Timur Irmatov wrote:
>
> Marc!
>
> >> Hello, everybody!
> >>
> >> I have a strange problem with my setup of squid-2.5.STABLE1 on Linux
> >> server with kernel 2.4.19. It acts as a transparent proxy for our
> >> dial-up users.
> >>
> >> Everything works fine. Squid intercepts requests, serves pages,
> >> everything seems to be just fine.. But after some time of work it
> >> starts to return errors to users - Connection reset by peer. This
> >> problem happens with some sites, not all. If I try to open these
> >> sites without proxy, it works. With proxy - doesn't. I am forced to
> >> shut down redirection, wait for some time (allow squid to cool
> >> down???:) and set redirection up again..
> >>
> >> I have _absolutely_ no idea about where this problem comes from.
> >>
> >> I would like to hear any comments.
>
> ME> http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.41
> ME> (well the none ssl/unix explanation is being referred to here).
>
> I've read FAQ.. my problem is not ssl-related.. It happens to normal
> sites.
That's what I explained in my second sentence , that I was
only referring to conn. reset explanation...
>
> Some sites are really broken - connecting to them without proxy shows
> that they really reset connection for some reason. But other sites
> work fine without proxy.
>
> And, what makes me very unhappy, this problem does not persist.
>
> Also, I've searched google and found old message, saying that this
> problem may arise with transparent caching on linux with ipchains and
> 2.2.x kernels compiled without option 'Always defragment'. It says
> that when receiving fragmented packet, kernel cannot tell whether it
> is redirected or not, and passes packet unmodified. This causes
> remote server to reset the connection on reception of this packet.
>
> I don't know is it true/applicable in my case. 2.4.19 kernel seems to
> have not such compile option anymore (i think it is on..?).
>
> Can anybody share expirience with transparent proxy on Linux with 2.4
> kernels? What is maximum load for this setup?
>
> I have less than 100 dialup users accessing web, with average traffic
> about 500 kbit/sec.. I don't think it is high load, do you?
>
> ME> Also check in the squid faq the linux part.
>
> ME> Check TCP/ECN setting ?
>
> my kernel compiled without ECN support. What TCP options can you
> suggest for me to check ?
>
> Sincerely yours,
> Timur,
-- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)Received on Tue Mar 04 2003 - 05:43:45 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:55 MST