-   Linux - Networking (
-   -   some computers responding slowly to dansguardian/squid (

sohmc 08-15-2006 04:35 PM

some computers responding slowly to dansguardian/squid
This is a stumper.

I've set up dansguardian and squid 2.5. I've hit a really weird problem.

We've set it up so that all network traffic goes to the linux computer running dansguardian/squid before being routed back to the originiating computer.

Some computers on the network operate perfectly. Blocking sites like it's suppose to, letting traffic through. However, there are a two computers that are hanging. When the web browser comes up, it says "Opening page ..." and sits there for a good two minutes before loading the page.

Neither the squid logs or dansguardian logs report anything interesting. What's frustrating is that it works for some computers and not others.

For example, I run linux and windows and both work fine. The other two computers are both windows xp.

I'm hoping for some insight as to where to look for a problem. I thought it had to do with iptables. But I'm not sure anymore. Here's my iptables entry:

/usr/sbin/ip route del default via dev br0 table 2
/usr/sbin/ip rule del fwmark 3 table 2
/usr/sbin/iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s
/usr/sbin/iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp -m mac --mac-source 00:10:DC:E1:3D:99 --dport 80
/usr/sbin/iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp -m mac --mac-source 00:13:D3:EB:9F:AB --dport 80
/usr/sbin/iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp -m mac --mac-source 00:40:2B:47:B5:D5 --dport 80
/usr/sbin/ip rule add fwmark 3 table 2
/usr/sbin/ip route add default via dev br0 table 2

Any thoughts or ideas would be greatly appreciated!

acid_kewpie 08-16-2006 09:01 AM

as a netwrok tech, my first point of call would be to do some packet sniffing on the connection between the client and the server to see what is happening during this lull. Install ethereal or just use tcpdump on the server itself and run "tcpdump -vn host" and you'll see all the interations. if it's an inconsistency there could be many random things affecting it, a common one is DNS lookings timing out, and if you're sure no logs shed any light see what the wire has to say about it.

sohmc 08-20-2006 06:23 AM

thanks for the idea. I"m going to try this out and let you know.

sohmc 09-06-2006 10:04 AM

sorry for the delay in a's been a sick couple of weeks. Gettings dansguardian wasn't a high priority.

I've run tcpdump and I'm running into the same problem. It seems like the problem is in the router itself.

The setup is that there's a linux computer doing the filtering and a linksys router doing the routing.

here's the IPTABLES setup for the router:

target    prot opt source              destination       
ACCEPT    tcp  --          anywhere            tcp dpt:www
MARK      tcp  --  anywhere            anywhere            tcp dpt:www MARK set 0x3

The filter is on .2. The IPTABLEs is set up so that everything outside of .2 is MARKED and then sent to the filter via the `ip route` command.

When running tcpdump on the filter computer, it still hangs.

It seems the hiccup is in the router, which really doesn't make sense because other computers work correctly. I don't have tcpdump on the router to check this.

I'm very willing to hear other thoughts and ideas, because I have none!


All times are GMT -5. The time now is 09:08 PM.