netbsd-users: http-server responds to telnet but not to browser

Subject: http-server responds to telnet but not to browser
To: NetBSD-Users <netbsd-users@netbsd.org>
From: Benjamin Walkenhorst <krylon@gmx.net>
List: netbsd-users
Date: 10/05/2004 20:50:50
Hello everyone,

I connect to the Internet via DSL using my NetBSD-1.6.2 machine as a
NAT-gateway/firewall.
Mostly things work fine. Very well indeed, setting up the DSL connection 
plus
NAT and firewall took no longer than 30 or 45 minutes. =)
I mostly work on my FreeBSD-5.2.1 machine (in case it matters), though, 
using the NetBSD
machine as a small server (NFS, DHCP, DNS, ... - I'm the only user 
though, so system load
is well below 1.0 most of the time).
So I am not *100%* sure this is directly related to NetBSD, yet it is 
the most promising
starting point...

As I said, Internet access works mostly fine - DNS works, ftp works (and 
*fast*, hehe), ...
But some http-servers seem be rather unresponsive: When I connect to 
them with a browser
(Firefox, Mozilla, konqueror, Lynx - no difference) I get a message 
"Connected. Waiting For Reply".
Then nothing, for a long time. Firefox will eventually pop up a message 
telling me "The document
contains no data".
Among these sites - I haven't been able to reach them with a browser 
ever since I got the DSL line,
about three weeks ago - are www.ebay.de, www.amazon.de, 
babelfish.altavista.com, update.mozilla.org.

At first I thought my ISP's backbone might have a problem, or possibly 
my IP is on their firewall's blacklist
for some weird reason.
But see what happens next:
####################################################
=== 20:03:46 krylon@neuromancer:~:: telnet www.amazon.de 80
Trying 207.171.166.148...
Connected to www.amazon.de.
Escape character is '^]'.
GET index.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Invalid URI in request GET index.html<P>
</BODY></HTML>
Connection closed by foreign host.
####################################################

So the connection obviously gets established. And if I spoke some more 
HTTP, I might even
get something out of the page.
But since telnet was not designed to be a browser, bookmarks do not work 
and following links
is not what it's meant to be... =)
So I am looking for some less painful workaround or even a solution.

I am not entirely sure what information might be helpful in solving this.
Maybe it has to do with firewall/NAT-settings. I somehow feel like it 
might have to do whether the
server supports persistent http-connections; maybe a lot of parallel 
connections to the same server
get ipf confused (Like when a page has many small pictures and the 
browser tried to load them all at
once through individual connections)?
Could it be this is some kind of accidental birthday-attack confusing 
the stateful-ness part of ipf?

I am using NetBSD 1.6.2_STABLE on i386 with 320 MB of RAM. The 
connection to the DSL-modem
is a NE2000-compatible ethernet card made by D-Link, the connection to 
the local network is a
Realtek8139 card (rtk).
If I am not mistaken both cards are rather crappy - might one of them be 
the guilty? However, besides
this http-weirdness both the local network and Internet work *great*, 
also performance-wise. And this
seems a bit too specific and weird of a problem to be caused by a crappy 
NIC, or isn't it?

Thanks in advance for any hint,
Benjamin

PS:
I'll also supply my firewall and nat configs, just in case:
20:46:13|wintermute:~:: cat /etc/ipf.conf
pass in quick on rtk0 from 192.168.0.0/24 to any
pass out quick on rtk0 from any to 192.168.0.0/24

# Gnutella
pass in quick on pppoe0 proto tcp from any to any port = 8346
# Fuer edonkey
pass in quick on pppoe0 proto tcp from any to any port = 4662
pass in quick on pppoe0 proto udp from any to any port = 4662
# Ich wuerde gern noch Pings reinlassen...
pass in quick on pppoe0 proto icmp from any to any icmp-type 0
pass in quick on pppoe0 proto icmp from any to any icmp-type 8
pass out on pppoe0 from any to any keep state
block in log quick on pppoe0 from any to any

20:46:17|wintermute:~:: cat /etc/ipnat.conf
map pppoe0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
map pppoe0 192.168.0.0/24 -> 0/32
rdr pppoe0 0/32 port 8346 -> 192.168.0.13 port 8346
rdr pppoe0 0/32 port 4662 -> 192.168.0.13 port 4662

And, finally a dmesg. If more is needed, let me know.

20:48:32|wintermute:~:: dmesg
NetBSD 1.6.2_STABLE (WINTERMUTE) #7: Sun Sep 26 02:09:00 CEST 2004
    root@wintermute:/usr/src/sys/arch/i386/compile/WINTERMUTE
cpu0: AMD Athlon Model 4 (Thunderbird) (686-class), 701.64 MHz
cpu0: I-cache 64 KB 64b/line 2-way, D-cache 64 KB 64b/line 2-way
cpu0: L2 cache 256 KB 64b/line 16-way
cpu0: features 183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR>
cpu0: features 183f9ff<PGE,MCA,CMOV,FGPAT,PSE36,MMX>
cpu0: features 183f9ff<FXSR>
total memory = 319 MB
avail memory = 293 MB
using 4115 buffers containing 16460 KB of memory
BIOS32 rev. 0 found at 0xfb430
mainbus0 (root)
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: VIA Technologies VT8371 (Apollo KX133) Host Bridge (rev. 0x02)
agp0 at pchb0: aperture at 0xd0000000, size 0x10000000
ppb0 at pci0 dev 1 function 0: VIA Technologies VT8371 (Apollo KX133) 
PCI-PCI Bridge (rev. 0x00)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
vga0 at pci1 dev 0 function 0: Nvidia Corporation RIVA TNT (rev. 0x04)
pci_mem_find: void region
pci_mem_find: void region
pci_mem_find: void region
pci_mem_find: void region
wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
pcib0 at pci0 dev 7 function 0
pcib0: VIA Technologies VT82C686A (Apollo KX133) PCI-ISA Bridge (rev. 0x21)
pciide0 at pci0 dev 7 function 1: VIA Technologies VT82C686A (Apollo 
KX133) ATA66 controller
pciide0: bus-master DMA support present
pciide0: primary channel configured to compatibility mode
wd0 at pciide0 channel 0 drive 0: <IBM-DJNA-371800>
wd0: drive supports 16-sector PIO transfers, LBA addressing
wd0: 17206 MB, 34960 cyl, 16 head, 63 sec, 512 bytes/sect x 35239680 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 4 (Ultra/66)
wd1 at pciide0 channel 0 drive 1: <IC35L080AVVA07-0>
wd1: drive supports 16-sector PIO transfers, LBA addressing
wd1: 78533 MB, 159560 cyl, 16 head, 63 sec, 512 bytes/sect x 160836480 
sectors
wd1: 32-bit data port
wd1: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100)
pciide0: primary channel interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 (Ultra/66) (using 
DMA data transfers)
wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 4 (Ultra/66) (using 
DMA data transfers)
pciide0: secondary channel configured to compatibility mode
atapibus0 at pciide0 channel 1: 2 targets
cd0 at atapibus0 drive 0: <SONY    CD-RW  CRX120E, , 1.0j> type 5 cdrom 
removable
cd0: 32-bit data port
cd0: drive supports PIO mode 4, DMA mode 2
pciide0: secondary channel interrupting at irq 15
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 (using DMA data transfers)
uhci0 at pci0 dev 7 function 2: VIA Technologies VT83C572 USB Controller 
(rev. 0x10)
uhci0: interrupting at irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA Technologie UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pchb1 at pci0 dev 7 function 4
pchb1: VIA Technologies VT82C686A SMBus Controller (rev. 0x30)
rtk0 at pci0 dev 9 function 0: RealTek 8139 10/100BaseTX
rtk0: interrupting at irq 10
rtk0: Ethernet address 00:50:22:40:12:50
ukphy0 at rtk0 phy 7: Generic IEEE 802.3u media interface
ukphy0: OUI 0x000000, model 0x0000, rev. 0
ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ne0 at pci0 dev 11 function 0: RealTek 8029 Ethernet
ne0: Ethernet address 00:80:c8:fc:62:f4
ne0: 10base2, 10baseT, 10baseT-FDX, auto, default [0x00 0x30] auto
ne0: interrupting at irq 11
isa0 at pcib0
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com1 at isa0 port 0x2f8-0x2ff irq 3: ns16550a, working fifo
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0-0xff: using exception 16
apm0 at mainbus0: Power Management spec V1.2
biomask fbe5 netmask ffe5 ttymask ffe7
boot device: wd0
root on wd0a dumps on wd0b
IP Filter: v3.4.29 initialized.  Default = pass all, Logging = enabled
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)
pppoe: unknown code (0x00d3) session = 0x0839