Thanks Henrik, it's coming into focus more now... I wonder f you have a suggestion on how to tune the MSS on my Linux box? -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, September 21, 2006 5:03 AM To: Shaun Skillin (home) Cc: Squid Users Subject: RE: WCCPv2 current instructions? ons 2006-09-20 klockan 23:40 -0600 skrev Shaun Skillin (home): > More information, if this helps to narrow it down...I have tried > adjusting MTU sizes to try to solve this. When I set wccp0 to 1200, > it seems to make no difference at all. When I set eth0 to 1200, > ebay.com will not load at all. Other sites (presumably with smaller > page?) can load OK. You are tuning this at the wrong place.. the only knob you can use here on the proxy server is the MSS of the route towards the clients. Don't change the MTU of any interfaces unless you have a dedicated interface for traffic towards the clients, separate from the GRE and Internet traffic. > Also, very curious to me, I notice from a sniffer trace on the Squid > box, that the SYN packet goes through the GRE tunnel, the SYN-ACK does > not (seems to be a spoof from Squid back to client), and the final ACK > goes through the tunnel. Is this normal? Yes. traffic is triangulated. Only client->proxy traffic is going via the GRE tunnel, return traffic to the clients is sent directly. You can play with routing to route the client addresses via the GRE tunnel if you think this is the problem, but I don't think it is.. Regards Henrik