[KLUG Members] webmail saga continues! story at 11...

[Adam Williams]

> OK, DNS does indeed seem to be working.  if i ping www.hotmail.com it DOES
> resolve an IP address for it, just doesn't bounce anything back, like someone
> said earlier.  I tested the IP's that ping was returning and they ARE MSN sites...
> So now, what the heck could be stopping login.passport.net from loading, along
> with not loading any activeX or webmail sites.

Possibly an incompatiility with ECN, possibly the use of WebDAV
protocols not supported by your version of squid.

> > Have you ensured that ECN is *DISABLED*?
> what is ECN? =)

"Explicit Congestion Notification"

This is an IP extension used somewhat like RS-232 XON/XOFF flow control
in order to avoid causing re-transmits between two end-points due to
congestion (since re-transmits only make that worse anyway).

Some devices, routers, hosts, do not support ECN.  If they recieve a
packet with ECN bits they will just drop the packets as bad.  One would
expect by now that all the nodes of the Internet would be at a rev level
where a five year old extension would be supported.  But this isn't the
case, there are still devices out there that don't work with ECN.

Check the value of net.ipv4.tcp_ecn,  if it is 0 then ECN is disabled,
if it is 1 then ECN is enabled.  If ECN is enabled try disabling it.

If you don't know how to query/modify kernel parameters, take a look at
- man sysctl & ftp://ftp.kalamazoolinux.org/pub/pdf/PerfTune2001.pdf

> Conveniently traceroute is NOT on my ipcop box in /usr/sbin ... what the hell? 
> I'll have to bring it on a floppy from my own box at home tomorrow.

That is odd.  Who would make a firewall without traceroute?

> I checked the web proxy log for ipcop, in the gui.  Did not find anything that
> showed anything at all really.  It just showed all the websites it tried to go

Both the access log and the error log?