tor 2008-04-10 klockan 11:54 +0100 skrev Callum Millard: > I'm presuming it's a Squid related problem as all the problems disappear > when I bypass Squid from the browser. The path remains the same though > as the box running Squid also does ip masq/NAT type stuff as well, You need to run the browser on that box to use that as a test. >From the data you have provided it looks like a firewall problem, getting confused when you talk to too advanced TCP/IP implementations. wiki.squid-cache.org is running a fairly recent Linux version, has lots of memory and I think every TCP/IP feature enabled.. which means that if you are behind a crappy firewall you can run into any of the following problems - ECN - Windows scaling - TCP time stamping - and more.. A rather foolproof test is to downgrade the TCP/IP stack as far as possible echo 0 >/proc/sys/net/ipv4/tcp_windowscaling echo 0 >/proc/sys/net/ipv4/tcp_ecn echo 0 >/proc/sys/net/ipv4/tcp_timestamps echo 1 >/proc/sys/net/ipv4/ip_no_ptmu_disc echo 0 >/proc/sys/net/ipv4/tcp_mtu_probing Regards Henrik
