hanging http requests

[scalforama]

I am a linux tech for a network with about 40 linux servers. All of our linux servers seem to hang downloading via http or https. I can't even load sourceforge.net... Our windows and freebsd servers do not have this problem.

Our network is run through hp procurve switches into a cisco pix firewall and into dedicated dsl lines.

All of our linux servers are running either red hat enterprise 4, centos 5, or debian etch.

All have intel gigabit ethernet cards, using the e1000 driver

To clear this issue up, I have tried the following per other forum posts:
1. match duplexing modes and speed settings on servers, the ports on the switches they connect to, the switch ports the firewall connects to, on the pix.
2. disable tcp window scaling
3. reenable and increase tcp window scaling
4 recompile nic card driver using latest stable sources
5. have isp check dsl line for errors
6. check local firewall config(http and https are completely open)
7. have isp check firewall config(http and https are completely open)
8. disable ipv6 support
9. optimize tcp settings(window size, buffers, ...)
10. ran packet sniffing software(wireshark) for any issues
11. tried both static ip and dhcp setup
12. tried different switches & different firewalls

the iptables firewall and selinux are both disabled on all servers...

i run into this problem with any web browser, wget, curl, running updates via. apt-get, yum or up2date... they are all running at least the 2.6.18 linux kernel. we have one box running the 2.4 kernel(has same problem)...

[oracledba]

Have you figured this out yet? My environment matches yours exactly, down to the NIC. This has been driving me nuts for years. Have had this issue with numerous versions of Fedora and Ubuntu.

[scalforama]

We just recently replaced our cisco firewalls with fortegate firewalls. This problem seems to have vanished. I also noticed that our bsd based boxes did not have this issue...

[oracledba]

I have been suspecting the firewalls for some time. To make this even more interesting, I can download a file from sourceforge within a Windows VM running on my Ubuntu machine. But I can't download the file from within Ubuntu. This is really aggravating. There is no chance that we will replace our firewall. Thanks for the reply though.

[scalforama]

A windows system uses completely different TCP Stack code than a Linux System. Microsoft actually based their TCP Stack code off of FreeBSD, which is known to have the fastest TCP Stack of any operating system. VMWare also uses custom TCP Settings and code to make optimal use of the network(necessary when running multiple systems on 1 box)...

[oracledba]

Did you happen to use WebSense or anything like that with the Pix?

[scalforama]

Did you happen to use WebSense or anything like that with the Pix?

Actually we did. We were able to fix the problem about a week before the firewall replacement on some of the servers by adding them to the whitelist in websense...we then got rid of websense, because our new firewall system does the job websense tried to do(and much better too...). I forgot to mention that...