My girlfriend is working in China and I've had a SOCKS proxy set up for her for a year or so with my old DD-WRT router, which was working rather well. I recently switched to a MikroTik router (the 750GL) and after a lot of tinkering I managed to get the SOCKS set up again, only it doesn't work as well as it used to. Basically it times out a lot when she tries to log in and even if she's logged in, she needs to login again in order to unfreeze pages.
My setup is like this: I have the Socks proxy service running on the MikroTik with default settings, she logs in via the outwards SSH interface using a public key and then just sets her browser to use a Socks proxy on localhost.
Why is she getting such frequent timeouts when trying to log on? Is is just simple lag? The problem is that non-blocked pages (by the Great Firewall of China) are fine, almost snappy. If I ask her to do a ping, above what response times should I start blaming lag?
Also; is there a better way to set up a proxy? I expect to go work in China as well soon, so I'd be very interested in the strengths and weaknesses of different setups.
Interesting side note: When I ask her to do a traceroute to a Swedish page, this is what she gets:
How is that possible? I get like 8 hops and I'm in Sweden! Are the Chinese routers lying?
Code: Select all
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\Jen>tracert www.dn.se Tracing route to a1910.g1.akamai.net [220.127.116.11] over a maximum of 30 hops: 1 281 ms 304 ms 198 ms 18.104.22.168 Trace complete.
Oh right, I should include my firewall settings, maybe I've screwed something up there?
Code: Select all
[admin@MikroTik] /ip firewall filter> print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; default configuration chain=input action=accept protocol=icmp 1 ;;; default configuration chain=input action=accept connection-state=established 2 ;;; default configuration chain=input action=accept connection-state=related 3 ;;; drop ftp brute forcers chain=input action=drop protocol=tcp src-address-list=ftp_blacklist dst-port=21 4 chain=output action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m 5 chain=output action=add-dst-to-address-list protocol=tcp address-list=ftp_blacklist address-list-timeout=3h content=530 Login incorrect 6 ;;; Allow FTP login chain=input action=accept connection-state=new protocol=tcp in-interface=ether1-gateway dst-port=21 port=21 7 ;;; drop ssh brute forcers chain=input action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22 8 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist address-list-timeout=1w3d dst-port=22 9 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3 address-list-timeout=1m dst-port=22 10 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2 address-list-timeout=1m dst-port=22 11 chain=input action=add-src-to-address-list connection-state=new protocol=tcp address-list=ssh_stage1 address-list-timeout=1m dst-port=22 12 ;;; "Allow remote SSH login" chain=input action=accept connection-state=new protocol=tcp in-interface=ether1-gateway dst-port=22 port=22