Of course, Henrik is right, I should be more carefull in my answers.
What would squid-gurus think of adding an entry on the FAQ on this topic?
It has appeared a few times recently. It could be on "14. System dependent
weirdnesses" in the Linux section. (or maybe on section 17?)
Something like:
---------------------------------------------
Squid using 100% CPU/squid slow when using interception proxying (aka
transparent proxying)
If you are using Linux kernel 2.4.x (for example redhat 7.2), avoid using
the ipchains emulation for packet redirection, use iptables instead.
On kernel 2.4.x ipchains is an emulation of 2.2 ipchains on top of
netfilter, and has been found to have performance problems when used for
redirecting packets. These problems do not manifest when using iptables.
---------------------------------------------
Of course this is just an idea, somebody more knowledgeable than me should
correct/improve this if you decide it is a good idea to add this to the
FAQ.
Not that this is going to stop people from asking, but at least you can
say "read the FAQ" :-)
Yours,
Eduardo.
On Sun, 28 Apr 2002, Squid Support (Henrik Nordstrom) wrote:
> On Saturday 27 April 2002 17:56, Eduardo Cota wrote:
> > Maybe not your problem, but you should not be using ipchains in
> > RedHat 7.2 for transparent redirection (this has been discussed
> > several times on the list, on Linux kernel 2.4.x ipchains is just
> > an emulation layer on top of iptables).
> > Try usind iptables instead.
>
> Nutpicking, but the 2.4 ipchains is not ontop of iptables, it is a
> emulation of ipchains ontop of netfilter (the underlying architecture
> for hooking in packet filters and NAT in 2.4). If the ipchains
> emulation is used you cannot use iptables..
>
> --
> MARA Systems AB, Giving you basic free Squid support
> Your source of advanced web reverse proxying solutions
> http://www.marasystems.com/producs/
>
Received on Sun Apr 28 2002 - 21:45:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:44 MST