On Feb 16, 2011, at 10:29 AM, Harald Dunkel wrote:
> Hi folks,
>
> I would like to route HTTP traffic from my OpenBSD gateway
> to a dedicated host running squid 3.1 on Linux for interception.
> Here is a picture:
>
> /|\ 87.189.95.69
> |
> |
> em0 |
> +--------+--------+
> | OpenBSD Gateway |
> +--------+--------+
> em1 |172.99.96.4
> |
> |172.99.96.50
> | +-------------------+
> +-------| Linux Squid Proxy |
> | +-------------------+
> |
> | +-------------+
> +-------| HTTP Client |
> 172.99.96.156 +-------------+
>
> The iptables code on
>
> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
>
> was very helpful for small files, but for a large download
> on a slow line the http client prints "connection reset by
> peer" after 30+ secs, and terminates.
>
> The state information on the OpenBSD gateway shows
>
> em1 tcp 87.189.95.69:80 <- 172.99.96.156:45848 CLOSED:SYN_SENT
> em1 tcp 87.189.95.69:80 <- 172.99.96.50:51229 ESTABLISHED:ESTABLISHED
> em0 tcp 80.149.209.55:64755 (172.99.96.50:51229) -> 87.189.95.69:80 ESTABLISHED:ESTABLISHED
>
> immediately after the connection has been opened.
> The line with "CLOSED:SYN_SENT" goes away when the
> client gets the ECONNRESET.
>
> 30 seconds is the default timeout for removing entries
> from OpenBSD's statefull inspection table. Is it possible
> that the squid proxy did not complete the TCP handshake
> via the gateway, but by using the direct connection to the
> client?
is squid configured as intercept ( aka transparent ) or as proxy?
post squid.conf and we can see whats up.
-j
>
>
> Any helpful comment would be highly appreciated.
>
> Regards
>
> Harri
Received on Wed Feb 16 2011 - 15:40:26 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 17 2011 - 12:00:05 MST