Re: [squid-users] Slow connection through proxy

[Chris Robertson]

Julian Pilfold-Bagwell wrote:

Hi All,

I have a problem with my proxy and Windows clients on certain ip 
ranges on my network.


I've just upgraded my network from a single LDAP/Samba server running 
on Mandriva 2007 to  a dual redundant  setup with  DNS, NTP and LDAP 
master/slave on two servers with a  seperate PDC and BDC   pair 
authenticating  and providing file shares. Authentication on the 
network for users is fast as lightning. On the old network I had a 
Mandriva 2007 box with Squid proxying and NTLM auth and this machine 
has been moved to the new setup. Clients are spread across three IP 
ranges 172.20.0., 172.20.1. and 172.20.2. with the 0 range being 
assigned static IPs and the one and two ranges collecting an IP from 
DHCPD.


If I connect a client to the network, it obtains an address from the 
DHCP server along with  DNS,  gateway and WINS server settings but the 
connection via Squid is slow e.g. 30-120 seconds to  obtain a page. If 
I take the settings from ipconfig and enter them manually but with an 
IP in the 172.20.0 range, it works perfectly with pages appearing 
withing 1-2 seconds.


Perhaps it's an issue with reverse DNS for the 172.20.1.0/23 subnet.  
Squid is trying to perform reverse DNS lookups on clients on that 
netblock and is hanging there...




nslookup returns IP's within a second on the proxy and clients and 
su'ing to a user account on the proxy takes a split second, suggesting 
that nss and pam_smb are authenticating OK.


If you've specified that the clients use proxy, their access to DNS 
should have little effect on surfing speed (baring client proxy exceptions).




On the old network, the proxy worked fine across al three IP ranges, 
on the new it behaves as above.  Is there anywhere I should be looking 
in particular for clues to this one. 


Watch a network trace between a DHCP client and the proxy.  Check the 
access.log for how long it takes to register the completed request 
(and how long the request took to complete).  Check to see if the proxy 
server an perform RDNS queries on all three subnets.


I'll be out of the office until Monday but I'll check the mail as soon 
as I can for a reply.


Many thanks,

Julian PB


Chris

[squid-users] Slow connection through proxy

[Julian Pilfold-Bagwell]

Hi All,

I have a problem with my proxy and Windows clients on certain ip ranges 
on my network.


I've just upgraded my network from a single LDAP/Samba server running on 
Mandriva 2007 to  a dual redundant  setup with  DNS, NTP and LDAP 
master/slave on two servers with a  seperate PDC and BDC   pair 
authenticating  and providing file shares. Authentication on the network 
for users is fast as lightning. On the old network I had a Mandriva 2007 
box with Squid proxying and NTLM auth and this machine has been moved to 
the new setup. Clients are spread across three IP ranges 172.20.0., 
172.20.1. and 172.20.2. with the 0 range being assigned static IPs and 
the one and two ranges collecting an IP from DHCPD.


If I connect a client to the network, it obtains an address from the 
DHCP server along with  DNS,  gateway and WINS server settings but the 
connection via Squid is slow e.g. 30-120 seconds to  obtain a page. If I 
take the settings from ipconfig and enter them manually but with an IP 
in the 172.20.0 range, it works perfectly with pages appearing withing 
1-2 seconds.


nslookup returns IP's within a second on the proxy and clients and 
su'ing to a user account on the proxy takes a split second, suggesting 
that nss and pam_smb are authenticating OK.


On the old network, the proxy worked fine across al three IP ranges, on 
the new it behaves as above.  Is there anywhere I should be looking in 
particular for clues to this one. I'll be out of the office until Monday 
but I'll check the mail as soon as I can for a reply.


Many thanks,

Julian PB