On Mon, 24 Jan 2011 18:56:48 +0100, Ralf Hildebrandt wrote: > * Max Feil: >> Already did use Wireshark. Here is some more info: >> >> If you look through the traces you'll notice that at some point Squid >> sends a TCP [FIN, ACK] right in the middle of a connection for seemingly >> no reason. (Attempting to close the connection) The server ignores this >> and sends the rest of the data, which Squid responds to with TCP RST >> (request to reset) since it now believes the connection to be closed. > > That sounds like a Checkpoint FW-1 with "smart defense" (aka bloody > stupid crap) somewhere in the path Ooh, thanks. So that was the Checkpoint problem. Yes Squid will not send FIN or RST to just one end of the connection mid way. Either both will get the FIN/RST or the server will be re-tried and the client connection will get the latter response. FWIW; the Linux guys have added demo config for this type of TCP link aborting to their public recommendations. Note that it is really only useful for *DDoS* situations. Not for normal traffic. Amos