Search squid archive

Re: not working tproxy in squid 3.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 3/19/2013 9:24 PM, Oleg wrote:

On Tue, Mar 19, 2013 at 08:49:25PM +0200, Eliezer Croitoru wrote:

Hey Oleg,

I want to understand couple things about the situation.
what is the problem? a memory leak?


   1 problem - memory leak;
   2 problem - tproxy doesn't work in squid 3.2.


I can think of a way you can configure squid to do cause them both.


How do you see the memory leak? and where?


   I just start squid, start top and wait about a hour when squid grow from
40MB to 800MB and kernel kills it.


The memory leak you are talking about is in a case of tproxy usage only?


   It's hard to say. I was run squid 3.2, with no working tproxy (as i wrote),
but with normal proxy on 3128 tcp port and it eat my memory too. So, tproxy
is configured, but not used.


what is the load of the proxy cache?
do you use it for filtering or just plain cache?


   Only for filtering.


on what environment?


   What do mean under environment?


ISP? OFFICE? HOME? ELSE...


the more details you can give on the scenario and point with your
finger on the problem I will be happy to assist us finding the
culprit.

What linux distro are you using?


   Debian 6 and also tried debian 7.
My opinion is that you dont need to test on 7 or do special tests but it helped us to understand the nature of the problem. 

Try to not use the filtering helper by using only defaults and tproxy.
and also try to use this script with trpoxy on port 3129 and http_port 127.0.0.1:3128 

##start of script
#!/bin/sh  -x
echo "loading modules requierd for the tproxy"
modprobe ip_tables
modprobe xt_tcpudp
modprobe nf_tproxy_core
modprobe xt_mark
modprobe xt_MARK
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_conntrack_ipv4
sysctl net.netfilter.nf_conntrack_acct
sysctl net.netfilter.nf_conntrack_acct=1
ip route flush table 100
ip rule del fwmark 1 lookup 100
ip rule add fwmark 1 lookup 100
ip -f inet route add local default dev lo table 100

echo "flushing any exiting rules"
iptables -t mangle -F
iptables -t mangle -X DIVERT

echo "creating rules"
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT

iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -s ___LAN____ -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --tproxy-mark 0x1/0x1 
##end of script


--
Eliezer Croitoru
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux