Well, it could be the fact that the communication now is going -via- the Squid server - its a seperate box, seperate TCP connections, seperate TCP stack (on the Squid box!) and that might be enough to describe the issues. See, Squid shouldn't be slowing down your browsing, so I really am not sure whats going on there. It sounds like there's a bigger problem with the Squid setup on that server? I'm not sure. "TCP state engine" is the TCP State engine :) http://userpages.umbc.edu/~jeehye/cmsc491b/lectures/tcpstate/sld001.htm Don't let complicated diagrams fool you. From what you've described, the TCP connections aren't making it to "ESTABLISHED" and so you should be able to look at the TCP connection attempts and figure out where its breaking - initial SYN, SYN-ACK, or ACK? (Thats the TCP three-way handshake) Once you've established that you should compare that to a tcpdump on a -working- machine to the same host - see what is different about the TCP packet exchange. I'd even try connecting to the Wiki from your gateway/squid box using lynx/w3m/links. If those don't work (and you've bypassed Squid!) then its something TCP related. If it does work direct but doesn't work when you point it at the proxy then its somehow the Squid. Adrian On Thu, Apr 10, 2008, Callum Millard wrote: > Thanks Adrian. Just a couple of things though. > > I'm presuming it's a Squid related problem as all the problems disappear > when I bypass Squid from the browser. The path remains the same though > as the box running Squid also does ip masq/NAT type stuff as well, > acting as the default gateway for the network. I'm also seeing various > slow connections appearing on other sites, and while Squid has always > slowed our browsing down, it's never been like this before. > > Also, when you suggest tracing the 'tcp state engine,' what are you > referring to? I'm not a Squid or TCP/IP (or anything really) expert > though I'll happily trawl through packet traces, I don't have the depth > of knowledge to necessarily work out what's an unimportant error and > what's a sign of Squid going the way of tasty marine life. > > > Callum. > > > > -----Original Message----- > From: Adrian Chadd [mailto:adrian@xxxxxxxxxxxxxxx] > Sent: 09 April 2008 18:28 > To: Callum Millard > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid won't load certain pages. > > On Wed, Apr 09, 2008, C. Ham wrote: > > NO they don't seem to, but then I haven't got the patience to test > them > > all. Then again, being as it seems to happen at the tcp layer, then I > > wouldn't have thought the page would have mattered. > > Thats why I asked. If you see differences at the TCP layer for just one > page then I would be worried. :) > > Ok, so if -everything- to the wiki server is failing for you I'd grab > out wireshark and some paper/pencils and start tracing the TCP state > engine. You may find that some device (firewall, router?) is unhappy > with something - eg the order of TCP options (which just bit FreeBSD-7 > in their TCP code reshuffle..) - and you'll want to compare the > TCP establishment dump from this to a known working setup to see > whats different. > > > > adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
