On Tue, 22 Sep 2009 11:58:16 -0400, Matthew Morgan <atcs.matthew@xxxxxxxxx> wrote: > Leonardo Carneiro wrote: >> you could bind squid to only listen the LAN interface. doind this, no >> one will be able to estabilish a external connection with squid. > I'll try that, but I thought my firewall rules were taking care of > that. They may not be though...I'm just recently learning iptables. > I'll post back with the results. > > Thanks! > IIRC llnw.net are one of the providers for a lot of video content. If your Squid is configured to download a complete file on range requests and one of your users started downloading a video then stopped Squid would show this behavior. Though yeah, a firewall spot-check is also good when strange things happen. Amos > >> >> Matthew Morgan escreveu: >>> I have squid set up as a transparent proxy. It has two interfaces: >>> eth0 (internet facing wan) and eth1 (local). I'm using iptables to >>> masquerade the packets from my local network on eth1 and redirect >>> them to squid's port. All this seems to work fine. >>> >>> The thing is, I keep seeing long periods of high incoming traffic on >>> eth0, but low outgoing traffic on eth0, and nearly no traffic on >>> eth1. Every time I see this, the data is always coming from either >>> llnw.net or msecn.net. Both of these are legitimate content delivery >>> networks. When I inspect the traffic I'm getting with >>> tcpdump/wireshark, none of the traffic from these domain is going >>> through to eth1 at all. I can confirm that this traffic is going to >>> squid, since a netstat -p shows squid as the program with the >>> connection open. >>> >>> What could be causing this? I tried turning off persistent >>> connections in case a client was making the connection and then >>> ignoring the data, but I'm not sure if that's possible or the >>> problem. I'm not a network expert. >>> >>
