On Sun, 14 Nov 2010 18:38:06 -0800 (PST), Landy Landy <landysaccount@xxxxxxxxx> wrote: > --- On Sun, 11/14/10, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > >> From: Amos Jeffries <squid3@xxxxxxxxxxxxx> >> Subject: Re: Problems with hotmail and facebook >> To: "Landy Landy" <landysaccount@xxxxxxxxx> >> Cc: squid-users@xxxxxxxxxxxxxxx >> Date: Sunday, November 14, 2010, 8:27 PM >> On Sun, 14 Nov 2010 17:04:10 -0800 >> (PST), Landy Landy >> <landysaccount@xxxxxxxxx> >> wrote: >> > --- On Sun, 11/14/10, Amos Jeffries <squid3@xxxxxxxxxxxxx> >> wrote: >> > >> >> From: Amos Jeffries <squid3@xxxxxxxxxxxxx> >> >> Subject: Re: Problems with hotmail >> and facebook >> >> To: "Landy Landy" <landysaccount@xxxxxxxxx> >> >> Cc: squid-users@xxxxxxxxxxxxxxx >> >> Date: Sunday, November 14, 2010, 7:42 PM >> >> On Sun, 14 Nov 2010 16:19:41 -0800 >> >> (PST), Landy Landy >> >> <landysaccount@xxxxxxxxx> >> >> wrote: >> >> > Someone suggested to disable pmtu on squid >> and on the >> >> linux gw. >> >> > >> >> > I was able to disable it on linux: >> >> > >> >> > echo 1 >Â >> /proc/sys/net/ipv4/ip_no_pmtu_disc >> >> > >> >> > That hasn't change anything. >> >> > >> >> > Now, do I really need to disable it on squid >> in order >> >> to work? I read >> >> this: >> >> > >> >> > disable-pmtu-discovery= >> >> > Control Path-MTU discovery usage: >> >> > off lets OS decide on what to do (default). >> >> > transparent disable PMTU discovery when >> transparent >> >> support is enabled. >> >> > always disable always PMTU discovery. >> >> > >> >> > In many setups of transparently intercepting >> proxies >> >> Path-MTU >> >> > discovery can not work on traffic towards the >> clients. >> >> This is >> >> > the case when the intercepting device does >> not fully >> >> track >> >> > connections and fails to forward ICMP must >> fragment >> >> messages >> >> > to the cache server. If you have such setup >> and >> >> experience that >> >> > certain clients sporadically hang or never >> complete >> >> requests set >> >> > disable-pmtu-discovery option to >> 'transparent'. >> >> > >> >> > but, that option is "unrecognized" by squid. >> Is it >> >> really necessary to >> >> > disable it on squid? If so, how? >> >> >> >> Strange. That option is accepted in all 3.0 and >> later >> >> releases. >> >> Â http_port ... disable-pmtu-discovery=off >> >> >> >> Being the default it should not need to be set. >> But wont >> >> hurt for >> >> debugging. >> >> >> >> >> > Amos. >> > >> > I've tried with both 3.0.24 and 3.1.9: >> > >> > 2010/11/14 20:57:24| cache_cf.cc(363) >> parseOneConfigFile: squid.conf:406 >> > unrecognized: 'disable-pmtu-discovery=off' >> > optimum-router:/home/landysaccount# >> /usr/local/squid3/sbin/squid >> > >> > 2010/11/14 20:58:30| cache_cf.cc(363) >> parseOneConfigFile: squid.conf:406 >> > unrecognized: 'disable_pmtu_discovery=off' >> > >> > >> > 2010/11/14 21:00:38| cache_cf.cc(363) >> parseOneConfigFile: squid.conf:406 >> > unrecognized: 'disable-pmtu-discovery' >> > >> >> Ah, it is a flag on http_port lines. Not a line by itself. >> I don't think its related to the problem though. The >> details so far given >> have been that the reply is broken and not being processed >> well. PMTU >> breakage leads to a "zero sized reply" error. >> >> > I'm going crazy with this hotmail problem can't get it >> working again. I >> > had to disable squid and just forward all traffic, >> even though it works, >> I >> > need squid running in the middle. >> > >> > What do you suggest??? >> > >> >> Can you grab a tcpdump of one of these failing replies >> please? >> >> Amos >> > Amos. > > I ran two tcpdump and they are at: > > www.optimumrd.com/dumpresult1 > and > www.optimumrd.com/dumpresult2 > also my squid.conf is at: > www.optimumrd.com/squid.conf I'm getting deja vu looking at that trace. Did you send me one earlier? > > When I access hotmail.com the logon screen comes up. Next, I input my > credentials and it gets submited and thats when it hangs on "Waiting for > mail.live.com" and get this: > > ERROR > > El URL solicitado no se ha podido conseguir > > Mientras se intentaba traer el URL: http://mail.live.com/default.aspx? > > Ha ocurrido el siguiente problema: > > Error de lectura > El sistema ha devuelto el siguiente mensaje: > > (104) Connection reset by peer > Ha ocurrido algÃn problema mientras se leÃan datos de la red. Por favor, > intÃntelo de nuevo. This is a different error to the one earlier. The hotmail server(s) are blocking/rejecting your access. I think this particular one is due to their HTTPS authentication checking IPs. The workaround to that is tproxy or not proxying for hotmail. Amos
