Marc!
>> Hello, everybody!
>>
>> I have a strange problem with my setup of squid-2.5.STABLE1 on Linux
>> server with kernel 2.4.19. It acts as a transparent proxy for our
>> dial-up users.
>>
>> Everything works fine. Squid intercepts requests, serves pages,
>> everything seems to be just fine.. But after some time of work it
>> starts to return errors to users - Connection reset by peer. This
>> problem happens with some sites, not all. If I try to open these
>> sites without proxy, it works. With proxy - doesn't. I am forced to
>> shut down redirection, wait for some time (allow squid to cool
>> down???:) and set redirection up again..
>>
>> I have _absolutely_ no idea about where this problem comes from.
>>
>> I would like to hear any comments.
ME> http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.41
ME> (well the none ssl/unix explanation is being referred to here).
I've read FAQ.. my problem is not ssl-related.. It happens to normal
sites.
Some sites are really broken - connecting to them without proxy shows
that they really reset connection for some reason. But other sites
work fine without proxy.
And, what makes me very unhappy, this problem does not persist.
Also, I've searched google and found old message, saying that this
problem may arise with transparent caching on linux with ipchains and
2.2.x kernels compiled without option 'Always defragment'. It says
that when receiving fragmented packet, kernel cannot tell whether it
is redirected or not, and passes packet unmodified. This causes
remote server to reset the connection on reception of this packet.
I don't know is it true/applicable in my case. 2.4.19 kernel seems to
have not such compile option anymore (i think it is on..?).
Can anybody share expirience with transparent proxy on Linux with 2.4
kernels? What is maximum load for this setup?
I have less than 100 dialup users accessing web, with average traffic
about 500 kbit/sec.. I don't think it is high load, do you?
ME> Also check in the squid faq the linux part.
ME> Check TCP/ECN setting ?
my kernel compiled without ECN support. What TCP options can you
suggest for me to check ?
Sincerely yours,
Timur,
Received on Tue Mar 04 2003 - 05:35:35 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:55 MST