My wife's old G4 iMac was getting a little long in the tooth, she's been using it for about 6 years now. She is a teacher, and spends quite a bit of time staring at the screen, so I wanted to upgrade her to something faster and with better graphics. So in mid-December of 2008, I went out and bought her a new 24" iMac. Everything about this machine is great, except soon she was complaining that the web access SUCKED. It would lock up at random times and not seem to be doing anything. Sites that would load immediately on my Linux laptop running Ubuntu would absolutely refuse to load at all using her iMac sitting right next to it. ... Sound familiar? :-)
My research into this problem showed that it is well known, has been known for quite some time now, and Apple isn't doing anything about it. In most people's experience, it only happens on the wireless portion of the network, and in many cases improving the DNS system by using a different DNS server seems to fix it. In our case, both the wired and wireless connections had exactly the same problem. And the problem persisted even after getting the Bind Version 9 name server running right on her iMac. This is as fast a DNS resolver system as it is possible to have, and will return queries *immediately* for sites that it has already resolved. It still didn't work. DNS latency was not our problem. There was some kind of generic networking issue.
I run my Linux laptop using a SOCKS tunnel using SSH to connect to the OpenBSD firewall on our home network. It's something I like to do for any wireless machine that I set up, and I had not yet done this on my wife's machine. I hypothesised that maybe there was some issue with port 80 (used by your web browser for HTTP traffic) on the iMac. There is a certain amount of packet rearrangement that gets done when you're running an SSH tunnel, and I thought perhaps that would get around the problem. So I went ahead and installed the SOCKS proxy on her machine. For Apple specific instructions, see this page.
Well, I don't know exactly what is going on, because Apple doesn't let me see their networking source code, but I don't care, either. The problem is completely solved by running the HTTP traffic through the SOCKS tunnel. If I turn off the usage of the tunnel in Firefox, there is no way I can load certain web pages. If I turn it back on they load instantly. The tunnel works just as well in Safari if you configure it to use the tunnel.
To duplicate this result on your machine, you will need to set up a SOCKS proxy using an ssh tunnel (your iMac comes with ssh and all other tools and programs mentioned here, you don't have to install anything). Then, you'll need to start the tunnel when the user logs in. Create the following file in your home directory and name it "tunnel" There should be no blank lines above what is shown here ...
#!/bin/bash
if ! ps ax | grep ssh | grep "\-CND" > /dev/null; then
ssh -2 -CND 1080 user@system &
fi
You'll need to replace "user" and "system" above with your login and the machine name of the SSH server. All the stuff before the ssh command makes it so you can open multiple terminal sessions and only one ssh connection is created, for the first one.
Make the tunnel file executeable by typing this in a terminal window ...
chmod a+x ~/tunnel
You can find the terminal window under Applications/Utilities.
To be able to execute the ssh command with no input from the user (so that it will start at login with no extra fuss), it is neccessary to set up the user account with a shared key, and exchange that key between the ssh client and server. The appropriate shared key can be created using the ssh-keygen command. See Google for details.
If you leave your machine unattended for long periods, you will want to look at the man pages for ssh_config. You'll want to set up a periodic keepalive message from your machine to the ssh server. You want to set the value of 'ServerKeepAliveInterval' to 180 or something like that in the file /etc/ssh_config on your machine. This will result in your machine sending a message to the ssh server every 3 minutes when it's idle, so that the server or firewall doesn't take the connection down. You will have to edit this file using the sudo command. If the tunnel goes down, you'll see a message in Firefox that it's trying to use a Proxy server which is refusing connections. If this is the case, simply open a terminal window and type the word "tunnel", then close the window. Your tunnel will be back up. You won't have to do this if you get your tunnel set up right using the keepalive above. But if you can't get the keepalive to work, this is quick and painless to do, and you'll only have to do it after you come back to the machine from a long absence in which it was powered up. If you're actively using the web, the tunnel won't go down.
I hope this helps you solve your Leopard networking issues! My wife's iMac is a rocket on the internet now. Happy wife, happy husband!