > Mientras se intentaba traer el URL: http://mail.live.com/default.aspx?
> >
> > Ha ocurrido el siguiente problema:
> >
> > Error de lectura
> > El sistema ha devuelto el siguiente mensaje:
> >
> >� ���(104) Connection reset by
> peer
> > Ha ocurrido alg�n problema mientras se le�an datos
> de la red. Por favor,
> > int�ntelo de nuevo.
>
> This is a different error to the one earlier. The hotmail
> server(s) are
> blocking/rejecting your access.
>
> I think this particular one is due to their HTTPS
> authentication checking
> IPs. The workaround to that is tproxy or not proxying for
> hotmail.
>
> Amos
>
Has hotmail.com/live.com changed their authentication checking? Does anyone knows anything about that since things were working fine for a while. Could they be blocking my ip, don't think so, I reboot my modems to check and the problem still persists. Don't know what to do, everyday that passes by I get more and more calls which = a lot of frustration.
Received on Mon Nov 15 2010 - 13:41:57 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 15 2010 - 12:00:02 MST