On Thu, 10 Jan 2002, Laura Folden wrote: > Thanks, Ron. > > Our new website (being prepared for launch) is being hosted by > circle.com at the ip address 205.229.56.205 . Their site then does a > redirect of the traffic to a subfolder beneath the main ip. The > subpage is /ace/352 . Their logs show that we connect to the site > but, after that, we time out. > > Our firewall is Altavista, running on Windows NT. We have a Cisco > router 2601 connecting to a Netgear switch. The Netgear switch then > connects back to the firewall directly. Lots of other computers can > connect to this site, but for some reason we cannot. We can connect to > every other site without problems. >
Can you connect to the site from a client machine on the DMZ outside the firewall? Is the site load balanced? Are your forward and reverse IP addresses correctly configured? > The MTU on our router is 1500. We have a full T1. We believe the > problem might have to do with our firewall not being able to handle > the redirect. Do you mean HTTP redirect, or ICMP redirect? You should probably look at ICMP filtering, most likely one of you is hosing PMTU discovery. A sniffer outside the firewall and someone who can interpret the data is your best bet. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
