--- On Sun, 11/14/10, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > Subject: Re: Problems with hotmail and facebook - rev > To: squid-users@xxxxxxxxxxxxxxx > Date: Sunday, November 14, 2010, 10:19 PM > On Sun, 14 Nov 2010 18:38:06 -0800 > (PST), Landy Landy > <landysaccount@xxxxxxxxx> > wrote: > > --- On Sun, 11/14/10, Amos Jeffries <squid3@xxxxxxxxxxxxx> > wrote: > > > >> From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > >> Subject: Re: Problems with hotmail > and facebook > >> To: "Landy Landy" <landysaccount@xxxxxxxxx> > >> Cc: squid-users@xxxxxxxxxxxxxxx > >> Date: Sunday, November 14, 2010, 8:27 PM > >> On Sun, 14 Nov 2010 17:04:10 -0800 > >> (PST), Landy Landy > >> <landysaccount@xxxxxxxxx> > >> wrote: > >> > --- On Sun, 11/14/10, Amos Jeffries <squid3@xxxxxxxxxxxxx> > >> wrote: > >> > > >> >> From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > >> >> Subject: Re: Problems with > hotmail > >> and facebook > >> >> To: "Landy Landy" <landysaccount@xxxxxxxxx> > >> >> Cc: squid-users@xxxxxxxxxxxxxxx > >> >> Date: Sunday, November 14, 2010, 7:42 PM > >> >> On Sun, 14 Nov 2010 16:19:41 -0800 > >> >> (PST), Landy Landy > >> >> <landysaccount@xxxxxxxxx> > >> >> wrote: > >> >> > Someone suggested to disable pmtu on > squid > >> and on the > >> >> linux gw. > >> >> > > >> >> > I was able to disable it on linux: > >> >> > > >> >> > echo 1 > > >> /proc/sys/net/ipv4/ip_no_pmtu_disc > >> >> > > >> >> > That hasn't change anything. > >> >> > > >> >> > Now, do I really need to disable it > on squid > >> in order > >> >> to work? I read > >> >> this: > >> >> > > >> >> > disable-pmtu-discovery= > >> >> > Control Path-MTU discovery usage: > >> >> > off lets OS decide on what to do > (default). > >> >> > transparent disable PMTU discovery > when > >> transparent > >> >> support is enabled. > >> >> > always disable always PMTU > discovery. > >> >> > > >> >> > In many setups of transparently > intercepting > >> proxies > >> >> Path-MTU > >> >> > discovery can not work on traffic > towards the > >> clients. > >> >> This is > >> >> > the case when the intercepting > device does > >> not fully > >> >> track > >> >> > connections and fails to forward > ICMP must > >> fragment > >> >> messages > >> >> > to the cache server. If you have > such setup > >> and > >> >> experience that > >> >> > certain clients sporadically hang or > never > >> complete > >> >> requests set > >> >> > disable-pmtu-discovery option to > >> 'transparent'. > >> >> > > >> >> > but, that option is "unrecognized" > by squid. > >> Is it > >> >> really necessary to > >> >> > disable it on squid? If so, how? > >> >> > >> >> Strange. That option is accepted in all > 3.0 and > >> later > >> >> releases. > >> >> http_port ... > disable-pmtu-discovery=off > >> >> > >> >> Being the default it should not need to > be set. > >> But wont > >> >> hurt for > >> >> debugging. > >> >> > >> >> > >> > Amos. > >> > > >> > I've tried with both 3.0.24 and 3.1.9: > >> > > >> > 2010/11/14 20:57:24| cache_cf.cc(363) > >> parseOneConfigFile: squid.conf:406 > >> > unrecognized: 'disable-pmtu-discovery=off' > >> > optimum-router:/home/landysaccount# > >> /usr/local/squid3/sbin/squid > >> > > >> > 2010/11/14 20:58:30| cache_cf.cc(363) > >> parseOneConfigFile: squid.conf:406 > >> > unrecognized: 'disable_pmtu_discovery=off' > >> > > >> > > >> > 2010/11/14 21:00:38| cache_cf.cc(363) > >> parseOneConfigFile: squid.conf:406 > >> > unrecognized: 'disable-pmtu-discovery' > >> > > >> > >> Ah, it is a flag on http_port lines. Not a line by > itself. > >> I don't think its related to the problem though. > The > >> details so far given > >> have been that the reply is broken and not being > processed > >> well. PMTU > >> breakage leads to a "zero sized reply" error. > >> > >> > I'm going crazy with this hotmail problem > can't get it > >> working again. I > >> > had to disable squid and just forward all > traffic, > >> even though it works, > >> I > >> > need squid running in the middle. > >> > > >> > What do you suggest??? > >> > > >> > >> Can you grab a tcpdump of one of these failing > replies > >> please? > >> > >> Amos > >> > > Amos. > > > > I ran two tcpdump and they are at: > > > > www.optimumrd.com/dumpresult1 > > and > > www.optimumrd.com/dumpresult2 > > also my squid.conf is at: > > www.optimumrd.com/squid.conf > > I'm getting deja vu looking at that trace. Did you send me > one earlier? > > > > > When I access hotmail.com the logon screen comes up. > Next, I input my > > credentials and it gets submited and thats when it > hangs on "Waiting for > > mail.live.com" and get this: > > > > ERROR > > > > El URL solicitado no se ha podido conseguir > > > > Mientras se intentaba traer el URL: http://mail.live.com/default.aspx? > > > > Ha ocurrido el siguiente problema: > > > > Error de lectura > > El sistema ha devuelto el siguiente mensaje: > > > > (104) Connection reset by > peer > > Ha ocurrido algún problema mientras se leían datos > de la red. Por favor, > > inténtelo de nuevo. > > This is a different error to the one earlier. The hotmail > server(s) are > blocking/rejecting your access. > > I think this particular one is due to their HTTPS > authentication checking > IPs. The workaround to that is tproxy or not proxying for > hotmail. > > Amos > So, I should not cache/proxy hotmail, yahoo, and facebook. Is this how? acl someserver dstdomain .live.com .yahoo.com .facebook cache deny someserver is that correct?
