Re: Slackware4.0, Squid2.2S3 & SYN_RECV problem

Dancer wrote:
>
> Pavel Paprok wrote:
> >
> > Hi,
> >
> > I have clean installed Linux - Slackware 4.0 (kernel 2.2.6) with
> > compiled
> > squid2.2stable3 on IntelMB SE440BX-2 w/ PIImmx/350MHz,
> > 128MB RAM, 9GB Ultra2WD scsi HD connected to Internet
> > by 1 ethernet interface (3c900), no serial connections or modems.
> >
> > Everything working for many users OK but time to time when
> > connecting ONE of users then proxy slow very very down
> > and all squid connections seems to be VERY slow.
> > After disconnecting of this user, everything
> > go normally up. I dont know if this is kernel or
> > squid problem or user problem (but in this case system
> > should have more imunity against it). In logfiles
> > found not interesting but "netstat -a" in this cases wrote
> > (among many others like ESTABLISHED, TIME_WAIT,...) also
> > many many (I count up to 129 !!!) same SYN_RECV lines about
> > this ONE user just like:
> > ...
> > .....
> > tcp 0 0 ultra.applet.cz:www asy8-NJ.applet.cz:61360 SYN_RECV
> > tcp 0 0 ultra.applet.cz:www asy8-NJ.applet.cz:61361 SYN_RECV
> > tcp 0 0 ultra.applet.cz:www asy8-NJ.applet.cz:61367 SYN_RECV
> > tcp 0 0 ultra.applet.cz:www asy8-NJ.applet.cz:61359 SYN_RECV
> > tcp 0 0 ultra.applet.cz:www asy8-NJ.applet.cz:61361 SYN_RECV
> > tcp 0 0 ultra.applet.cz:www asy8-NJ.applet.cz:61360 SYN_RECV
> > tcp 0 0 ultra.applet.cz:www asy8-NJ.applet.cz:61357 SYN_RECV
> > tcp 0 0 ultra.applet.cz:www asy8-NJ.applet.cz:61362 SYN_RECV
> > tcp 0 0 ultra.applet.cz:www asy8-NJ.applet.cz:61363 SYN_RECV
> > ...etc etc...
> > .....
> > Note that our squid is runing on port 80 (so here www not mean www
> > service).
> > After disconnecting of THIS ONE user, this big group of SYN_RECV lines
> > in netstat output go away and all is full working in normal speed.
> > This user is connecting his own network by dial-up to our Patton
> > over PPP w/ sw WinProxy (linked to our proxy of course).
> >
> > Please help, some ideas?
> > How to do restrict this squid slow-down?
> >
> > Pavel
>
> There is a routing problem. Some percentage of packets from your box are
> not being recieved by the client machine. It could be in your network or
> in his.
>
> To start a TCP connection, the client sends a SYN to the server. The
> server responds with a SYN, then the client sends an ACK, and the
> connection is opened. If the SYN that your server is sending is not
> recieved by the client (due to a firewall or bad routing) you will see
> symptoms like that above.
>
> D

Thanks Dancer, your answer was good!

Problem have seen to be really routing problem and should be already
solved!
On our dialup node we have 2 terminal servers and there was error in
IP adress pools ranges on ones (some IP range was badly common).
So in SOME rale cases SOME users got a same IP and my Linux w/ squid did
not
like it.

Thanks also for other responses!

Pavel

PS
Question stay what to do if someone from any other net will do it for me
to
slow down me.
Received on Wed Jun 09 1999 - 04:33:19 MDT