Timur Irmatov wrote: > > Marc! > > >> Hello, everybody! > >> > >> I have a strange problem with my setup of squid-2.5.STABLE1 on Linux > >> server with kernel 2.4.19. It acts as a transparent proxy for our > >> dial-up users. > >> > >> Everything works fine. Squid intercepts requests, serves pages, > >> everything seems to be just fine.. But after some time of work it > >> starts to return errors to users - Connection reset by peer. This > >> problem happens with some sites, not all. If I try to open these > >> sites without proxy, it works. With proxy - doesn't. I am forced to > >> shut down redirection, wait for some time (allow squid to cool > >> down???:) and set redirection up again.. > >> > >> I have _absolutely_ no idea about where this problem comes from. > >> > >> I would like to hear any comments. > > ME> http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.41 > ME> (well the none ssl/unix explanation is being referred to here). > > I've read FAQ.. my problem is not ssl-related.. It happens to normal > sites.
That's what I explained in my second sentence , that I was only referring to conn. reset explanation... > > Some sites are really broken - connecting to them without proxy shows > that they really reset connection for some reason. But other sites > work fine without proxy. > > And, what makes me very unhappy, this problem does not persist. > > Also, I've searched google and found old message, saying that this > problem may arise with transparent caching on linux with ipchains and > 2.2.x kernels compiled without option 'Always defragment'. It says > that when receiving fragmented packet, kernel cannot tell whether it > is redirected or not, and passes packet unmodified. This causes > remote server to reset the connection on reception of this packet. > > I don't know is it true/applicable in my case. 2.4.19 kernel seems to > have not such compile option anymore (i think it is on..?). > > Can anybody share expirience with transparent proxy on Linux with 2.4 > kernels? What is maximum load for this setup? > > I have less than 100 dialup users accessing web, with average traffic > about 500 kbit/sec.. I don't think it is high load, do you? > > ME> Also check in the squid faq the linux part. > > ME> Check TCP/ECN setting ? > > my kernel compiled without ECN support. What TCP options can you > suggest for me to check ? > > Sincerely yours, > Timur, -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)
