Re: [squid-users] Problems with hotmail and facebook - rev

On Sun, 14 Nov 2010 18:38:06 -0800 (PST), Landy Landy
<landysaccount_at_yahoo.com> wrote:
> --- On Sun, 11/14/10, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>> Subject: Re: [squid-users] Problems with hotmail and facebook
>> To: "Landy Landy" <landysaccount_at_yahoo.com>
>> Cc: squid-users_at_squid-cache.org
>> Date: Sunday, November 14, 2010, 8:27 PM
>> On Sun, 14 Nov 2010 17:04:10 -0800
>> (PST), Landy Landy
>> <landysaccount_at_yahoo.com>
>> wrote:
>> > --- On Sun, 11/14/10, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>> >
>> >> From: Amos Jeffries <squid3_at_treenet.co.nz>
>> >> Subject: Re: [squid-users] Problems with hotmail
>> and facebook
>> >> To: "Landy Landy" <landysaccount_at_yahoo.com>
>> >> Cc: squid-users_at_squid-cache.org
>> >> Date: Sunday, November 14, 2010, 7:42 PM
>> >> On Sun, 14 Nov 2010 16:19:41 -0800
>> >> (PST), Landy Landy
>> >> <landysaccount_at_yahoo.com>
>> >> wrote:
>> >> > Someone suggested to disable pmtu on squid
>> and on the
>> >> linux gw.
>> >> >
>> >> > I was able to disable it on linux:
>> >> >
>> >> > echo 1 > 
>> /proc/sys/net/ipv4/ip_no_pmtu_disc
>> >> >
>> >> > That hasn't change anything.
>> >> >
>> >> > Now, do I really need to disable it on squid
>> in order
>> >> to work? I read
>> >> this:
>> >> >
>> >> > disable-pmtu-discovery=
>> >> > Control Path-MTU discovery usage:
>> >> > off lets OS decide on what to do (default).
>> >> > transparent disable PMTU discovery when
>> transparent
>> >> support is enabled.
>> >> > always disable always PMTU discovery.
>> >> >
>> >> > In many setups of transparently intercepting
>> proxies
>> >> Path-MTU
>> >> > discovery can not work on traffic towards the
>> clients.
>> >> This is
>> >> > the case when the intercepting device does
>> not fully
>> >> track
>> >> > connections and fails to forward ICMP must
>> fragment
>> >> messages
>> >> > to the cache server. If you have such setup
>> and
>> >> experience that
>> >> > certain clients sporadically hang or never
>> complete
>> >> requests set
>> >> > disable-pmtu-discovery option to
>> 'transparent'.
>> >> >
>> >> > but, that option is "unrecognized" by squid.
>> Is it
>> >> really necessary to
>> >> > disable it on squid? If so, how?
>> >>
>> >> Strange. That option is accepted in all 3.0 and
>> later
>> >> releases.
>> >>   http_port ... disable-pmtu-discovery=off
>> >>
>> >> Being the default it should not need to be set.
>> But wont
>> >> hurt for
>> >> debugging.
>> >>
>> >>
>> > Amos.
>> >
>> > I've tried with both 3.0.24 and 3.1.9:
>> >
>> > 2010/11/14 20:57:24| cache_cf.cc(363)
>> parseOneConfigFile: squid.conf:406
>> > unrecognized: 'disable-pmtu-discovery=off'
>> > optimum-router:/home/landysaccount#
>> /usr/local/squid3/sbin/squid
>> >
>> > 2010/11/14 20:58:30| cache_cf.cc(363)
>> parseOneConfigFile: squid.conf:406
>> > unrecognized: 'disable_pmtu_discovery=off'
>> >
>> >
>> > 2010/11/14 21:00:38| cache_cf.cc(363)
>> parseOneConfigFile: squid.conf:406
>> > unrecognized: 'disable-pmtu-discovery'
>> >
>>
>> Ah, it is a flag on http_port lines. Not a line by itself.
>> I don't think its related to the problem though. The
>> details so far given
>> have been that the reply is broken and not being processed
>> well. PMTU
>> breakage leads to a "zero sized reply" error.
>>
>> > I'm going crazy with this hotmail problem can't get it
>> working again. I
>> > had to disable squid and just forward all traffic,
>> even though it works,
>> I
>> > need squid running in the middle.
>> >
>> > What do you suggest???
>> >
>>
>> Can you grab a tcpdump of one of these failing replies
>> please?
>>
>> Amos
>>
> Amos.
>
> I ran two tcpdump and they are at:
>
> www.optimumrd.com/dumpresult1
> and
> www.optimumrd.com/dumpresult2
> also my squid.conf is at:
> www.optimumrd.com/squid.conf

I'm getting deja vu looking at that trace. Did you send me one earlier?

>
> When I access hotmail.com the logon screen comes up. Next, I input my
> credentials and it gets submited and thats when it hangs on "Waiting for
> mail.live.com" and get this:
>
> ERROR
>
> El URL solicitado no se ha podido conseguir
>
> Mientras se intentaba traer el URL: http://mail.live.com/default.aspx?
>
> Ha ocurrido el siguiente problema:
>
> Error de lectura
> El sistema ha devuelto el siguiente mensaje:
>
> (104) Connection reset by peer
> Ha ocurrido algún problema mientras se leían datos de la red. Por favor,
> inténtelo de nuevo.

This is a different error to the one earlier. The hotmail server(s) are
blocking/rejecting your access.

I think this particular one is due to their HTTPS authentication checking
IPs. The workaround to that is tproxy or not proxying for hotmail.

Amos
Received on Mon Nov 15 2010 - 03:19:57 MST