Search squid archive

Re: TProxy Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Try define tcp_outgoing_address.
AFAIK I'm using squid 2.7 should define tcp_outgoing for tproxy
working properly.

Johan

On Thu, Mar 12, 2009 at 6:31 AM, Jamie Orzechowski <admin@xxxxxxxxxx> wrote:
> Here is the config ... it does work fine in "transparent" mode just not
> tproxy mode
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
>
> acl localnet src 66.78.96.0/19
> acl localnet src 64.235.192.0/19
> acl localnet src 72.0.192.0/19
> acl localnet src 192.168.1.0/24
> acl localnet src 192.168.254.0/24
>
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
>
> hierarchy_stoplist cgi-bin ?
>
> acl directurls url_regex -i "/etc/squid3/direct-urls"
> cache deny directurls
> cache deny localnet
> always_direct allow directurls
> always_direct allow localnet
>
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> http_access allow localnet  http_access allow localhost http_access deny all
> icp_access allow localnet
> htcp_access allow localnet
> icp_access deny all
> htcp_access deny all
> htcp_clr_access deny all
> ident_lookup_access deny all
>
> http_port 66.78.102.2:3128
> http_port 66.78.102.2:3129 tproxy
>
> cache_mgr support@xxxxxxxxxx
>
> acl snmp snmp_community s64hf2
> snmp_access allow snmp all
>
> snmp_port 3401
> snmp_incoming_address 192.168.1.8
> snmp_outgoing_address 192.168.1.8
>
> shutdown_lifetime 10 seconds
> pid_filename /var/run/squid3.pid
> mime_table /usr/share/squid3/mime.conf
> icon_directory /usr/share/squid3/icons
> error_directory /usr/share/squid3/errors/en
> cache_effective_user proxy
> ignore_unknown_nameservers on
> dns_nameservers 66.78.99.4 66.78.99.5
>
> max_open_disk_fds 0
> cache_mem 1024 MB minimum_object_size 0 KB
> maximum_object_size 4 GB
> maximum_object_size_in_memory 512 KB
> memory_replacement_policy heap LFUDA
> cache_replacement_policy heap LFUDA
> cache_swap_low 90
> cache_swap_high 95
>
> quick_abort_min -1 KB
> quick_abort_max 16 KB
> quick_abort_pct 95
> access_log /var/log/squid3/access.log squid
> cache_log /var/log/squid3/cache.log
> cache_store_log none
>
> log_fqdn off
> half_closed_clients off
> server_persistent_connections on
> client_persistent_connections on
>
> ipcache_size 16384
> ipcache_low 90
> ipcache_high 95
>
> fqdncache_size 8192
> client_db off
> pipeline_prefetch on
> forwarded_for on
>
> store_dir_select_algorithm least-load
>
> cache_dir aufs /cache0/cache0 10000 16 256
> cache_dir aufs /cache0/cache1 10000 16 256
> cache_dir aufs /cache0/cache2 10000 16 256
> cache_dir aufs /cache0/cache3 10000 16 256
> cache_dir aufs /cache0/cache4 10000 16 256
> cache_dir aufs /cache0/cache5 10000 16 256
> cache_dir aufs /cache0/cache6 10000 16 256
> cache_dir aufs /cache0/cache7 10000 16 256
> cache_dir aufs /cache0/cache8 10000 16 256
> cache_dir aufs /cache0/cache9 10000 16 256
> cache_dir aufs /cache0/cache10 10000 16 256
>
> cache_dir aufs /cache1/cache0 10000 16 256
> cache_dir aufs /cache1/cache1 10000 16 256
> cache_dir aufs /cache1/cache2 10000 16 256
> cache_dir aufs /cache1/cache3 10000 16 256
> cache_dir aufs /cache1/cache4 10000 16 256
> cache_dir aufs /cache1/cache5 10000 16 256
> cache_dir aufs /cache1/cache6 10000 16 256
> cache_dir aufs /cache1/cache7 10000 16 256
> cache_dir aufs /cache1/cache8 10000 16 256
> cache_dir aufs /cache1/cache9 10000 16 256
> cache_dir aufs /cache1/cache10 10000 16 256
>
> cache_dir aufs /cache2/cache0 10000 16 256
> cache_dir aufs /cache2/cache1 10000 16 256
> cache_dir aufs /cache2/cache2 10000 16 256
> cache_dir aufs /cache2/cache3 10000 16 256
> cache_dir aufs /cache2/cache4 10000 16 256
> cache_dir aufs /cache2/cache5 10000 16 256
> cache_dir aufs /cache2/cache6 10000 16 256
> cache_dir aufs /cache2/cache7 10000 16 256
> cache_dir aufs /cache2/cache8 10000 16 256
> cache_dir aufs /cache2/cache9 10000 16 256
> cache_dir aufs /cache2/cache10 10000 16 256
>
> cache_dir aufs /cache3/cache0 20000 16 256
> cache_dir aufs /cache3/cache1 20000 16 256
> cache_dir aufs /cache3/cache2 20000 16 256
> cache_dir aufs /cache3/cache3 20000 16 256
> cache_dir aufs /cache3/cache4 20000 16 256
> cache_dir aufs /cache3/cache5 20000 16 256
> cache_dir aufs /cache3/cache6 20000 16 256
> cache_dir aufs /cache3/cache7 20000 16 256
> cache_dir aufs /cache3/cache8 20000 16 256
> cache_dir aufs /cache3/cache9 20000 16 256
> cache_dir aufs /cache3/cache10 20000 16 256
> cache_dir aufs /cache3/cache11 20000 16 256
> cache_dir aufs /cache3/cache12 20000 16 256
> cache_dir aufs /cache3/cache13 20000 16 256
> cache_dir aufs /cache3/cache14 20000 16 256
> cache_dir aufs /cache3/cache15 20000 16 256
> cache_dir aufs /cache3/cache16 20000 16 256
> cache_dir aufs /cache3/cache17 20000 16 256
> cache_dir aufs /cache3/cache18 20000 16 256
> cache_dir aufs /cache3/cache19 20000 16 256
> cache_dir aufs /cache3/cache20 20000 16 256
> cache_dir aufs /cache3/cache21 20000 16 256
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire
> ignore-no-cache ignore-no-store ignore-private
> refresh_pattern -i
> \.(iso|img|avi|wav|mp3|mp4|mpg|mpeg|swf|flv|x-flv|wma|wmv)$ 43200 90% 432000
> override-expire ignore-no-cache ign
> refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf)$
> 10080 90% 43200 override-expire ignore-no-cache ignore
> refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
> refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern . 0 40% 40320
>
>
>
> Amos Jeffries wrote:
>>>
>>> I am using squid 3.1.0.6
>>>
>>> If I check the disk free while the cache is running I do not see any of
>>> my cache directories incrementing at all.
>>>
>>> Any ideas?
>>>
>>
>> Okay, so much for the easy answer. We will have to see your config to tell
>> why its not caching.
>>
>> Amos
>>
>>
>>>
>>> Amos Jeffries wrote:
>>>
>>>>
>>>> Jamie Orzechowski wrote:
>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> My post does not seem to be going to the list.  Wondering if you have
>>>>> any ideas?
>>>>>
>>>>> I think I have TPROXY working but running into some issues.
>>>>> Checking my logs all my traffic shows up as a TCP_MISS
>>>>>
>>>>
>>>> Squid 3.1.0.3? it has a storage problem that can show like this.
>>>>
>>>>
>>>>
>>>>>
>>>>> 1236698452.579     79 66.78.98.194 TCP_MISS/200 542 GET
>>>>> http://l1.zedo.com//log/p.gif? - DIRECT/72.247.244.10 image/gif
>>>>> 1236698452.634    293 66.78.98.194 TCP_MISS/200 4972 GET
>>>>> http://blstb.msn.com/i/9B/DDD13A38CB8B34F4DFA3F7BFFF71.jpg -
>>>>> DIRECT/192.221.114.124 image/jpeg
>>>>> 1236698452.878    100 66.78.98.194 TCP_MISS/200 1076 GET
>>>>> http://h.foxsports.com/HG? - DIRECT/64.154.81.231 image/gif
>>>>> 1236698453.367    252 66.78.98.194 TCP_MISS/200 1368 GET
>>>>> http://www.myinternetservices.com/live/visitor/index.php? -
>>>>> DIRECT/72.232.167.111 image/gif
>>>>> 1236698454.087     13 66.78.98.194 TCP_MISS/200 812 GET
>>>>> http://weyedata.pelmorex.com/WeatherEye/ObsData/CAON0090.xml -
>>>>> DIRECT/207.96.160.37 text/xml
>>>>> 1236698455.251    116 66.78.98.194 TCP_MISS/200 1368 GET
>>>>> http://www.myinternetservices.com/live/visitor/index.php? -
>>>>> DIRECT/72.232.167.111 image/gif
>>>>> 1236698456.570   6451 66.78.98.194 TCP_MISS/200 45898 GET
>>>>> http://www.facebook.com/profile.php? - DIRECT/69.63.176.140 text/html
>>>>> 1236698456.876     77 66.78.98.194 TCP_MISS/200 2765 GET
>>>>> http://profile.ak.facebook.com/v227/2005/50/q638320646_36.jpg -
>>>>> DIRECT/209.170.91.178 image/jpeg
>>>>>
>>>>> My iptables is the following
>>>>>
>>>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>>> /sbin/iptables -t mangle -N DIVERT
>>>>> /sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
>>>>> /sbin/iptables -t mangle -A DIVERT -j ACCEPT
>>>>> /sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
>>>>> /sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
>>>>> --tproxy-mark 0x1/0x1 --on-port 3129
>>>>> //
>>>>> any idea why I am not getting any TCP_HITS? ...
>>>>>
>>>>>
>>>>
>>>> Amos
>>>>
>>>
>>> --
>>> =-=-=-=-=-=-=-=-=-=-=-=-=
>>> Jamie Orzechowski - CCNA
>>> RipNET Ltd. System/Network Administrator
>>> Tel.: 613-342-3946 x294
>>>
>>>
>>> THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE,
>>> IT MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION.
>>> ANY UNAUTHORIZED DISCLOSURE IS STRICTLY PROHIBITED.
>>> IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR,
>>> PLEASE NOTIFY ME IMMEDIATELY SO THAT I MAY CORRECT MY
>>> INTERNAL RECORDS.  PLEASE THEN DELETE THE ORIGINAL MESSAGE.
>>> =-=-=-=-=-=-=-=-=-=-=-=-=
>>>
>>>
>>>
>>
>>
>>
>
>
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux