Sometimes, for no reason at all, the ClarkConnect proxy will block a website. Hard. Timeout. white pages and the kind.
I tried everything: Disabling ECN, disabling caching/filtering, etc. Nothing would work.
I went back to basics: Installed screen (for the comfort of use) and ran a tcpdump on the adsl interface to monitor the traffic. And it didn't miss: the ClarkConnect box was sending tcp packets but not getting ACKs in return.
A quick look through iptables showed something amusing: the first two rules were an unconditional DROP on every packet coming from the website.
Back to the ClarkConnect web interface, namely intrusion detection, revealed the website IP was blacklisted for another 22h. Regardless of what could have caused it (whether a badly configured apache or firewall on their end, or a user a bit too eager on ours). Adding the server to the exception list and applying the settings did miracles.
Morality:
tcpdump is ugly, flood your screen with information that may not be deemed relevant, but trust me: learn to use it and it will save your skin more than once.
No comments:
Post a Comment