Internet slowed down because of SQUID Server setup

Posted by Ranjith Kumar on Server Fault See other posts from Server Fault or by Ranjith Kumar
Published on 2012-03-29T06:34:21Z Indexed on 2012/03/29 11:31 UTC
Read the original article Hit count: 406

Filed under:
|
|
|

Recently I have setup a squid server for our office.

I have computer (A) with

  • two ethernet cards, one for internet and the second one for local network
  • It has Ubuntu server OS with squid-server and dhcp3-server installed
  • I have added few iptable rules to work like a router and redirect all http traffic to 3128 port
This link is my reference.

Everything worked fine for 2 days. All of a sudden internet speed went down drastically. When I connected the internet cable to my laptop to test the internet speed it was fine. Again when I reconnected it back to computer A everything was normal. This happened 4 times in a week. Could anyone here please help me why the internet speed is going down and it becomes normal when I reconnect the cable.

EDIT:
Rebooting the system (computer A) didn't make a difference. I have changed iptables so that http traffic doesn't redirect to 3128 port any further, still no change in the internet speed. I think the problem is not with squid but with something else. Here are my iptable rules

SQUID_SERVER="10.1.1.1"

INTERNET="eth1"

LAN_IN="eth0"

SQUID_PORT="3128"

PROXYSERVERS=(Atlanta Baltimore Boston Chicago Dallas Denver Houston KansasCity LosAngeles Miami NewYork Philadelphia Phoenix SanAntonio SanDiego SanJose Seattle Washington)
SERVERLEN=${#PROXYSERVERS[*]}
I=0

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

modprobe ip_conntrack
modprobe ip_conntrack_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT

iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT

while [ $I -lt $SERVERLEN ]; do
    iptables -t nat -A PREROUTING -i $LAN_IN -p tcp -d ${PROXYSERVERS[$I]}.wonderproxy.com --dport 80 -j ACCEPT 
    let I++
done
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT

iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 22 -j ACCEPT

iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

© Server Fault or respective owner

Related posts about iptables

Related posts about dhcp