(FIXED) Problems accessing some norwegian websites



  • Hello,

    Just upgraded to 1.2.3 RELEASE

    Basically when i do a http request to one certain customer I never get a response back. the data is reaching the customer, but no data is coming back.

    You can try this by going to http://mobile-entry.com, the site will not work as expected from behind pfsense.

    LSF in irc reported the following sites also not working: www.yr.no, www.ba.no, www.nrk.no

    The relation all these web addresses have is that they are Norwegian.

    Any clue how to proceed with this ?



  • Why do you repost without any new information…... ::)

    Never the less lsf and I tried to see if I could create a setup that would fail to connect, so fare I can't.

    My setup:
    dsl pppoa not bridge (telenor/cybercity)
    cable modem (yousee)
    vlan hp 1800-G8
    em driver intel giga nic's
    pfSense only with vlan nic's
    client's winxp and ubuntu



  • Hi,

    i have some extra information

    I run a cluster of pfsense

    pfsense 1: version 1.2.2 - active
    pfsense 2: version 1.2.3 - backup

    When pfsense1 is active and i put real gateway of pfsense 2 in my server, the website works.

    I do a failover from pfsense 1 to 2 and it stops working, it seems when the carp addresses are active it stops working.

    My carps are a mix of external and internal addresses

    Any clue ?



  • attached some captures

    working.txt
    notworking.txt


  • Rebel Alliance Developer Netgate

    There are some very specific circumstances that lead to this issue, and you are the only person besides lsf that has hit the bug, I believe.

    I can't even reproduce it, but it seems to be related to using VLANs on multiple interfaces and certain other settings.

    I have tried many times to reproduce it on my fully-VLAN setup and test boxes and it has always worked for me.



  • Shall i attach my config for you to try ?


  • Rebel Alliance Developer Netgate

    That may or may not help. It could also be a combination of hardware (NICs), switch gear, or even an ISP routing/MTU oddity.



  • I fixed the problem by disabling hardware checksum offloading.


Log in to reply