squid causing slow access to some sites?

lunacyfoundme

We got a new windows server installed in work a few weeks ago and recently we've noticed some websites run incredibly slow or wont open at all. For example centralbank.ie opens really slowly and speedtest.net doesnt open at all it just looks like its trying to open.

Squid is installed on the server and seems to be responsible for all the internet access. Dont know much about it but Ive check the list of restricted sites and theres only 5 items on it and I dont see how they would affect access to these sites.

I already asked our support company about it but they say theyve checked it from both sides of the firewall and the its the same story. They said to ring Eircom about it.

Is there any point in ringing Eircom? Is there anything they can check other than do a line test (which may not be at all helpfull considering most websites are working)? Is this most likely something to do with Squid?

Thanks.

corkcomp

few possibilities here.. i wouldnt look at squid just yet.. try reboting router and clearing all DNS cache's

lunacyfoundme

Sorted thanks. Support didnt look hard enough. Something to do with the MTU setting on the firewall.

jpl888

I think you are talking about path MTU discovery.

Basically if you are using a PPPOE connection to get your internet the MTU the firewall uses to pass on data needs to be the same i.e. 1492.

In iptables this is referred to as MSS clamping.

Most broadband routers would use it by default and anyone worth their salt firewall wise would know that this needs to be set. Perhaps you should be asking some questions.

It doesn't just affect web pages it can also be evidenced by large emails hanging. Of course inexplicably some sites will work and not others.

Basically when a packet is larger than the MTU size it will need to be fragmented but because ICMP fragmentation packets are blocked by the firewall the client never knows this and therefore never gets the data.