OK I could see the same problem with just fedora 15. The client side I use a
Window XP
machine loaded with Firefox and Internet Explorer. What I experience with this
set up
is that, it is impossible to logon on to Yahoo mail using Firefox. But in other
occasions,
from home internet, I have experienced before, it is impossible to logoff/logon
and slow
from yahoo mail using Internet Explorer. But when I switch to intercepting
mode, it's
speedy.
This is what I did :-
1. Install fedora 15
2. Disable Fedora 15's renaming of network interface.
because I would to like use back eth0, eth1.
3. yum install bridge-utils and ebtables
4. Delete NetworkManager
5. Disable SElinux.
6. yum install squid, fedora 15 is using squid-3.1.19.
Configure /etc/squid.conf for tproxy, basically just added 'http_port 3129
tproxy'.
7. Modify /etc/rc.local to perform all the setup of bridge, iptables and
routing.
I have attached my rc.local.
8. After the computer fully booted, then I manually start up squid, I would do
squid -N -X -d2 or squid -sY.
rc.local attached.
iptables inline below
# Generated by iptables-save v1.4.10 on Sat Jul 21 07:29:03 2012
*nat
:PREROUTING ACCEPT [17:991]
:INPUT ACCEPT [17:991]
:OUTPUT ACCEPT [81:4793]
:POSTROUTING ACCEPT [81:4793]
COMMIT
# Completed on Sat Jul 21 07:29:03 2012
# Generated by iptables-save v1.4.10 on Sat Jul 21 07:29:03 2012
*mangle
:PREROUTING ACCEPT [201:17028]
:INPUT ACCEPT [278:26348]
:FORWARD ACCEPT [128:7680]
:OUTPUT ACCEPT [187:31351]
:POSTROUTING ACCEPT [325:40825]
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip 0.0.0.0
--tproxy-mark 0x1/0x1
COMMIT
# Completed on Sat Jul 21 07:29:03 2012
# Generated by iptables-save v1.4.10 on Sat Jul 21 07:29:03 2012
*filter
:INPUT ACCEPT [30:2749]
:FORWARD ACCEPT [128:7680]
:OUTPUT ACCEPT [186:31171]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
COMMIT
# Completed on Sat Jul 21 07:29:03 2012
----- Original Message -----
From: Eliezer Croitoru <[email protected]>
so more data needed:
OS = linux
32 \ 64 bit = ?
what Distribution ?
uname -a output ?
what are the configure options for squid ? (squid -v output)
if a package has being used which? (download source).
tproxy as router?
do you intercept ssl?
any data will give more info on the problem.
tcpdump -i any 'port 80' -n
output while the problem accrues is will be very good.
iptables-save
ip route
ip rule
some more data will be helpful instead of just throwing to the air the problem
with the log declaring about the problem.
as for http://mail.yahoo.com/
this is a 302 "HTTP/1.0 302 Moved Temporarily" reply so it might be something
with the size of the reply.
try to run
curl -v http://mail.yahoo.com/
to see if you get any output while not using squid.
Eliezer
-- Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
