Re: iptables redirect

To: Pol Hallen <deben@fuckaround.org>
Cc: debian-user@lists.debian.org
Subject: Re: iptables redirect
From: Dan Ritter <dsr@randomstring.org>
Date: Wed, 7 Sep 2016 11:55:50 -0400
Message-id: <[🔎] 20160907155550.GM9743@newtao.randomstring.org>
In-reply-to: <[🔎] 2e2354a3-ced6-b789-4f54-2a1e70afca73@fuckaround.org>
References: <[🔎] 2e2354a3-ced6-b789-4f54-2a1e70afca73@fuckaround.org>

On Wed, Sep 07, 2016 at 09:24:18AM +0200, Pol Hallen wrote:
> Hi all,
> 
> I've a small lan:
> 
> dsl<--->server1<--->lan1-192.168.10.0/24 (NIC1)
>                     lan2-192.168.20.0/24 (NIC2)
> 
> I've squid proxy on lan2 (ip192.168.20.250)
> 
> iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination
> 192.168.20.250:8080
> 
> it works (I see squid logs on 192.168.20.250) but is very very very [...]
> slow :-/
> 
> squid on 192.168.20.250 (from same network works ok)
> 
> how to audit the problem?

Rule of thumb: if an iptables rule works, it works quickly.

What's the network traffic level on NIC1 and NIC2? Try iftop
for an instant look, install vnstat for longer term statistics.

Is squid slow for anyone else? Is squid caching? What happens if
you turn off caching? Is squid doing DNS lookups and having
problems with that? Any errors in the squid log?

Is it slow when you use lynx, w3m, wget or curl?

-dsr-

Reply to:

Follow-Ups:
- Re: iptables redirect
  - From: Igor Cicimov <icicimov@gmail.com>

References:
- iptables redirect
  - From: Pol Hallen <deben@fuckaround.org>

Prev by Date: Re: Decentralized reliable instant messaging?
Next by Date: Re: System in broken state after dpkg upgrade
Previous by thread: iptables redirect
Next by thread: Re: iptables redirect
Index(es):
- Date
- Thread