tis 2003-03-04 klockan 13.35 skrev Timur Irmatov:
> Also, I've searched google and found old message, saying that this
> problem may arise with transparent caching on linux with ipchains and
> 2.2.x kernels compiled without option 'Always defragment'. It says
> that when receiving fragmented packet, kernel cannot tell whether it
> is redirected or not, and passes packet unmodified. This causes
> remote server to reset the connection on reception of this packet.
>
> I don't know is it true/applicable in my case. 2.4.19 kernel seems to
> have not such compile option anymore (i think it is on..?).
Linux-2.4 automatically deals with fragmented packets and NAT (REDIRECT
is just a form of NAT in Linux-2.4).
> Can anybody share expirience with transparent proxy on Linux with 2.4
> kernels? What is maximum load for this setup?
>
> I have less than 100 dialup users accessing web, with average traffic
> about 500 kbit/sec.. I don't think it is high load, do you?
Certainly no a high load for any Squid proxy..
> my kernel compiled without ECN support. What TCP options can you
> suggest for me to check ?
You can also experiment with disabling/enabling TCP timestamp option.
Doing some sniffing with tcpdump and ngrep to get an understanding
exacly when the RST is generated is also a good idea.
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Tue Mar 04 2003 - 10:05:57 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:55 MST