Re: Re: [squid-users] Issues with Opensuse12.3 with squid
Okay, Please i would like to know how to update my squid to the version latest 3.4.4 so as to know if the versions 3.2.11 bugs were responsible for the issues am facing. Also please how do i add certain ports to the firewall to allow them be used? I have tried this a few times and was unsuccessful in the bid. It is a physical machine with 8Gb ram and 1Tb hard drive, its a Dell Optiplex 745 desktop core2duo with two (2) network interfaces. No i cant build. Couple things. 1. 3.2.11 is older then the current stable which is 3.4.4. 2. there were bugs between 3.4.4 and bugs that have been resolved. 3. it it is better to test the issue on 3.4.4 then 3.2.11 since there will be almost no support for it from the development team. As for debugging: I would start with free -m at the time of the slowdown. Also would see in the cache-mgr interface(ask if you have anything to ask) there is info menu. The info menu can show a lot of data which can help indicate the basic issue. The issue can be dns related network related memory related etc.. What helps in your case? is there anything that helps? a restart to the service itself? a restart to the machine? Is it a virtual machine or physical? I am working now on the new RPM for CentOS. it will not be 100% OpenSUSE compatible but I can try to build it for OpenSUSE later on and see if it goes smooth I will build it based on the SRPM of 13.X . Can you build squid from source on this machine? Eliezer On 03/25/2014 10:20 PM, Oluseyi Akinboboye wrote: The output i got is as follows: Squid Cache: Version 3.2.11 configure options: '--prefix=/usr' '--sysconfdir=/etc/squid' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var' '--libexecdir=/usr/sbin' '--datadir=/usr/share/squid' '--mandir=/usr/share/man' '--libdir=/usr/lib' '--sharedstatedir=/var/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-dl' '--enable-disk-io' '--enable-storeio' '--enable-removal-policies=heap,lru' '--enable-icmp' '--enable-delay-pools' '--enable-esi' '--enable-icap-client' '--enable-useragent-log' '--enable-referer-log' '--enable-kill-parent-hack' '--enable-arp-acl' '--enable-ssl' '--enable-forw-via-db' '--enable-cache-digests' '--enable-linux-netfilter' '--with-large-files' '--enable-underscores' '--enable-auth' '--enable-auth-basic' '--enable-auth-ntlm' '--enable-auth-negotiate' '--enable-auth-digest' '--enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group' '--enable-ntlm-fail-open' '--enable-s tacktrace s' '--enable-x-accelerator-vary' '--with-default-user=squid' '--disable-ident-lookups' '--enable-follow-x-forwarded-for' 'CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fPIE -fPIC -DOPENSSL_LOAD_CONF' 'LDFLAGS=-Wl,-z,relro,-z,now -pie' 'CXXFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fPIE -fPIC -DOPENSSL_LOAD_CONF'
Re: Re: [squid-users] Issues with Opensuse12.3 with squid
Thank you for your response. But already we have ACL on the squid and also on the mikrotik we have a series f permitted users who have access to these ports so opening them should not really be a problem. When i mean slow i mean that the pages being fetched from the cache considerablely slow down! i have restarted it this morning now and would like to watch it handle requests over peak periods and will report back to you. But please would like to know how to update my version of squid from 3.2.11 to the current 3.4.4 I would appreciate it if you would tell me in layman's ters how to do so. Thanks Hello, I am using a Opensuse12.3 with squid as a gateway squid though its not transparent! I would like to know how to do the following 1. Allow the following port have access in the network; ports 25, 110, 465, 995 and other specific ports required for specific mail servers to work. Two problems with this. 1) Squid is an HTTP proxy not an email server. 2) Opening these ports in any way through Squid turns it into an open proxy and permits spamming or other email abuse through your server. 2. The squid seems to slow down after a few hours on the job; although there are a few clients on transparent and a few on non-transparent proxies here! Is there any script or such that will make the squid box refresh itself every few hours or so? What? please define slow. 3. The clients who are not using the proxy are doing so due to the fact that they wont be able to pull and or push their emails due to firewall restrictions from the squid! Squid is not a firewall. Check the actual firewall settings on the box Squid is running on. Perhapse that is what is getting in their way. 4. After a few days can we release the contents of the squid so as not to have a filled up squid? What contents and why? Amos
Re: Re: [squid-users] Issues with Opensuse12.3 with squid
Back up your squid config file or any other associated files with custom info before stopping and uninstalling the old squid. Someone suggested copying the running squid binary too. Follow the steps below * This is assuming you are using the CLI * This is no official guide I am not responsible for any consequences - Log-in as root - Type yast2 - Go to Software repositories - Select Add. Choose links (from http://en.opensuse.org/Package_repositories) add appropriately - Make sure the repos you have added are enabled select Ok - Use YAST to reinstall and it should then be able to find the latest version available Good luck. # Edmonds On Wed, Mar 26, 2014 at 2:43 PM, Edmonds Namasenda namase...@gmail.com wrote: Back up your squid config file or any other associated files with custom info before stopping and uninstalling the old squid. Someone suggested copying the running squid binary too. Follow the steps below * This is assuming you are using the CLI * This is no official guide I am not responsible for any consequences - Log-in as root - Type yast2 - Go to Software repositories - Select Add. Choose links (from http://en.opensuse.org/Package_repositories) add appropriately - Make sure the repos you have added are enabled select Ok - Use YAST to reinstall and it should then be able to find the latest version available Good luck. # Edmonds On Wed, Mar 26, 2014 at 9:26 AM, Oluseyi Akinboboye seyiakinbob...@gmail.com wrote: Thank you for your response. But already we have ACL on the squid and also on the mikrotik we have a series f permitted users who have access to these ports so opening them should not really be a problem. When i mean slow i mean that the pages being fetched from the cache considerablely slow down! i have restarted it this morning now and would like to watch it handle requests over peak periods and will report back to you. But please would like to know how to update my version of squid from 3.2.11 to the current 3.4.4 I would appreciate it if you would tell me in layman's ters how to do so. Thanks Hello, I am using a Opensuse12.3 with squid as a gateway squid though its not transparent! I would like to know how to do the following 1. Allow the following port have access in the network; ports 25, 110, 465, 995 and other specific ports required for specific mail servers to work. Two problems with this. 1) Squid is an HTTP proxy not an email server. 2) Opening these ports in any way through Squid turns it into an open proxy and permits spamming or other email abuse through your server. 2. The squid seems to slow down after a few hours on the job; although there are a few clients on transparent and a few on non-transparent proxies here! Is there any script or such that will make the squid box refresh itself every few hours or so? What? please define slow. 3. The clients who are not using the proxy are doing so due to the fact that they won’t be able to pull and or push their emails due to firewall restrictions from the squid! Squid is not a firewall. Check the actual firewall settings on the box Squid is running on. Perhapse that is what is getting in their way. 4. After a few days can we release the contents of the squid so as not to have a filled up squid? What contents and why? Amos
[squid-users] Re: How to authorize SMTP and POP3 on SQUID
Squid has nothing to do with SMTP or POP or IMAP etc. squid works on different ports (look at http_port in squid.conf). Check your firewall settings to allow port 25/110 for email. Or check postfix etc. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/How-to-authorize-SMTP-and-POP3-on-SQUID-tp4665342p4665343.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] cachemgr delay_pools report meaning?
Hi. I have delay_pools working on squid, could some one explain me the meaning of this info, in specific the individual data, the aggregate is clear. Delay pools configured: 1 Pool: 1 Class: 3 Aggregate: Max: 875 Restore: 875 Current: 8104827 Network: Disabled. Individual: Max: 375000 Restore: 375000 Current [Network 2]: 208:375000 164:375000 42:276702 72:375000 30:375000 56:375000 214:246856 20:375000 70:375000 206:375000 144:375000 100:145638 196:375000 82:375000 160:375000 120:375000 98:375000 106:375000 152:375000 190:375000 142:375000 198:375000 110:375000 24:374496 200:375000 58:375000 80:375000 84:375000 182:375000 88:375000 204:375000 28:375000 116:375000 38:375000 26:375000 22:375000 124:375000 114:375000 150:375000 12:375000 184:375000 186:375000 6:375000 40:375000 216:375000 170:375000 180:375000 86:375000 188:375000 76:375000 212:375000 210:375000 34:375000 74:375000 140:375000 122:375000 48:375000 8:375000 172:375000 154:375000 104:375000 178:375000 13:375000 90:375000 162:375000 18:375000 2:375000 60:375000 218:375000 62:375000 Current [Network 0]: 0:375000 207:375000 54:375000 52:375000 50:375000 1:375000 Current [Network 4]: 103:375000 3:375000 104:375000 Current [Network 3]: 100:375000 1:186135 Current [Network 1]: 200:375000 Current [Network 5]: 5:375000 1:375000 Current [Network 10]: 20:375000 Memory Used: 3656 bytes Thanks.
Re: [squid-users] qos_flow.
On Mon, Mar 24, 2014 at 7:00 PM, Amos Jeffries squ...@treenet.co.nz wrote: On 25/03/2014 1:26 p.m., Beto Moreno wrote: Hi. Trying to understand squid qos_flows feature, I had been reading a lot, but hadn't found any specific info/howto with clarify examples. How can I use qos_flows in my fw? qos_flows tag the packets delivered to clients containing HTTP responses. Squid 3.2 and later can label them with TOS/DiffServ (for between-machine labelling) or Linux MARK (for within-machine labelling). Older Squid are limited to TOS values. http://www.squid-cache.org/Doc/config/qos_flows/ http://wiki.squid-cache.org/Features/QualityOfService I had try delay_pools, now I want to learn this other feature. Anyone with a example for a noob willl be appreciated. Working with squid 3.1.x, thanks. 3.1 can do most of what is documented, but is limited to TOS values and without the preserve-miss and miss=X functionality. Amos Sorry Amos, I still don't understand this, this is totally new for me, still reading to see how to use this feature. Once I setup squid example with; qos_flows local-hit=0x30 What is going to happen?
Re: [squid-users] Issues with Opensuse12.3 with squid
On 03/25/2014 10:20 PM, Oluseyi Akinboboye wrote: The output i got is as follows: Squid Cache: Version 3.2.11 configure options: '--prefix=/usr' '--sysconfdir=/etc/squid' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var' '--libexecdir=/usr/sbin' '--datadir=/usr/share/squid' '--mandir=/usr/share/man' '--libdir=/usr/lib' '--sharedstatedir=/var/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-dl' '--enable-disk-io' '--enable-storeio' '--enable-removal-policies=heap,lru' '--enable-icmp' '--enable-delay-pools' '--enable-esi' '--enable-icap-client' '--enable-useragent-log' '--enable-referer-log' '--enable-kill-parent-hack' '--enable-arp-acl' '--enable-ssl' '--enable-forw-via-db' '--enable-cache-digests' '--enable-linux-netfilter' '--with-large-files' '--enable-underscores' '--enable-auth' '--enable-auth-basic' '--enable-auth-ntlm' '--enable-auth-negotiate' '--enable-auth-digest' '--enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group' '--enable-ntlm-fail-open' '--enable-s tacktrace s' '--enable-x-accelerator-vary' '--with-default-user=squid' '--disable-ident-lookups' '--enable-follow-x-forwarded-for' 'CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fPIE -fPIC -DOPENSSL_LOAD_CONF' 'LDFLAGS=-Wl,-z,relro,-z,now -pie' 'CXXFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fPIE -fPIC -DOPENSSL_LOAD_CONF' OK so I have built OpenSUSE RPM based on the latest build with a tiny patch to remove the need for gpg signature test and usage of xz package instaed of bz squid. I will test it later on but for now I am doing a small test. If you can share your squid.conf removing confidential information it will help to consider couple things. The RPM will be at http://www1.ngtech.co.il/rpm/opensuse/12.1/i586/ in less then an hour. Eliezer
[squid-users] Will a Shared cache_dir? Will it be possible to use shared cache_dir or some share backend like a DB with squid?
I have been wondering about the need of a shared cache_dir. In squid the development of a cluster is kind of uses ICP and HTCP to dispose the need of a shared cache_dir by using a\the cluster as a backend for the whole data. If someone have a nice idea\example to demonstrate it I am looking for one. Eliezer
Re: [squid-users] qos_flow.
On 27/03/2014 9:45 a.m., Beto Moreno wrote: On Mon, Mar 24, 2014 at 7:00 PM, Amos Jeffries squ...@treenet.co.nz wrote: On 25/03/2014 1:26 p.m., Beto Moreno wrote: Hi. Trying to understand squid qos_flows feature, I had been reading a lot, but hadn't found any specific info/howto with clarify examples. How can I use qos_flows in my fw? qos_flows tag the packets delivered to clients containing HTTP responses. Squid 3.2 and later can label them with TOS/DiffServ (for between-machine labelling) or Linux MARK (for within-machine labelling). Older Squid are limited to TOS values. http://www.squid-cache.org/Doc/config/qos_flows/ http://wiki.squid-cache.org/Features/QualityOfService I had try delay_pools, now I want to learn this other feature. Anyone with a example for a noob willl be appreciated. Working with squid 3.1.x, thanks. 3.1 can do most of what is documented, but is limited to TOS values and without the preserve-miss and miss=X functionality. Amos Sorry Amos, I still don't understand this, this is totally new for me, still reading to see how to use this feature. Once I setup squid example with; qos_flows local-hit=0x30 What is going to happen? The packets returned by Squid to the client for all responses logged as TCP_HIT or TCP_MEM_HIT etc should be marked with TOS value 0x30. Amos
[squid-users] refresh_pattern defaults
Hi guys, I've been searching for a while and could not find the answer to the 'refresh_pattern' default values if they're NOT defined in the configuration. On the config website it mentions none which I don't understand, because in order to calculate this: How does Squid decide when to refresh a cached object if (EXPIRES) { if (EXPIRES = NOW) return STALE else return FRESH } if (CLIENT_MAX_AGE) if (OBJ_AGE CLIENT_MAX_AGE) return STALE if (OBJ_AGE CONF_MAX) return STALE if (OBJ_DATE OBJ_LASTMOD) { if (LM_FACTOR CONF_PERCENT) return FRESH else return STALE } if (OBJ_AGE = CONF_MIN) return FRESH return STALE (taken from http://wiki.squid-cache.org/SquidFaq/InnerWorkings#How_does_Squid_decide_when_to_refresh_a_cached_object.3F) We need the refresh_pattern config values? I'm at a loss, have asked a good few linux friends etc using squid for a while with no good reply. Technical details: OS: Debian 6 Package installed: 3.1.6-1.2+squeeze2 Any ideas? Cheers guys! -- Thomas Gross
Re: [squid-users] cachemgr delay_pools report meaning?
On 27/03/2014 5:40 a.m., Beto Moreno wrote: Hi. I have delay_pools working on squid, could some one explain me the meaning of this info, in specific the individual data, the aggregate is clear. Delay pools configured: 1 Pool: 1 Class: 3 Aggregate: Max: 875 Restore: 875 Current: 8104827 Network: Disabled. Individual: Max: 375000 Restore: 375000 The above mean the same as in above. The below is a list of the individual client IPs which are known and how much each has in its pool. Current [Network 2]: network 2 means IPs in range X.Y.2.0/24 208:375000 164:375000 42:276702 72:375000 Each of these is the final octet of the IP address and the pool size. ie. client IPs *.*.2.208, *.*.2.164, and *.*.2.172 each have 375000 bytes available. Meaning they have not used any this second. client IP *.*.2.42 has used some traffic this second and now only has 276702 bytes available. ... and so on for the network 2 IP addresses... 30:375000 56:375000 214:246856 20:375000 70:375000 206:375000 144:375000 100:145638 196:375000 82:375000 160:375000 120:375000 98:375000 106:375000 152:375000 190:375000 142:375000 198:375000 110:375000 24:374496 200:375000 58:375000 80:375000 84:375000 182:375000 88:375000 204:375000 28:375000 116:375000 38:375000 26:375000 22:375000 124:375000 114:375000 150:375000 12:375000 184:375000 186:375000 6:375000 40:375000 216:375000 170:375000 180:375000 86:375000 188:375000 76:375000 212:375000 210:375000 34:375000 74:375000 140:375000 122:375000 48:375000 8:375000 172:375000 154:375000 104:375000 178:375000 13:375000 90:375000 162:375000 18:375000 2:375000 60:375000 218:375000 62:375000 Current [Network 0]: 0:375000 207:375000 54:375000 52:375000 50:375000 1:375000 Current [Network 4]: 103:375000 3:375000 104:375000 Current [Network 3]: 100:375000 1:186135 Current [Network 1]: 200:375000 Current [Network 5]: 5:375000 1:375000 Current [Network 10]: 20:375000 Memory Used: 3656 bytes AFAIK this is the amount of memory used by the pool tracking state. All those counters and the hashes used to hold them. Amos
[squid-users] unsubscript
Re: [squid-users] refresh_pattern defaults
On 27/03/2014 3:30 p.m., Thomas wrote: Hi guys, I've been searching for a while and could not find the answer to the 'refresh_pattern' default values if they're NOT defined in the configuration. On the config website it mentions none which I don't understand, because in order to calculate this: How does Squid decide when to refresh a cached object if (EXPIRES) { if (EXPIRES = NOW) return STALE else return FRESH } if (CLIENT_MAX_AGE) if (OBJ_AGE CLIENT_MAX_AGE) return STALE if (OBJ_AGE CONF_MAX) return STALE if (OBJ_DATE OBJ_LASTMOD) { if (LM_FACTOR CONF_PERCENT) return FRESH else return STALE } if (OBJ_AGE = CONF_MIN) return FRESH return STALE (taken from http://wiki.squid-cache.org/SquidFaq/InnerWorkings#How_does_Squid_decide_when_to_refresh_a_cached_object.3F) We need the refresh_pattern config values? I'm at a loss, have asked a good few linux friends etc using squid for a while with no good reply. The above algorithm uses the server HTTP response header values as primary source of input parameters. The refresh_pattern directive is just a way to provide default input parameters for the algorithm in the event that the server response omitted any or all of them. Squid is hard-coded with default algorithm parameters which are expected to store things for up to 3 days in the event that refresh_pattern is omitted from the config file entirely AND the server response provides no values. Amos
Re: [squid-users] unsubscript
On 27/03/2014 3:36 p.m., syaifuddin wrote: Hi syaifuddin, Please see the instructions at http://www.squid-cache.org/Support/mailing-lists.html#squid-users for how to unsubscribe from the mailing list. HTH Amos
Re: [squid-users] unsubscript
On 27/03/2014 3:36 p.m., syaifuddin wrote: Hi syaifuddin, Please see the instructions at http://www.squid-cache.org/Support/mailing-lists.html#squid-users for how to unsubscribe from the mailing list. HTH Amos