Since I have moved to a TProxy setup all my traffic is showing up as a TCP_MISS ... Without TProxy I see HIT's all over the place. Any ideas what is causing this?? Running the following IPTables: v1.4.3.2: Kernel: 2.6.28-11-server Squid Cache: Version 3.1.0.8 configure options: '--prefix=/usr' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid3' '--sysconfdir=/etc/squid3' '--enable-inline' '--enable-async-io=32' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-follow-x-forwarded-for' '--with-filedescriptors=65536' '--with-default-user=proxy' '--enable-linux-netfilter' --with-squid=/tmp/squid-3.1.0.8 --enable-ltdl-convenience TProxy setup with the following /usr/local/sbin/iptables -t mangle -N DIVERT /usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1 /usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 echo 1 > /proc/sys/net/ipv4/ip_forward ----------------------------------------------- Here is part of my config acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 66.78.96.0/19 acl localnet src 64.235.192.0/19 acl localnet src 72.0.192.0/19 acl localnet src 192.168.1.0/24 acl localnet src 192.168.254.0/24 hierarchy_stoplist cgi-bin ? acl directurls url_regex -i "/etc/squid3/direct-urls" cache deny localnet cache deny directurls always_direct allow directurls cache allow all acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow localnet http_access allow localhost http_access deny all icp_access allow localnet htcp_access allow localnet icp_access deny all htcp_access deny all htcp_clr_access deny all ident_lookup_access deny all http_port 66.78.102.2:3128 http_port 66.78.102.2:3129 tproxy refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(iso|img|avi|wav|mp3|mp4|mpg|mpeg|swf|flv|x-flv|wma|wmv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 40% 40320 -- =-=-=-=-=-=-=-=-=-=-=-=-= Jamie Orzechowski - CCNA RipNET Ltd. System/Network Administrator Tel.: 613-342-3946 x294 THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE, IT MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION. ANY UNAUTHORIZED DISCLOSURE IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE NOTIFY ME IMMEDIATELY SO THAT I MAY CORRECT MY INTERNAL RECORDS. PLEASE THEN DELETE THE ORIGINAL MESSAGE. =-=-=-=-=-=-=-=-=-=-=-=-=
