Re: [squid-users] Unable to access a website through Suse/Squid.

2008-04-07 Thread Peter Albrecht 
Hi Terry,

> I will have to look into ip tables. I can add static routes via the
> interface card which are permanent, however doing it this way doesn't
> give me any options for mss, mtu, etc.. All I can enter this way is
> Source, Destination, Gateway.

I guess you mean using /etc/sysconfig/network/routes? I'm not sure if you 
can provide any options there.

Another way would be to create your own script which sets up additional 
routing. Use /etc/init.d/skeleton as a template and create a script (e.g. 
called /etc/init.d/routes) which contains the commands for setting the 
routes. Then make sure the symbolic links for starting and stopping the 
script are created in the runlevel directories:

insserv /etc/init.d/routes

The script has to be started after the network script, so the names of the 
symbolic links should start with S06 or higher numbers (the links for the 
network script are called S05network). For more information, have a look 
at the man page of init.d (man init.d) which describes the SUSE boot 
concept. If you have any problems, feel free to contact me off-list (as 
this is not a Squid-related topic).

Regards,

Peter

-- 
Peter Albrecht  [EMAIL PROTECTED]
Open Source School GmbH Tel: +49-89-287793-83
Amalienstraße 45 RG Mob: +49-173-3528664
80799 München   Fax: +49-89-287555-63

HRB 172645 - Amtsgericht München
Geschäftsführer: Peter Albrecht, Dr. Markus Wirtz

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-05 Thread Henrik Nordstrom 
lör 2008-04-05 klockan 10:11 -0400 skrev Terry Dobbs:
> The internet line is DSL, and does use a username/password (PPoE).
> However, on the actual DSL router (provided by ISP) I don't see any MTU
> options. 

PPPoE means a lower MTU than the internet default of 1500, so any sites
not capable of performing Path MTU discovery properly will fail to
communicate with you. Path MTU problems is still quite common,
especially with people running homegrown firewalls where they add a
simple "drop all ICMP traffic, people should not ping us" rule,
forgetting that TCP/IP also makes significant use of ICMP..

> I will have to look into ip tables. I can add static routes via the
> interface card which are permanent, however doing it this way doesn't
> give me any options for mss, mtu, etc.. All I can enter this way is
> Source, Destination, Gateway.

You can try the following iptables rule:

iptables -t mangle -A OUTPUT -o outinterface -j TCPMSS --set-mss 1440

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-05 Thread Terry Dobbs 
The internet line is DSL, and does use a username/password (PPoE).
However, on the actual DSL router (provided by ISP) I don't see any MTU
options. 

I will have to look into ip tables. I can add static routes via the
interface card which are permanent, however doing it this way doesn't
give me any options for mss, mtu, etc.. All I can enter this way is
Source, Destination, Gateway.

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Friday, April 04, 2008 6:19 PM
To: Terry Dobbs
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Unable to access a website through
Suse/Squid.

fre 2008-04-04 klockan 13:56 -0400 skrev Terry Dobbs:
> Thanks so much, the advmss worked like a charm. How do I make it so
this
> route stays there? When I restart networking it seems to vanish.

Some things first.. you should figure out if the MTU is local or remote.
As it's mostly you having issues I would suspect it's local. In such
case you should have a lower mss on the default route to make TCP/IP
work better.

How are you connected to the Internet? ADSL with PPPoE, or some other
tunneling method which has a lover MTU than the default 1500?

How to set the routing is quite distribution dependent, and I am not
very familiar with SuSE. But on the good side you can use iptables to
acheive the same thing, or maybe rules in your router.

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-04 Thread Henrik Nordstrom 
fre 2008-04-04 klockan 13:56 -0400 skrev Terry Dobbs:
> Thanks so much, the advmss worked like a charm. How do I make it so this
> route stays there? When I restart networking it seems to vanish.

Some things first.. you should figure out if the MTU is local or remote.
As it's mostly you having issues I would suspect it's local. In such
case you should have a lower mss on the default route to make TCP/IP
work better.

How are you connected to the Internet? ADSL with PPPoE, or some other
tunneling method which has a lover MTU than the default 1500?

How to set the routing is quite distribution dependent, and I am not
very familiar with SuSE. But on the good side you can use iptables to
acheive the same thing, or maybe rules in your router.

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-04 Thread Terry Dobbs 
Thanks so much, the advmss worked like a charm. How do I make it so this
route stays there? When I restart networking it seems to vanish.

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Friday, April 04, 2008 1:13 PM
To: Terry Dobbs
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Unable to access a website through
Suse/Squid.


tor 2008-04-03 klockan 12:36 -0400 skrev Terry Dobbs:

> Also, the second command gives me an error and says "mss" is a
garbage.

Sorry, should be advmss

  /sbin/ip route add 63.148.24.5 via your.internet.gateway advmss 496

to replace an already existing route use replace instead of add..

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-04 Thread Henrik Nordstrom 

tor 2008-04-03 klockan 12:36 -0400 skrev Terry Dobbs:

> Also, the second command gives me an error and says "mss" is a garbage.

Sorry, should be advmss

  /sbin/ip route add 63.148.24.5 via your.internet.gateway advmss 496

to replace an already existing route use replace instead of add..

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-03 Thread Terry Dobbs 
I tried adding the first route, but it didn't seem to make a difference.
The ethereal capture still shows my squid box sending window size of
1460? Do I need to restart networking to take effect, when I do this it
wipes out the route?

Also, the second command gives me an error and says "mss" is a garbage.

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 02, 2008 7:44 PM
To: Terry Dobbs
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Unable to access a website through
Suse/Squid.

ons 2008-04-02 klockan 15:43 -0400 skrev Terry Dobbs:
> Ok folks, here is my packet capture; I included only the transmissions
> between the 2 relevant devices (SUSE Server and the problematic
> website).

The capture looks very much like the issues seen by window scaling, but
there is no window in scaling in this trace... A bit confused..

Guessing wildly here, but my first action would be to upgrade the kernel
just in case it's a known tcp problem which has been worked around
already..

Another thing you can try is to decrease the window size to a very small
size

  /sbin/ip route add 63.148.24.5 via your.internet.gateway window 1480

this isn't optimal for performance, but may work around certain broken
firewalls if there is packet reordering at play..

You can also try lowering the MSS, in case there is a MTU blackhole...

  /sbin/ip route add 63.148.24.5 via your.internet.gateway mss 496

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-02 Thread Henrik Nordstrom 
ons 2008-04-02 klockan 15:43 -0400 skrev Terry Dobbs:
> Ok folks, here is my packet capture; I included only the transmissions
> between the 2 relevant devices (SUSE Server and the problematic
> website).

The capture looks very much like the issues seen by window scaling, but
there is no window in scaling in this trace... A bit confused..

Guessing wildly here, but my first action would be to upgrade the kernel
just in case it's a known tcp problem which has been worked around
already..

Another thing you can try is to decrease the window size to a very small
size

  /sbin/ip route add 63.148.24.5 via your.internet.gateway window 1480

this isn't optimal for performance, but may work around certain broken
firewalls if there is packet reordering at play..

You can also try lowering the MSS, in case there is a MTU blackhole...

  /sbin/ip route add 63.148.24.5 via your.internet.gateway mss 496

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-02 Thread Terry Dobbs 
Hi, I got the capture working, and sent you the file earlier on. When I
tried sending it to the list it kept bouncing back. It is very small,
and I zipped it up.

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 02, 2008 5:54 PM
To: Terry Dobbs
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Unable to access a website through
Suse/Squid.

ons 2008-04-02 klockan 11:56 -0400 skrev Terry Dobbs:

> Also, when running ethereal it doesn't seem to be capturing web
traffic,
> catching lots of ARP, but nothing web related. When running on Windows
> behind the SUSE box I can capture web traffic, is there something
> obvious I am missing here?

Should just work.

Try capturing on the "Any" interface, in case traffic isn't going the
direction you think..

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-02 Thread Henrik Nordstrom 
ons 2008-04-02 klockan 11:56 -0400 skrev Terry Dobbs:

> Also, when running ethereal it doesn't seem to be capturing web traffic,
> catching lots of ARP, but nothing web related. When running on Windows
> behind the SUSE box I can capture web traffic, is there something
> obvious I am missing here?

Should just work.

Try capturing on the "Any" interface, in case traffic isn't going the
direction you think..

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-02 Thread Terry Dobbs 
Hey,

I did the command you mentioned and it didn't seem to make a difference.
Is there anything special I need to do after running the command.

Also, when running ethereal it doesn't seem to be capturing web traffic,
catching lots of ARP, but nothing web related. When running on Windows
behind the SUSE box I can capture web traffic, is there something
obvious I am missing here?

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 01, 2008 7:07 PM
To: Terry Dobbs
Cc: J Beris; squid-users@squid-cache.org
Subject: RE: [squid-users] Unable to access a website through
Suse/Squid.

tis 2008-04-01 klockan 18:00 -0400 skrev Terry Dobbs:
> Would you want the trace from the squid server, or from a client
behind
> the squid server?
> 
> Also, the TCP scaling fix, it was just to add a record to the file
> right?
> 
> Also, I tried doing the window scaling again. Is it just as simple as
> creating the file "tcp_default_win_scale" in /proc/sys/net/ipv4?

The simplest way to test if it's window scaling biting the host (or to
be correct it's firewall) is to disable window scaling.

echo 0 >/proc/sys/net/ipv4/tcp_window_scaling

The sysctls have changed somewhat since the lwn.net article was written
many years ago.

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-02 Thread J Beris 
 
> I tried connecting from a machine running openSUSE 10.3 (without going
> through a proxy). There is something weird in the first reply from the
> server in the TCP section of the package analysis:

I just tried the same thing, fired up openSUSE 10.3 on a laptop, no
proxy. Started Wireshark and did a capture.

> TCP Analysis Flags: A segment before this frame was lost
> 
> In the following frames I see:
> 
> This frame is a (suspected) retransmission
> 
> And then the connection stops. No idea what that means, though. Maybe
> that
> helps.

I also get a few (suspected) retransmissions, but the page loads
normally in Firefox. Don't think those retransmissions point to anything
really serious, though. Not serious enough to mess up the loading of the
page. After all, the packets were retransmitted and then arrived. Most
likely somewhere there is a lack of bandwidth, probably the origin
server. Maybe the origin server sometimes suffers under high utilization
or lacks bandwidth severely enough to cause empty replies?

> Well, that seems to be a strong hint that something is wrong with this
> server. Could you try from another Linux distribution to rule out it's
> a bug in openSUSE?

I doubt it's a bug in openSUSE. We'd be seeing this with more websites
then. It's more likely either something at the origin server...or
something at Terry's setup which we haven't identified (yet). I've been
using openSUSE 10.2 and 10.3 both since they were released. Haven't had
problems with sites not loading or sending empty replies.

HTH,

Joop

 
Dit bericht is gescand op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT

Re: [squid-users] Unable to access a website through Suse/Squid.

2008-04-02 Thread Peter Albrecht 
Hi Terry,

> Yea, im lost on this one. Ethereal doesn't show anything strange, just
> the initial connection request, just doesn't seem to get anything back.

I tried connecting from a machine running openSUSE 10.3 (without going 
through a proxy). There is something weird in the first reply from the 
server in the TCP section of the package analysis:

TCP Analysis Flags: A segment before this frame was lost

In the following frames I see:

This frame is a (suspected) retransmission

And then the connection stops. No idea what that means, though. Maybe that 
helps.

> Doesn't really make sense that only this one site (at least that I know
> of) is having this issue. The SUSE firewall is turned off, network card
> is configured properly, etc...

Well, that seems to be a strong hint that something is wrong with this 
server. Could you try from another Linux distribution to rule out it's a 
bug in openSUSE?

Regards,

Peter

-- 
Peter Albrecht  [EMAIL PROTECTED]
Open Source School GmbH Tel: +49-89-287793-83
Amalienstraße 45 RG Mob: +49-173-3528664
80799 München   Fax: +49-89-287555-63

HRB 172645 - Amtsgericht München
Geschäftsführer: Peter Albrecht, Dr. Markus Wirtz

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread Henrik Nordstrom 

tis 2008-04-01 klockan 18:00 -0400 skrev Terry Dobbs:
> Would you want the trace from the squid server, or from a client behind
> the squid server?

The squid server talking to the web site.

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread Henrik Nordstrom 
tis 2008-04-01 klockan 18:00 -0400 skrev Terry Dobbs:
> Would you want the trace from the squid server, or from a client behind
> the squid server?
> 
> Also, the TCP scaling fix, it was just to add a record to the file
> right?
> 
> Also, I tried doing the window scaling again. Is it just as simple as
> creating the file "tcp_default_win_scale" in /proc/sys/net/ipv4?

The simplest way to test if it's window scaling biting the host (or to
be correct it's firewall) is to disable window scaling.

echo 0 >/proc/sys/net/ipv4/tcp_window_scaling

The sysctls have changed somewhat since the lwn.net article was written
many years ago.

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread Terry Dobbs 
Would you want the trace from the squid server, or from a client behind
the squid server?

Also, the TCP scaling fix, it was just to add a record to the file
right?

Also, I tried doing the window scaling again. Is it just as simple as
creating the file "tcp_default_win_scale" in /proc/sys/net/ipv4?

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 01, 2008 5:37 PM
To: Terry Dobbs
Cc: J Beris; squid-users@squid-cache.org
Subject: RE: [squid-users] Unable to access a website through
Suse/Squid.

tis 2008-04-01 klockan 17:29 -0400 skrev Terry Dobbs:
> Yea, im lost on this one. Ethereal doesn't show anything strange, just
> the initial connection request, just doesn't seem to get anything
back.
> 
> Doesn't really make sense that only this one site (at least that I
know
> of) is having this issue. The SUSE firewall is turned off, network
card
> is configured properly, etc...

Post the trace somewhere and we may take a look if something can be
identified.

My bet is still TCP window scaling.. it's the most common source to this
problem these days.

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread Henrik Nordstrom 
tis 2008-04-01 klockan 17:29 -0400 skrev Terry Dobbs:
> Yea, im lost on this one. Ethereal doesn't show anything strange, just
> the initial connection request, just doesn't seem to get anything back.
> 
> Doesn't really make sense that only this one site (at least that I know
> of) is having this issue. The SUSE firewall is turned off, network card
> is configured properly, etc...

Post the trace somewhere and we may take a look if something can be
identified.

My bet is still TCP window scaling.. it's the most common source to this
problem these days.

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread Terry Dobbs 
Yea, im lost on this one. Ethereal doesn't show anything strange, just
the initial connection request, just doesn't seem to get anything back.

Doesn't really make sense that only this one site (at least that I know
of) is having this issue. The SUSE firewall is turned off, network card
is configured properly, etc...

-Original Message-
From: J Beris [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 01, 2008 10:05 AM
To: Terry Dobbs; Henrik Nordstrom
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Unable to access a website through
Suse/Squid.

> This is obviously why the squid users cant access. I thought it might
> be
> a DNS issue, but that's crossed off as I can ping the domain, and it
> resolves to correct address.

Yes, if you can ping and resolve, it's not DNS related.
I'd fire up wireshark/ethereal and grab the communication that way, see
if that clears things up a bit more. Like this, it's hard to
troubleshoot.

Regards,

Joop

 
Dit bericht is gescand op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread J Beris 
> This is obviously why the squid users cant access. I thought it might
> be
> a DNS issue, but that's crossed off as I can ping the domain, and it
> resolves to correct address.

Yes, if you can ping and resolve, it's not DNS related.
I'd fire up wireshark/ethereal and grab the communication that way, see
if that clears things up a bit more. Like this, it's hard to
troubleshoot.

Regards,

Joop

 
Dit bericht is gescand op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread Terry Dobbs 
Yea, I understand that this issue really isn't squid related, just was
hoping someone running squid on suse linux has had a similar issue. I am
running Suse Linux 10 and I can ping the domain from the server. I just
cant browse to it, I get an error box in Mozilla saying "Document
contains no data".

This is obviously why the squid users cant access. I thought it might be
a DNS issue, but that's crossed off as I can ping the domain, and it
resolves to correct address. 


-Original Message-
From: J Beris [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 01, 2008 9:36 AM
To: Terry Dobbs; Henrik Nordstrom
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Unable to access a website through
Suse/Squid.

> Thanks for checking. Odd, not sure why this wont work here, the only
> problem like this that I have had in the few years ive used it.

Hi Terry/Henrik,

No problem, little effort to click the link :-)
I made one small mistake, our proxy runs on openSUSE 10.2, not 10.3 as
reported earlier.

Which release of openSUSE do you run? Perhaps there's a difference
between those 2 versions (although, having used both, I can't think of
anything related to this case...)

Regards,

Joop

 
Dit bericht is gescand op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread J Beris 
> Thanks for checking. Odd, not sure why this wont work here, the only
> problem like this that I have had in the few years ive used it.

Hi Terry/Henrik,

No problem, little effort to click the link :-)
I made one small mistake, our proxy runs on openSUSE 10.2, not 10.3 as
reported earlier.

Which release of openSUSE do you run? Perhaps there's a difference
between those 2 versions (although, having used both, I can't think of
anything related to this case...)

Regards,

Joop

 
Dit bericht is gescand op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread Henrik Nordstrom 
tis 2008-04-01 klockan 09:28 -0400 skrev Terry Dobbs:
> Thanks for checking. Odd, not sure why this wont work here, the only
> problem like this that I have had in the few years ive used it. 

Well.. Squid will only be able to reach the sites you can reach from the
server where Squid runs.

The site works fine from here, but it's hard to test all possible
variables which may make sites fail

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread Terry Dobbs 
Thanks for checking. Odd, not sure why this wont work here, the only
problem like this that I have had in the few years ive used it. 

-Original Message-
From: J Beris [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 01, 2008 3:46 AM
To: Henrik Nordstrom; Terry Dobbs
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Unable to access a website through
Suse/Squid.

> > Can other people here access this site using Suse Linux?

Yes, works perfectly here behind a squid-2.6.STABLE6-0.8 proxy on
openSUSE 10.3. Both Firefox and IE.
 
> What was the site again?

http://www.franklintraffic.com/

Regards,

Joop

 
Dit bericht is gescand op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-04-01 Thread J Beris 
> > Can other people here access this site using Suse Linux?

Yes, works perfectly here behind a squid-2.6.STABLE6-0.8 proxy on openSUSE 
10.3. Both Firefox and IE.
 
> What was the site again?

http://www.franklintraffic.com/

Regards,

Joop

 
Dit bericht is gescand op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-03-31 Thread Henrik Nordstrom 

mån 2008-03-31 klockan 15:31 -0400 skrev Terry Dobbs:

> Can other people here access this site using Suse Linux?

What was the site again?

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

2008-03-31 Thread Terry Dobbs 
Yea, I did stumble across those a few days ago, and tried doing what it said to 
no avail.

Can other people here access this site using Suse Linux?

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 31, 2008 3:15 PM
To: Terry Dobbs
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Unable to access a website through Suse/Squid.

mån 2008-03-31 klockan 11:30 -0400 skrev Terry Dobbs:


> I have been racking my brain over this one. I am able to ping the
> website from the SUSE machine, just cant www to it. Anyone know why this
> is? Is it a configuration issue on the server, on the website?

There is quite many broken firewalls out on the Internet which falls
down when clients & servers have modern TCP/IP implementations such as
Linux..

The Squid FAQ has workarounds for most of them.

http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-699d810035c099c8b4bff21e12bb365438a21027
and
http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-4920199b311ce7d20b9a0d85723fd5d0dfc9bc84

There is more, but these two is the most common ones..

some sites have also been seen having problems with tcp timestamping,
but these are very rare today..

Regards
Henrik

Re: [squid-users] Unable to access a website through Suse/Squid.

2008-03-31 Thread Henrik Nordstrom 
mån 2008-03-31 klockan 11:30 -0400 skrev Terry Dobbs:


> I have been racking my brain over this one. I am able to ping the
> website from the SUSE machine, just cant www to it. Anyone know why this
> is? Is it a configuration issue on the server, on the website?

There is quite many broken firewalls out on the Internet which falls
down when clients & servers have modern TCP/IP implementations such as
Linux..

The Squid FAQ has workarounds for most of them.

http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-699d810035c099c8b4bff21e12bb365438a21027
and
http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-4920199b311ce7d20b9a0d85723fd5d0dfc9bc84

There is more, but these two is the most common ones..

some sites have also been seen having problems with tcp timestamping,
but these are very rare today..

Regards
Henrik

[squid-users] Unable to access a website through Suse/Squid.

2008-03-31 Thread Terry Dobbs 
Hi,

 

Some users in our company need to access a website
(http://www.franklintraffic.com  ). Any
user that is going through the squid proxy (running on SUSE Linux) is
unable to get to this site, just kind of times out. When I try to get to
this site directly from the SUSE machine I am unable to, it just says
"Document contains no data". This site however works fine from Internet
Explorer on a machine open to the internet (not going through proxy).

 

I have been racking my brain over this one. I am able to ping the
website from the SUSE machine, just cant www to it. Anyone know why this
is? Is it a configuration issue on the server, on the website?

 

I understand this may not be 100% squid related, but im sure others
running squid on SLE have experienced a similar issue?