Search squid archive

Re: TProxy Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here is the config ... it does work fine in "transparent" mode just not tproxy mode

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl localnet src 66.78.96.0/19
acl localnet src 64.235.192.0/19
acl localnet src 72.0.192.0/19
acl localnet src 192.168.1.0/24
acl localnet src 192.168.254.0/24

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

hierarchy_stoplist cgi-bin ?

acl directurls url_regex -i "/etc/squid3/direct-urls"
cache deny directurls
cache deny localnet
always_direct allow directurls
always_direct allow localnet

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet http_access allow localhost http_access deny all
icp_access allow localnet
htcp_access allow localnet
icp_access deny all
htcp_access deny all
htcp_clr_access deny all
ident_lookup_access deny all

http_port 66.78.102.2:3128
http_port 66.78.102.2:3129 tproxy

cache_mgr support@xxxxxxxxxx

acl snmp snmp_community s64hf2
snmp_access allow snmp all

snmp_port 3401
snmp_incoming_address 192.168.1.8
snmp_outgoing_address 192.168.1.8

shutdown_lifetime 10 seconds
pid_filename /var/run/squid3.pid
mime_table /usr/share/squid3/mime.conf
icon_directory /usr/share/squid3/icons
error_directory /usr/share/squid3/errors/en
cache_effective_user proxy
ignore_unknown_nameservers on
dns_nameservers 66.78.99.4 66.78.99.5

max_open_disk_fds 0
cache_mem 1024 MB minimum_object_size 0 KB
maximum_object_size 4 GB
maximum_object_size_in_memory 512 KB
memory_replacement_policy heap LFUDA
cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95

quick_abort_min -1 KB
quick_abort_max 16 KB
quick_abort_pct 95
access_log /var/log/squid3/access.log squid
cache_log /var/log/squid3/cache.log
cache_store_log none

log_fqdn off
half_closed_clients off
server_persistent_connections on
client_persistent_connections on

ipcache_size 16384
ipcache_low 90
ipcache_high 95

fqdncache_size 8192
client_db off
pipeline_prefetch on
forwarded_for on

store_dir_select_algorithm least-load

cache_dir aufs /cache0/cache0 10000 16 256
cache_dir aufs /cache0/cache1 10000 16 256
cache_dir aufs /cache0/cache2 10000 16 256
cache_dir aufs /cache0/cache3 10000 16 256
cache_dir aufs /cache0/cache4 10000 16 256
cache_dir aufs /cache0/cache5 10000 16 256
cache_dir aufs /cache0/cache6 10000 16 256
cache_dir aufs /cache0/cache7 10000 16 256
cache_dir aufs /cache0/cache8 10000 16 256
cache_dir aufs /cache0/cache9 10000 16 256
cache_dir aufs /cache0/cache10 10000 16 256

cache_dir aufs /cache1/cache0 10000 16 256
cache_dir aufs /cache1/cache1 10000 16 256
cache_dir aufs /cache1/cache2 10000 16 256
cache_dir aufs /cache1/cache3 10000 16 256
cache_dir aufs /cache1/cache4 10000 16 256
cache_dir aufs /cache1/cache5 10000 16 256
cache_dir aufs /cache1/cache6 10000 16 256
cache_dir aufs /cache1/cache7 10000 16 256
cache_dir aufs /cache1/cache8 10000 16 256
cache_dir aufs /cache1/cache9 10000 16 256
cache_dir aufs /cache1/cache10 10000 16 256

cache_dir aufs /cache2/cache0 10000 16 256
cache_dir aufs /cache2/cache1 10000 16 256
cache_dir aufs /cache2/cache2 10000 16 256
cache_dir aufs /cache2/cache3 10000 16 256
cache_dir aufs /cache2/cache4 10000 16 256
cache_dir aufs /cache2/cache5 10000 16 256
cache_dir aufs /cache2/cache6 10000 16 256
cache_dir aufs /cache2/cache7 10000 16 256
cache_dir aufs /cache2/cache8 10000 16 256
cache_dir aufs /cache2/cache9 10000 16 256
cache_dir aufs /cache2/cache10 10000 16 256

cache_dir aufs /cache3/cache0 20000 16 256
cache_dir aufs /cache3/cache1 20000 16 256
cache_dir aufs /cache3/cache2 20000 16 256
cache_dir aufs /cache3/cache3 20000 16 256
cache_dir aufs /cache3/cache4 20000 16 256
cache_dir aufs /cache3/cache5 20000 16 256
cache_dir aufs /cache3/cache6 20000 16 256
cache_dir aufs /cache3/cache7 20000 16 256
cache_dir aufs /cache3/cache8 20000 16 256
cache_dir aufs /cache3/cache9 20000 16 256
cache_dir aufs /cache3/cache10 20000 16 256
cache_dir aufs /cache3/cache11 20000 16 256
cache_dir aufs /cache3/cache12 20000 16 256
cache_dir aufs /cache3/cache13 20000 16 256
cache_dir aufs /cache3/cache14 20000 16 256
cache_dir aufs /cache3/cache15 20000 16 256
cache_dir aufs /cache3/cache16 20000 16 256
cache_dir aufs /cache3/cache17 20000 16 256
cache_dir aufs /cache3/cache18 20000 16 256
cache_dir aufs /cache3/cache19 20000 16 256
cache_dir aufs /cache3/cache20 20000 16 256
cache_dir aufs /cache3/cache21 20000 16 256

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(iso|img|avi|wav|mp3|mp4|mpg|mpeg|swf|flv|x-flv|wma|wmv)$ 43200 90% 432000 override-expire ignore-no-cache ign refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf)$ 10080 90% 43200 override-expire ignore-no-cache ignore
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern . 0 40% 40320



Amos Jeffries wrote:
I am using squid 3.1.0.6

If I check the disk free while the cache is running I do not see any of
my cache directories incrementing at all.

Any ideas?

Okay, so much for the easy answer. We will have to see your config to tell
why its not caching.

Amos

Amos Jeffries wrote:
Jamie Orzechowski wrote:
Hi,

My post does not seem to be going to the list.  Wondering if you have
any ideas?

I think I have TPROXY working but running into some issues.
Checking my logs all my traffic shows up as a TCP_MISS
Squid 3.1.0.3? it has a storage problem that can show like this.


1236698452.579     79 66.78.98.194 TCP_MISS/200 542 GET
http://l1.zedo.com//log/p.gif? - DIRECT/72.247.244.10 image/gif
1236698452.634    293 66.78.98.194 TCP_MISS/200 4972 GET
http://blstb.msn.com/i/9B/DDD13A38CB8B34F4DFA3F7BFFF71.jpg -
DIRECT/192.221.114.124 image/jpeg
1236698452.878    100 66.78.98.194 TCP_MISS/200 1076 GET
http://h.foxsports.com/HG? - DIRECT/64.154.81.231 image/gif
1236698453.367    252 66.78.98.194 TCP_MISS/200 1368 GET
http://www.myinternetservices.com/live/visitor/index.php? -
DIRECT/72.232.167.111 image/gif
1236698454.087     13 66.78.98.194 TCP_MISS/200 812 GET
http://weyedata.pelmorex.com/WeatherEye/ObsData/CAON0090.xml -
DIRECT/207.96.160.37 text/xml
1236698455.251    116 66.78.98.194 TCP_MISS/200 1368 GET
http://www.myinternetservices.com/live/visitor/index.php? -
DIRECT/72.232.167.111 image/gif
1236698456.570   6451 66.78.98.194 TCP_MISS/200 45898 GET
http://www.facebook.com/profile.php? - DIRECT/69.63.176.140 text/html
1236698456.876     77 66.78.98.194 TCP_MISS/200 2765 GET
http://profile.ak.facebook.com/v227/2005/50/q638320646_36.jpg -
DIRECT/209.170.91.178 image/jpeg

My iptables is the following

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t mangle -N DIVERT
/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129
//
any idea why I am not getting any TCP_HITS? ...

Amos
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294


THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE,
IT MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION.
ANY UNAUTHORIZED DISCLOSURE IS STRICTLY PROHIBITED.
IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR,
PLEASE NOTIFY ME IMMEDIATELY SO THAT I MAY CORRECT MY
INTERNAL RECORDS.  PLEASE THEN DELETE THE ORIGINAL MESSAGE.
=-=-=-=-=-=-=-=-=-=-=-=-=






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux