[ previous ] [ next ] [ threads ]
 
 From:  "David Kitchens" <spider at webweaver dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] accessing netbsd.org from behind m0n0wall
 Date:  Wed, 8 Sep 2004 00:04:42 -0400
> > >This is really buggin.  And www.netbsd.org continues to be 
> the only 
> > >site we have this trouble with.
> > 
> > Same here: also have a Soekris net4801, m0n0wall 1.1, 
> DSL-connection. 
> > Browser (tried IE and Firebird on XP, Firebird on OpenBSD 
> and lynx on 
> > Linux) just hangs and keeps waiting forever.
> > 
> > >WAN is set up with PPPoE, an adsl connection.
> > 
> > Same here. But there also seems to be some "specialty" with 
> > netbsd.org, since this really is the ONLY website I cannot see.
> > Since I use OpenBSD as my main OS, I did not check out netbsd.org 
> > previously, your post made me try (and fail).
> > 
> > Kind regards   Frederick
> > 
> 
> Thank you for another independent confirmation of the problem.
> Surprisingly, we do get a successful connection from a Mac
> (OS9.2) client, Netscape 7.0.  So it is some kind of 
> interaction involving netbsd.org, client, and m0n0wall.  
> (That is, this problem is not observed using an OpenBSD PF 
> firewall in place of the m0n0wall.)
> 
> Candidate problems I can think of:
> 
>  * mru/mtu handling problem in PPPoE?
>  * NAT implementation (why haven't the blocked return packets 
> been NAT'ed to the LAN address?)
>  * IPv6 problem?
> 
> As for the latter, I even recompiled an OpenBSD kernel to remove
> IPv6 support ("rmoption INET6"); but this did not alter the 
> phenomenon.
> 
> And what is it about the primary www.netbsd.org server that 
> causes this behavior, not observed among other sites?
> 
> It must be something simple, but at the moment I am just lost 
> for an explanation.

OK, since watching this thread, I feel compelled to point out that on the 4
m0n0walls that I run for myself and clients, I have successfully connected
to this site EVERY time on EVERY LAN. For the life of me, I cannot see this
as an inherant problem with m0n0wall itself, I've even rebuilt my own
Soekris twice from scratch using 1.1 and the 1.1 version with OpenVPN and I
can see this site every time no matter of browser used. None of my clients
are on a PPPoE connection however but I can't see that as a problem either,
the type of connection should have no difference in connecting to any site.
The only thing I can see that is odd is that "nslookup netbsd.org" returns a
non-authoritative answer which indicates a DNS problem which could produce a
hung browser that you describe. If the site can be accessed by a Mac OS
behind the same m0n0 that cannot access it pretty much rules out the m0n0 in
my mind, if m0n0 was blocking the site, it would not work on the Mac either.

Dave