From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A632D1381F3 for ; Sun, 25 Aug 2013 11:17:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CC53CE0C34; Sun, 25 Aug 2013 11:17:34 +0000 (UTC) Received: from mail-we0-f178.google.com (mail-we0-f178.google.com [74.125.82.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AEE73E0B8D for ; Sun, 25 Aug 2013 11:17:33 +0000 (UTC) Received: by mail-we0-f178.google.com with SMTP id u54so1909236wes.9 for ; Sun, 25 Aug 2013 04:17:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=mlTZl3H8sg22pNQoO0VfV5pbpUJkH2pj5LDYbixnvkQ=; b=jtMpJHuh96+taw/d6HT8JWFEmAdHrdQUrHEZZKL6PpUOrZW6xF+xkPnCCJoD2dKWDl KAWJeFVbNVQq3xQItooCQe0cu2tGP84fZm89IvrkZIdkeB7OJQLNf+Dlz3TFJjDXY357 K58+sOjPXjUgUnFbyjtioZYJc0MfphUa4k1KBYAJGdLHlfDUKadnOad5TjTh4cj+/2Zt wOvCaOtrxvhVaCQG4WG3tzvIQqelC6v/XvgOPbhvXEpkwui5Cb/RGfH9VDXPYZTCGlHe CVcdSAso/PYqByep0oJpEO1bqxY0dD/3kSxihuWibTs9FUyGSgxGlW0sGJlacX45uWJP fklQ== X-Received: by 10.180.206.42 with SMTP id ll10mr3990080wic.50.1377429452352; Sun, 25 Aug 2013 04:17:32 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPSA id li9sm10112399wic.4.1969.12.31.16.00.00 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 25 Aug 2013 04:17:31 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Proxy server problem Date: Sun, 25 Aug 2013 12:17:01 +0100 User-Agent: KMail/1.13.7 (Linux/3.10.7-gentoo; KDE/4.10.5; x86_64; ; ) References: <201308241825.15336.michaelkintzios@gmail.com> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart17893219.RuYTUPgrBV"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201308251217.14502.michaelkintzios@gmail.com> X-Archives-Salt: 2b3dc51d-ce37-4ac1-b6ff-ff5f17d7604c X-Archives-Hash: e8090a8cc138d707d4127bd62247a084 --nextPart17893219.RuYTUPgrBV Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Sunday 25 Aug 2013 11:13:07 Grant wrote: > >> >> I set up squid on a remote system so I can browse the internet from > >> >> that IP address. It works but it stalls frequently. I had similar > >> >> results with ziproxy. I went over this with the squid list but we > >> >> got nowhere as it seems to be some kind of a system or network > >> >> problem. > >> >>=20 > >> >> http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-3-3-5-hang= s-> >> >> the -en tire-system-td4660893.html > >> >>=20 > >> >> Can anyone here help me figure out what is wrong? I'm not sure whe= re > >> >> to start. > >> >>=20 > >> >> - Grant > >> >=20 > >> > Just a quick pointer in case it applies to you: if you tunnel into > >> > the proxy machine (using ssh, VPN, proxychains and what not) you > >> > would suffer from packet fragmentation, which could quickly snowball. > >> > In this case try reducing your mtu to lower values, than the default > >> > ethernet 1500 byte packets, to cater for the overhead of the larger > >> > tunnelling headers. > >>=20 > >> I've tried disconnecting from my SSH tunnel and changing the mtu on my > >> laptop and on the remote proxy server via ifconfig and there is some > >> kind of an improvement but I can't narrow it down. I've tried mtu > >> down to 1000 on both systems but the proxy server still stalls > >> sometimes. Any tips for narrowing this down further? > >>=20 > >> - Grant > >=20 > > Now that you mentioned using ssh, I don't think that you can improve > > this. An mtu at 1000 bytes is lower than I thought might have helped.= =20 > > The problem is caused by stacking tcp packets (tcp within tcp) each of > > which is using its own timeout for failed fragments. >=20 > I think I may have misunderstood you. I do SSH into the machine > running squid, but I don't tunnel through that connection in order to > use the proxy. I connect to the remote squid instance directly via my > browser and I also happen to SSH into the same machine to run > commands. Do any of your recommendations apply in this scenario? Ahh! I misunderstood your set up too. The problem I described only applie= s=20 to setting up an application layer tunnel (e.g. SSH) and running tcp within= =20 that secure tunnel. In your case, you establish a direct connection to you= r=20 server over http or https and a separate connection using SSH. No tunnelli= ng=20 involved and no tcp stacking. Sorry for the bum steer. Is this stalling problem happening when you just browse the internet, visit= ing=20 websites, or do you get it when you are downloading large files such as=20 videos, or music? If it is the former, then I am not sure what causes it. = If=20 it is the latter, then this may be relevant to http timeout settings.=20 I don't have in depth knowledge of this, other than increasing timeout and= =20 data rates from default values on a hosted server to avoid this problem=20 (apache's mod_reqtimeout). Eventually, I ended up using ftp to download la= rge=20 files, instead of http. =2D-=20 Regards, Mick --nextPart17893219.RuYTUPgrBV Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAABAgAGBQJSGee6AAoJELAdA+zwE4YeAHIIALITDOjgl5IG/G2HPCk8qLbX 69OuPtQ/mFlu9+x+8m7TbnZdIrpBN0wSE/ln5LIuMIhLDXNWjpFioKHA3LRvbt4T PFAncA0rtS60WmmMfGmUA0SRDk6ixqZRo9b6BMIowDqPBLHfOZy83xHtouJ/cJdg Wa21p9zaF0prIlXKbtpwK2Bzcj553RmXYEK/1KtAP6v7agNcqmJCZCRQKtSXcEvp ucyHm25v/4pvKarI6gO9puaOKA49QuPmSKOSTXZPJvzYQdL2yhGb7ClR+uzzjCUk Tvb7Nj80LeuNPd6/mOxfn9ZKaHFl/WB3TPFGZGqWQGy0K+7iZUSXnqiPvHqq/qY= =aBIG -----END PGP SIGNATURE----- --nextPart17893219.RuYTUPgrBV--