[ale] revisit the web problem again

Dow Hurst dhurst at kennesaw.edu
Tue Nov 11 17:04:57 EST 2003


Your inclination toward MTU size was the problem.  I've checked and the 
firewall's inside interface was set at 1400 while the LAN machines were 
set at 1500.  I reset them and wget grabbed the page right off.  Thanks!
Dow


Mike Murphy wrote:

> If when her browser is just spinning, she could stop and view source, 
> that might be helpful: my guess is that there will be a partial page 
> there. If so, you might want to see if there are a lot of errors on 
> her workstations interface or the firewall, and check MTU's everywhere 
> (they should be smaller than 1500 typically). At least that's the 
> stuff off the top of my head... Does this firewall keep logs?
>
> Mike
>
>
> Dow Hurst wrote:
>
>> Well, now I have a user that can't get to www.wachovia.com or 
>> www.deseretnews.com.  She has this setup:
>>
>>
>> Earthlink DSL
>>    |
>>    |
>> 2wire DSL modem/router/firewall
>>    |_________________________________
>>    |                                 |
>> KSU Firewall (http allowed)        HPNA Interface
>>    |                                 |
>> Linux workstation (SuSE 8.2)       WinXP Home
>>    |
>> VMware WinXP Pro
>>
>> The 2wire device has a bridge mode to share the 2wire's outside IP 
>> with one internal device.  The KSU firewall is defined as that 
>> device.  So using a DHCP call, the KSU Firewall gets assigned the 
>> outside IP of whatever the 2wire device has gotten from Earthlink.  
>> It works great and allows us to depend on the KSU firewall (managed 
>> by Bob Toxen) to protect her internal systems that are used for the 
>> work she does for us.  The phone interface, HPNA, allows an upstairs 
>> home PC to be protected by the 2wire's firewall and share the DSL 
>> connection.  Nice setup and works well for us.
>>
>> She can telnet from the Linux workstation's prompt to the IPs of both 
>> www.wachovia.com and www.deseretnews.com at port 80 and get a 
>> communication from the web server.  She is able to type some garbage 
>> and get a response from each webserver before they close the 
>> connection.  A standard way to check if the server is up.  Now, if 
>> she tries Mozilla, Konqueror, and Opera under SuSE then contact is 
>> made but no page returns.  I am saying that contact is made because 
>> she told me that Mozilla was saying in the task bar that 
>> "Transferring data" appeared.  She has even tried IE 6 in the vmware 
>> XP hoping that would work but no juice.  Dig gave her the IPs to try 
>> the telnet trick with.  So any advice on troubleshooting this?
>>
>> I have thought that since her upstairs HPNA connected XP machine can 
>> get a page back from these sites that the 2wire's stateful firewall 
>> is somehow remembering the destination.  So a request from any part 
>> of her network to those sites would get directed to the HPNA 
>> interface.  The problem is that no other redirection has occurred and 
>> it is a stupid idea anyway.  I get those more than occasionally. ;-)
>>
>> Thanks for your help,
>> Dow
>>
>>
>> Geoffrey wrote:
>>
>>> Dow Hurst wrote:
>>>
>>>> Have you checked that there isn't a deny statement in these 
>>>> browsers for cookies from that site?  I have lost the ability to go 
>>>> to a site if I denied it the ability to leave a cookie.  Until I 
>>>> went in and re-enabled that site to leave a cookie, I couldn't get 
>>>> to it.
>>>
>>>
>>>
>>>
>>> I checked that.  I am only allowing cookies from the originating 
>>> site. I turned that off, still no go.
>>>
>>> I'm beginning to think it's the ttl setting Mike made mention of.
>>>
>>
>

-- 
__________________________________________________________
Dow Hurst                  Office: 770-499-3428            *
Systems Support Specialist    Fax: 770-423-6744            *
1000 Chastain Rd. Bldg. 12                                 *
Chemistry Department SC428  Email:   dhurst at kennesaw.edu   *
Kennesaw State University         Dow.Hurst at mindspring.com *
Kennesaw, GA 30144                                         *
************************************************************
This message (including any attachments) contains          *
confidential information intended for a specific individual*
and purpose, and is protected by law.  If you are not the  *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it,  *
is strictly prohibited.                                    *
************************************************************




More information about the Ale mailing list