ons 2006-09-20 klockan 23:40 -0600 skrev Shaun Skillin (home):
> More information, if this helps to narrow it down...I have tried
> adjusting MTU sizes to try to solve this. When I set wccp0 to 1200,
> it seems to make no difference at all. When I set eth0 to 1200,
> ebay.com will not load at all. Other sites (presumably with smaller
> page?) can load OK.
You are tuning this at the wrong place..
the only knob you can use here on the proxy server is the MSS of the
route towards the clients. Don't change the MTU of any interfaces unless
you have a dedicated interface for traffic towards the clients, separate
from the GRE and Internet traffic.
> Also, very curious to me, I notice from a sniffer trace on the Squid
> box, that the SYN packet goes through the GRE tunnel, the SYN-ACK does
> not (seems to be a spoof from Squid back to client), and the final ACK
> goes through the tunnel. Is this normal?
Yes. traffic is triangulated. Only client->proxy traffic is going via
the GRE tunnel, return traffic to the clients is sent directly.
You can play with routing to route the client addresses via the GRE
tunnel if you think this is the problem, but I don't think it is..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:04 MDT