I have squid set up as a transparent proxy. It has two interfaces: eth0
(internet facing wan) and eth1 (local). I'm using iptables to
masquerade the packets from my local network on eth1 and redirect them
to squid's port. All this seems to work fine.
The thing is, I keep seeing long periods of high incoming traffic on
eth0, but low outgoing traffic on eth0, and nearly no traffic on eth1.
Every time I see this, the data is always coming from either llnw.net or
msecn.net. Both of these are legitimate content delivery networks.
When I inspect the traffic I'm getting with tcpdump/wireshark, none of
the traffic from these domain is going through to eth1 at all. I can
confirm that this traffic is going to squid, since a netstat -p shows
squid as the program with the connection open.
What could be causing this? I tried turning off persistent connections
in case a client was making the connection and then ignoring the data,
but I'm not sure if that's possible or the problem. I'm not a network
expert.
Received on Tue Sep 22 2009 - 14:28:47 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 22 2009 - 12:00:02 MDT