Marc! >> Hello, everybody! >> >> I have a strange problem with my setup of squid-2.5.STABLE1 on Linux >> server with kernel 2.4.19. It acts as a transparent proxy for our >> dial-up users. >> >> Everything works fine. Squid intercepts requests, serves pages, >> everything seems to be just fine.. But after some time of work it >> starts to return errors to users - Connection reset by peer. This >> problem happens with some sites, not all. If I try to open these >> sites without proxy, it works. With proxy - doesn't. I am forced to >> shut down redirection, wait for some time (allow squid to cool >> down???:) and set redirection up again.. >> >> I have _absolutely_ no idea about where this problem comes from. >> >> I would like to hear any comments.
ME> http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.41 ME> (well the none ssl/unix explanation is being referred to here). I've read FAQ.. my problem is not ssl-related.. It happens to normal sites. Some sites are really broken - connecting to them without proxy shows that they really reset connection for some reason. But other sites work fine without proxy. And, what makes me very unhappy, this problem does not persist. Also, I've searched google and found old message, saying that this problem may arise with transparent caching on linux with ipchains and 2.2.x kernels compiled without option 'Always defragment'. It says that when receiving fragmented packet, kernel cannot tell whether it is redirected or not, and passes packet unmodified. This causes remote server to reset the connection on reception of this packet. I don't know is it true/applicable in my case. 2.4.19 kernel seems to have not such compile option anymore (i think it is on..?). Can anybody share expirience with transparent proxy on Linux with 2.4 kernels? What is maximum load for this setup? I have less than 100 dialup users accessing web, with average traffic about 500 kbit/sec.. I don't think it is high load, do you? ME> Also check in the squid faq the linux part. ME> Check TCP/ECN setting ? my kernel compiled without ECN support. What TCP options can you suggest for me to check ? Sincerely yours, Timur,
