[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
Simon Waters wrote: > Mark Evans wrote: > >>It certainly is possible to do this, otherwise >>https://www.st-peters-high.devon.sch.uk wouldn't work :) > > > I figured it should work, as we were using plugdaemon to do this before, > and it doesn't seem to do anything clever. Grr, going to beat our firewalls into "REJECT" and "LOG" rather than "silently dropping"..... Two stupid things I haven't had working were solved this morning after a weekend off, both were firewall rules stopping things happening. In this case although I rewrote the packets "correctly", they were rewritten as coming from the wrong IP address (a different alias of eth0), and the firewall ate them whole. In summary after upgrading Apache from 1.3 to 2.0.47, we experienced "weird" behaviour from plugdaemon in forwarding https packets. For some combinations only the first 8Kbytes were forwarded. The behaviour was very weird, and only occurred with plugdaemon, and some https clients (no obvious pattern emerging, i.e. one wget 1.8 worked, one didn't, but always consistently "all" or "8K" with a specific combination). We replaced plugdaemon with iptables port forwarding, and (when the IP address were all correct) the problem went away. Plugdaemon was probably a relic from 2.2 kernel days when port forwarding required bespoke kernel builds. The lesson, sometimes networks are weird, and it is often down to the firewalls. Also some problems are better side stepped than solved.
Attachment:
pgp00009.pgp
Description: PGP signature