On Thu, Feb 01, 2007, Matt wrote:
> We have a Mikrotik gateway router. Its a linux based router. I set
> it up to DST-NAT all port 80 traffic at my new Squid box. On the
> Squid box I have added a static route back to the router to force all
> traffic back through it first even if its in the same subnet. I
> compiled Squid with netfilter and aufs support on CentOS 4.4. The
> Squid box is an AMD64 dual core with 2Gbyte of RAM but currently only
> a single SATA drive used for system and cache. Usually runs 1 percent
> CPU load. The only other application running is named which I am
> using as a caching DNS server. In resolv.conf I setup the name server
> as 127.0.0.1. I also have the gateway routers caching DNS server use
> it as a parent so hopefully all my clients DNS requests are going to
> it and not replicated since they all use the gateway router as a DNS
> server.
>
> It all works great, mostly. Once in a while a user will just not be
> able to load a webpage. Email, etc will still work fine. SSH into
> the Squid server and tail -f access.log and it looks like its all
> other users are working. VNC into a different PC on a different IP
> and it works. Wait a few minutes and all works again. When this
> happens I have looked at file descriptors and they do not appear to be
> used up. All the stats look good.
Hm, Have you checked the dmesg log? There might be some hints from the
iptables code. I know my proxy at home gets unhappy when I run out of
stateful connection slots.
Can the client ping the gateway fine? (ie, is it some temporary IP routing
thing thats popping up, or is it something to do about connection tracking.)
Adrian
Received on Thu Feb 01 2007 - 19:51:48 MST
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST