Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

iptables slows tproxy SQUID with DNAT or REDIRECT

60 views

Skip to first unread message

Tytus Rogalewski

unread,

Jun 5, 2010, 3:00:01 PM6/5/10

hello guys
i am having very strange problem with my SQUID and iptables.
It is for sure NOT A SQUID ISSUE (i've tested 6 different versions of
squid, 2.7.x , 3.0.x and 3.1.x - and other people dont have this
issue)
In all versions there was one problem. When i use TRANSPARENCY mode
(so i redirect 80 port in iptables via DNAT or REDIRECT)
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.2 ! -d
192.168.0.0/24 --dport 80 -j REDIRECT --to-port 8123 # Tytanick
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.2 ! -d
192.168.0.0/24 --dport 80 -j DNAT --to 192.168.0.1:8123 # Tytanick
i am having problem that pages load SLOWLY - exacly few images load very slowly.
In all cases, my browser cache and squid cache was cleaned.
Just watch a movie that i made and you will see my problem clearly !

You can download zipped html and swf(movie) file from rapidshare: (you
can choose different resolutions)
http://rapidshare.com/files/395636925/iptables_squid_slow_1600.rar
http://rapidshare.com/files/395636761/iptables_squid_slow_1440.rar
http://rapidshare.com/files/395634867/iptables_squid_slow_1024.rar
http://rapidshare.com/files/395632385/iptables_squid_slow_800.rar

OR if you cant download from rapidshare, here are direct links to my
server (with SLOW UPLOAD 50 KB/s - so you will need to wait few mins
:P)
http://sky-link.net/temp/squid/squid_problem/iptables_squid_slow_1600.html
http://sky-link.net/temp/squid/squid_problem/iptables_squid_slow_1440.html
http://sky-link.net/temp/squid/squid_problem/iptables_squid_slow_1024.html
http://sky-link.net/temp/squid/squid_problem/iptables_squid_slow_800.html

my kernel version: linux-2.6.34
iptables: 1.4.3.2
Linux Gentoo
3GHZ core2duo
4GB RAM

--
Z pozdrowieniami
Tytus Rogalewski
mail: tytanick{monkey}gmail.com
www.sky-link.net
gg: 210533
skype: tytanick
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Alexander Clouter

unread,

Jun 5, 2010, 4:10:03 PM6/5/10

Tytus Rogalewski <tyta...@gmail.com> wrote:
>
> i am having very strange problem with my SQUID and iptables.
> It is for sure NOT A SQUID ISSUE (i've tested 6 different versions of
> squid, 2.7.x , 3.0.x and 3.1.x - and other people dont have this
> issue)
>

...I assume you tried removing all your iptables rules (including
unloading all the iptables related modules) and configuring a client
workstation to use squid manually and the problem disappeared?

Cheers

--
Alexander Clouter
.sigmonster says: Look before you leap.
-- Samuel Butler

0 new messages