Hi again, 2010/1/6 Felipe W Damasio <felipewd@xxxxxxxxx>: > I'm new to this list, but checked the archives a lot before asking this. > I'm trying to get squid-3.1 up and running with TProxy 4.1 on an ISP network. > My setup is working correctly when only a few users are connected to > the users VLAN. The users can browse and TProxy works. > But when I plug in the router with all the users (around 60000), > squid doesn't respond anymore. Just so you guys know, I'm compiling squid with: ./configure --enable-async-io --enable-icmp --enable-useragent-log --enable-snmp --enable-cache-digests --enable-follow-x-forwarded-for --enable-storeio=aufs --enable-removal-policies=heap,lru --enable-epoll --enable-http-violations --with-maxfd=1000000 --enable-linux-netfilter Besides following exactly what the TProxy wiki told me, the only other thing I had to do in order to get TProxy to work was these: echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter But again, it works when a few clients are connected, when the CMTS (cable modem router) kicks in, everything goes to hell. Oh, and even the clients that were already working stop working. Nothing gets through! I tried to log the iptables rules to see if it really sees the traffic, and got a lot of: Jan 6 11:24:58 hyper kernel: iptables IN=eth0 OUT= MAC=00:ea:01:02:7b:a2:00:21:a0:ce:9d:24:08:00 SRC=189.58.247.199 DST=64.233.163.103 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=13252 DF PROTO=TCP SPT=1388 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x1 Jan 6 11:24:58 hyper kernel: iptables IN=eth0 OUT= MAC=00:ea:01:02:7b:a2:00:21:a0:ce:9d:24:08:00 SRC=189.58.246.108 DST=65.54.48.74 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=17259 DF PROTO=TCP SPT=42895 DPT=80 WINDOW=216 RES=0x00 ACK FIN URGP=0 MARK=0x1 This could/should be a squid problem, then, right? Or is there a proc entry somewhere that could be screwing with me? I can post the /proc entries if it would help you guys to help me :-) Thanks, Felipe Damasio
