On Thu, 17 Dec 2009 06:50:13 -0800 Tom Eastep <[email protected]> wrote:
> Asim Ahmed Khan wrote: > > yes i believe that it is true what you are saying. I really suspect > > the glitch is somewhere around the rule that redirects traffic to > > squid in transparent mode. > > Then there is nothing more that I can do to help you. Because your > configuration is correct. I'll repeat one more time -- if the rule > redirects one request from the loc zone to tcp port 80, then it will > redirect all requests. There is nothing that can cause the rule to > work on some requests and to then fail for 30 seconds to several > minutes. I should clarify that there is no way to mis-configure the rule so that this behavior happens. > > One other suggestion; go back in your kernel logs to time periods when > users were experiencing issues. Look for any unusual messages, > especially those having to do with 'conntrack'. > Running out of conntrack table entries *can* cause the symptoms that you describe. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
