tis 2003-03-04 klockan 13.35 skrev Timur Irmatov: > Also, I've searched google and found old message, saying that this > problem may arise with transparent caching on linux with ipchains and > 2.2.x kernels compiled without option 'Always defragment'. It says > that when receiving fragmented packet, kernel cannot tell whether it > is redirected or not, and passes packet unmodified. This causes > remote server to reset the connection on reception of this packet. > > I don't know is it true/applicable in my case. 2.4.19 kernel seems to > have not such compile option anymore (i think it is on..?).
Linux-2.4 automatically deals with fragmented packets and NAT (REDIRECT is just a form of NAT in Linux-2.4). > Can anybody share expirience with transparent proxy on Linux with 2.4 > kernels? What is maximum load for this setup? > > I have less than 100 dialup users accessing web, with average traffic > about 500 kbit/sec.. I don't think it is high load, do you? Certainly no a high load for any Squid proxy.. > my kernel compiled without ECN support. What TCP options can you > suggest for me to check ? You can also experiment with disabling/enabling TCP timestamp option. Doing some sniffing with tcpdump and ngrep to get an understanding exacly when the RST is generated is also a good idea. -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
