I have a MT router set up on a fiber pipe. It is managing the class c block of addresses that our ISP assigned to us for customer use. We also have 3 masquerade NAT's running (might be getting rid of 3 of them soon).
The problem we're having is after a while, 2 to 4 hours roughly, various customers and computers lose the capability to surf to yahoo.com and/or google.ca. When this happens they are able to surf to any other site on the internet without problems.
I have nothing enabled on the MT box that would filter or block these sites, or any other site for that matter. The problem started within the last week or so. No changes have been made to how the MT box functions between the time it was working and now.
After a reboot to this MT box customers are able to once again surf to these sites without trouble...then after 2-4 hours they are unable to again. This doesn't seem to affect all customers but I have seen it happen on my home computer and my computer at the shop.
If you need to see some code or just need some more information, just let me know.
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
I have some more information that might help. When these sites are unable to be reached I've tried a few things.
They lynx browser under Mandrake Linux returns an error:
HTTP/1.1 301 Permanently Moved.
I've used nslookup under Windows to get an IP for yahoo.com and have tried entering that directly into a web browser and that goes to a yahoo page but it has this:
Clicking on the link just goes to a timeout page in my firefox browser. Clients further out on the system behind a second MT box get an MT error page (or at least something very similar to this):
I looked at the MTU thing and all three interfaces are set to 1500 MTU, I also have a PPoE server running at 1488 MTU as a test to see how it works out.
They lynx browser under Mandrake Linux returns an error:
HTTP/1.1 301 Permanently Moved.
I've used nslookup under Windows to get an IP for yahoo.com and have tried entering that directly into a web browser and that goes to a yahoo page but it has this:
Code: Select all
Sorry, the page you requested was not found.
Please check the URL for proper spelling and capitalization. If you're still having trouble locating a destination on Yahoo!, try visiting the Yahoo! home page (www.yahoo.com), or look through a list of Yahoo!'s online services. Also, you may find what you're looking for if you try searching below.Code: Select all
MikroTik Proxy
----------
Error 504 Gateway Timeout-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
Have you used Mangle to change the MSS on outgoing SYN packets? This is different to setting MTU on the interfaces.
Directly setting the IP address in the browser may produce confusing results as the server will usually the looking for HTTP host header which won't be there.
Are you proxying anywhere?
Regards
Andrew
Directly setting the IP address in the browser may produce confusing results as the server will usually the looking for HTTP host header which won't be there.
Are you proxying anywhere?
Regards
Andrew
I think I may have found the answer, the system has been running today without incident. This is the code I found:
I'm hoping this was indeed the fix I was looking for.
Code: Select all
/ ip firewall mangle
add chain=prerouting in-interface=WAN action=change-ttl new-ttl=set:65 comment="TTL FIX" disabled=no
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 comment="MSS FIX" disabled=no-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK