> Try define tcp_outgoing_address. > AFAIK I'm using squid 2.7 should define tcp_outgoing for tproxy > working properly. This is not 2.7. This is 3.1.0.x. Tproxy works very,very differently in 3.1. Amos > > Johan > > On Thu, Mar 12, 2009 at 6:31 AM, Jamie Orzechowski <admin@xxxxxxxxxx> > wrote: >> Here is the config ... it does work fine in "transparent" mode just not >> tproxy mode >> >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 >> acl to_localhost dst 127.0.0.0/8 >> >> acl localnet src 66.78.96.0/19 >> acl localnet src 64.235.192.0/19 >> acl localnet src 72.0.192.0/19 >> acl localnet src 192.168.1.0/24 >> acl localnet src 192.168.254.0/24 >> >> acl QUERY urlpath_regex cgi-bin \? >> cache deny QUERY >> >> hierarchy_stoplist cgi-bin ? >> >> acl directurls url_regex -i "/etc/squid3/direct-urls" >> cache deny directurls >> cache deny localnet >> always_direct allow directurls >> always_direct allow localnet >> >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl CONNECT method CONNECT >> >> http_access allow manager localhost >> http_access deny manager >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> http_access deny to_localhost >> http_access allow localnet http_access allow localhost http_access deny >> all >> icp_access allow localnet >> htcp_access allow localnet >> icp_access deny all >> htcp_access deny all >> htcp_clr_access deny all >> ident_lookup_access deny all >> >> http_port 66.78.102.2:3128 >> http_port 66.78.102.2:3129 tproxy >> >> cache_mgr support@xxxxxxxxxx >> >> acl snmp snmp_community s64hf2 >> snmp_access allow snmp all >> >> snmp_port 3401 >> snmp_incoming_address 192.168.1.8 >> snmp_outgoing_address 192.168.1.8 >> >> shutdown_lifetime 10 seconds >> pid_filename /var/run/squid3.pid >> mime_table /usr/share/squid3/mime.conf >> icon_directory /usr/share/squid3/icons >> error_directory /usr/share/squid3/errors/en >> cache_effective_user proxy >> ignore_unknown_nameservers on >> dns_nameservers 66.78.99.4 66.78.99.5 >> >> max_open_disk_fds 0 >> cache_mem 1024 MB minimum_object_size 0 KB >> maximum_object_size 4 GB >> maximum_object_size_in_memory 512 KB >> memory_replacement_policy heap LFUDA >> cache_replacement_policy heap LFUDA >> cache_swap_low 90 >> cache_swap_high 95 >> >> quick_abort_min -1 KB >> quick_abort_max 16 KB >> quick_abort_pct 95 >> access_log /var/log/squid3/access.log squid >> cache_log /var/log/squid3/cache.log >> cache_store_log none >> >> log_fqdn off >> half_closed_clients off >> server_persistent_connections on >> client_persistent_connections on >> >> ipcache_size 16384 >> ipcache_low 90 >> ipcache_high 95 >> >> fqdncache_size 8192 >> client_db off >> pipeline_prefetch on >> forwarded_for on >> >> store_dir_select_algorithm least-load >> >> cache_dir aufs /cache0/cache0 10000 16 256 >> cache_dir aufs /cache0/cache1 10000 16 256 >> cache_dir aufs /cache0/cache2 10000 16 256 >> cache_dir aufs /cache0/cache3 10000 16 256 >> cache_dir aufs /cache0/cache4 10000 16 256 >> cache_dir aufs /cache0/cache5 10000 16 256 >> cache_dir aufs /cache0/cache6 10000 16 256 >> cache_dir aufs /cache0/cache7 10000 16 256 >> cache_dir aufs /cache0/cache8 10000 16 256 >> cache_dir aufs /cache0/cache9 10000 16 256 >> cache_dir aufs /cache0/cache10 10000 16 256 >> >> cache_dir aufs /cache1/cache0 10000 16 256 >> cache_dir aufs /cache1/cache1 10000 16 256 >> cache_dir aufs /cache1/cache2 10000 16 256 >> cache_dir aufs /cache1/cache3 10000 16 256 >> cache_dir aufs /cache1/cache4 10000 16 256 >> cache_dir aufs /cache1/cache5 10000 16 256 >> cache_dir aufs /cache1/cache6 10000 16 256 >> cache_dir aufs /cache1/cache7 10000 16 256 >> cache_dir aufs /cache1/cache8 10000 16 256 >> cache_dir aufs /cache1/cache9 10000 16 256 >> cache_dir aufs /cache1/cache10 10000 16 256 >> >> cache_dir aufs /cache2/cache0 10000 16 256 >> cache_dir aufs /cache2/cache1 10000 16 256 >> cache_dir aufs /cache2/cache2 10000 16 256 >> cache_dir aufs /cache2/cache3 10000 16 256 >> cache_dir aufs /cache2/cache4 10000 16 256 >> cache_dir aufs /cache2/cache5 10000 16 256 >> cache_dir aufs /cache2/cache6 10000 16 256 >> cache_dir aufs /cache2/cache7 10000 16 256 >> cache_dir aufs /cache2/cache8 10000 16 256 >> cache_dir aufs /cache2/cache9 10000 16 256 >> cache_dir aufs /cache2/cache10 10000 16 256 >> >> cache_dir aufs /cache3/cache0 20000 16 256 >> cache_dir aufs /cache3/cache1 20000 16 256 >> cache_dir aufs /cache3/cache2 20000 16 256 >> cache_dir aufs /cache3/cache3 20000 16 256 >> cache_dir aufs /cache3/cache4 20000 16 256 >> cache_dir aufs /cache3/cache5 20000 16 256 >> cache_dir aufs /cache3/cache6 20000 16 256 >> cache_dir aufs /cache3/cache7 20000 16 256 >> cache_dir aufs /cache3/cache8 20000 16 256 >> cache_dir aufs /cache3/cache9 20000 16 256 >> cache_dir aufs /cache3/cache10 20000 16 256 >> cache_dir aufs /cache3/cache11 20000 16 256 >> cache_dir aufs /cache3/cache12 20000 16 256 >> cache_dir aufs /cache3/cache13 20000 16 256 >> cache_dir aufs /cache3/cache14 20000 16 256 >> cache_dir aufs /cache3/cache15 20000 16 256 >> cache_dir aufs /cache3/cache16 20000 16 256 >> cache_dir aufs /cache3/cache17 20000 16 256 >> cache_dir aufs /cache3/cache18 20000 16 256 >> cache_dir aufs /cache3/cache19 20000 16 256 >> cache_dir aufs /cache3/cache20 20000 16 256 >> cache_dir aufs /cache3/cache21 20000 16 256 >> >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 >> override-expire >> ignore-no-cache ignore-no-store ignore-private >> refresh_pattern -i >> \.(iso|img|avi|wav|mp3|mp4|mpg|mpeg|swf|flv|x-flv|wma|wmv)$ 43200 90% >> 432000 >> override-expire ignore-no-cache ign >> refresh_pattern -i >> \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf)$ >> 10080 90% 43200 override-expire ignore-no-cache ignore >> refresh_pattern -i \.index.(html|htm)$ 0 40% 10080 >> refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320 >> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 >> refresh_pattern . 0 40% 40320 >> >> >> >> Amos Jeffries wrote: >>>> >>>> I am using squid 3.1.0.6 >>>> >>>> If I check the disk free while the cache is running I do not see any >>>> of >>>> my cache directories incrementing at all. >>>> >>>> Any ideas? >>>> >>> >>> Okay, so much for the easy answer. We will have to see your config to >>> tell >>> why its not caching. >>> >>> Amos >>> >>> >>>> >>>> Amos Jeffries wrote: >>>> >>>>> >>>>> Jamie Orzechowski wrote: >>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> My post does not seem to be going to the list. Wondering if you >>>>>> have >>>>>> any ideas? >>>>>> >>>>>> I think I have TPROXY working but running into some issues. >>>>>> Checking my logs all my traffic shows up as a TCP_MISS >>>>>> >>>>> >>>>> Squid 3.1.0.3? it has a storage problem that can show like this. >>>>> >>>>> >>>>> >>>>>> >>>>>> 1236698452.579 79 66.78.98.194 TCP_MISS/200 542 GET >>>>>> http://l1.zedo.com//log/p.gif? - DIRECT/72.247.244.10 image/gif >>>>>> 1236698452.634 293 66.78.98.194 TCP_MISS/200 4972 GET >>>>>> http://blstb.msn.com/i/9B/DDD13A38CB8B34F4DFA3F7BFFF71.jpg - >>>>>> DIRECT/192.221.114.124 image/jpeg >>>>>> 1236698452.878 100 66.78.98.194 TCP_MISS/200 1076 GET >>>>>> http://h.foxsports.com/HG? - DIRECT/64.154.81.231 image/gif >>>>>> 1236698453.367 252 66.78.98.194 TCP_MISS/200 1368 GET >>>>>> http://www.myinternetservices.com/live/visitor/index.php? - >>>>>> DIRECT/72.232.167.111 image/gif >>>>>> 1236698454.087 13 66.78.98.194 TCP_MISS/200 812 GET >>>>>> http://weyedata.pelmorex.com/WeatherEye/ObsData/CAON0090.xml - >>>>>> DIRECT/207.96.160.37 text/xml >>>>>> 1236698455.251 116 66.78.98.194 TCP_MISS/200 1368 GET >>>>>> http://www.myinternetservices.com/live/visitor/index.php? - >>>>>> DIRECT/72.232.167.111 image/gif >>>>>> 1236698456.570 6451 66.78.98.194 TCP_MISS/200 45898 GET >>>>>> http://www.facebook.com/profile.php? - DIRECT/69.63.176.140 >>>>>> text/html >>>>>> 1236698456.876 77 66.78.98.194 TCP_MISS/200 2765 GET >>>>>> http://profile.ak.facebook.com/v227/2005/50/q638320646_36.jpg - >>>>>> DIRECT/209.170.91.178 image/jpeg >>>>>> >>>>>> My iptables is the following >>>>>> >>>>>> echo 1 > /proc/sys/net/ipv4/ip_forward >>>>>> /sbin/iptables -t mangle -N DIVERT >>>>>> /sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1 >>>>>> /sbin/iptables -t mangle -A DIVERT -j ACCEPT >>>>>> /sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT >>>>>> /sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY >>>>>> --tproxy-mark 0x1/0x1 --on-port 3129 >>>>>> // >>>>>> any idea why I am not getting any TCP_HITS? ... >>>>>> >>>>>> >>>>> >>>>> Amos >>>>> >>>> >>>> -- >>>> =-=-=-=-=-=-=-=-=-=-=-=-= >>>> Jamie Orzechowski - CCNA >>>> RipNET Ltd. System/Network Administrator >>>> Tel.: 613-342-3946 x294 >>>> >>>> >>>> THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE, >>>> IT MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION. >>>> ANY UNAUTHORIZED DISCLOSURE IS STRICTLY PROHIBITED. >>>> IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, >>>> PLEASE NOTIFY ME IMMEDIATELY SO THAT I MAY CORRECT MY >>>> INTERNAL RECORDS. PLEASE THEN DELETE THE ORIGINAL MESSAGE. >>>> =-=-=-=-=-=-=-=-=-=-=-=-= >>>> >>>> >>>> >>> >>> >>> >> >> >
