Internet slowed down because of SQUID Server setup
Posted
by
Ranjith Kumar
on Server Fault
See other posts from Server Fault
or by Ranjith Kumar
Published on 2012-03-29T06:34:21Z
Indexed on
2012/03/29
11:31 UTC
Read the original article
Hit count: 406
Recently I have setup a squid server for our office.
I have computer (A) with
- two ethernet cards, one for internet and the second one for local network
- It has Ubuntu server OS with squid-server and dhcp3-server installed
- I have added few iptable rules to work like a router and redirect all http traffic to 3128 port
Everything worked fine for 2 days. All of a sudden internet speed went down drastically. When I connected the internet cable to my laptop to test the internet speed it was fine. Again when I reconnected it back to computer A everything was normal. This happened 4 times in a week. Could anyone here please help me why the internet speed is going down and it becomes normal when I reconnect the cable.
EDIT:
Rebooting the system (computer A) didn't make a difference. I have changed iptables so that http traffic doesn't redirect to 3128 port any further, still no change in the internet speed. I think the problem is not with squid but with something else. Here are my iptable rules
SQUID_SERVER="10.1.1.1"
INTERNET="eth1"
LAN_IN="eth0"
SQUID_PORT="3128"
PROXYSERVERS=(Atlanta Baltimore Boston Chicago Dallas Denver Houston KansasCity LosAngeles Miami NewYork Philadelphia Phoenix SanAntonio SanDiego SanJose Seattle Washington)
SERVERLEN=${#PROXYSERVERS[*]}
I=0
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
modprobe ip_conntrack
modprobe ip_conntrack_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
while [ $I -lt $SERVERLEN ]; do
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp -d ${PROXYSERVERS[$I]}.wonderproxy.com --dport 80 -j ACCEPT
let I++
done
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 22 -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
© Server Fault or respective owner