Re: [leaf-user] SQUID - IIS issues patch inclusion

2007-02-09 Thread Matthew Pozzi 
Eric, many thanks I believe it is this one

 http://devel.squid-cache.org/cgi-bin/diff2/pinning.patch?s2_5

Happy days, time to block all those nasty doubleclick advertisements,
MSN during school weeks, runescape and a host of other things unless
their marks pick up markedly!!

I will have to get all other sites that allow you to use MSN via a
webpage first before getting to excited, teenagers are far too cluey for
my liking.

Regards,
Matt

On Fri, 2007-02-09 at 08:52 +0100, Eric Spakman wrote:
 Hello Matt,
 
 I don't think it's patched into 2.5STABLE14 yet, but it should be no 
 problem to do that. Can you give me a link to the patch?
 
 Eric
 
 I run squid on my Leaf box in a transaprent proxy config with shorewall
 trapping all port 80 outbound traffic.
 
 There exists an issue with IIS (surprisingly) in that it does not play
 properly with proxy servers like squid. It can return a NTLM
 authentication request and squid as of 2.5STABLE5 does not have the
 patch to handle it. I noticed that they will be putting it into 2.6 but
 
 I wonder if its been patched into the Bering 3 squid (2.5STABLE14)
 package?
 
 If not, would it be at all possible to have this incorporated into the
 next package release to assist all us parents trying to have some
 control over where and what the children see? This particular problem is
 on her school intranet site that my daughter needs.
 
 With thanks,
 Matt 
 
 
 
 -
 Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job 
 easier.
 Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 
 
 -
 Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job easier.
 Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] SQUID - IIS issues patch inclusion

2007-02-09 Thread Eric Spakman 
Matt,

 Eric, many thanks I believe it is this one


 http://devel.squid-cache.org/cgi-bin/diff2/pinning.patch?s2_5

I have patched the 2.5STABLE14 source and will send you the new package in
a private mail for testing. Any idea if the patch is already part of the
2.6STABLE9 release?


 Happy days, time to block all those nasty doubleclick advertisements,
 MSN during school weeks, runescape and a host of other things unless
 their marks pick up markedly!!

 I will have to get all other sites that allow you to use MSN via a
 webpage first before getting to excited, teenagers are far too cluey for my
 liking.

:-)))


 Regards,
 Matt

Regards,
Eric


 On Fri, 2007-02-09 at 08:52 +0100, Eric Spakman wrote:

 Hello Matt,


 I don't think it's patched into 2.5STABLE14 yet, but it should be no
 problem to do that. Can you give me a link to the patch?

 Eric


 I run squid on my Leaf box in a transaprent proxy config with
 shorewall trapping all port 80 outbound traffic.

 There exists an issue with IIS (surprisingly) in that it does not
 play properly with proxy servers like squid. It can return a NTLM
 authentication request and squid as of 2.5STABLE5 does not have the
 patch to handle it. I noticed that they will be putting it into 2.6
 but

 I wonder if its been patched into the Bering 3 squid (2.5STABLE14)
 package?

 If not, would it be at all possible to have this incorporated into
 the next package release to assist all us parents trying to have some
 control over where and what the children see? This particular problem
 is on her school intranet site that my daughter needs.

 With thanks,
 Matt




 -
 
 Using Tomcat but need to do more? Need to support web services,
 security? Get stuff done quickly with pre-integrated technology to
 make your job easier. Download IBM WebSphere Application Server
 v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121
 642
 --
 --
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/



 ---
 --
 Using Tomcat but need to do more? Need to support web services,
 security? Get stuff done quickly with pre-integrated technology to make
 your job easier. Download IBM WebSphere Application Server v.1.0.1 based
 on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=12164
 2
 
  leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/



 -
  Using Tomcat but need to do more? Need to support web services,
 security? Get stuff done quickly with pre-integrated technology to make
 your job easier. Download IBM WebSphere Application Server v.1.0.1 based
 on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/





-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] SQUID - IIS issues patch inclusion

2007-02-08 Thread Matthew Pozzi 
I run squid on my Leaf box in a transaprent proxy config with shorewall
trapping all port 80 outbound traffic.

There exists an issue with IIS (surprisingly) in that it does not play
properly with proxy servers like squid. It can return a NTLM
authentication request and squid as of 2.5STABLE5 does not have the
patch to handle it. I noticed that they will be putting it into 2.6 but

I wonder if its been patched into the Bering 3 squid (2.5STABLE14)
package?

If not, would it be at all possible to have this incorporated into the
next package release to assist all us parents trying to have some
control over where and what the children see? This particular problem is
on her school intranet site that my daughter needs.

With thanks,
Matt 



-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Squid-2.lrp and jsp pages

2004-11-18 Thread Ed Tetz 
I am using Bering-uClibc with the Squid-2 package. Almost everything seems 
to be working, but if I goto a site that uses JSP pages (like 
www.gymboree.com), I get a long delay, followed by this error:

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.gymboree.com/
The following error was encountered:
Connection Failed
The system returned:
   (110) Connection timed out
The remote host or network may be down. Please try the request again.
Your cache administrator is webmaster.


Generated Thu, 18 Nov 2004 18:59:51 GMT by firewall (squid/2.5.STABLE5)
If I bypass the proxy, then the page works fine. I only seem to have 
problems with jsp pages, everythings else works fine. In an attempt to solve 
this problem, I have added the following to my squid conf file:

hierarchy_stoplist jsp asp
and
acl JSP_Pages urlpath_regex -i \.jsp$
http_access allow CONNECT JSP_Pages
and
acl Gym dstdomain .gymboree.com
no_cache deny Gym
But none of these lines suggested by results of Google searches have yeilded 
any success.

Has anybody else run into this problem with Squid? If so, what have you done 
to resolve it?

Cheers,
-edt

Edward Tetz
MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI
[EMAIL PROTECTED]

---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Squid-2

2004-10-28 Thread magolfi 
I've just tested SQUID-2.lrp pakage .
I spent several days to test it but I wasn't able to make it work.

in /var/logs/cache.log file I always get the following warning concerning
DNSSERVER :

Can't sun /usr/bin/dnsserver process

this message was repeted so many times like the total number of the child
dnsserver process set.
So i suspect that it's just a configuration problem , but i tried in many
different way to change my
configuration parameters but I still get the same problem : DNS doesn't
start .

starting dnsserver directly (not from squid ) it works , the dnsserver resolve
the names , if  I try to resolve :
www.gogle.com  i get back the related IP.

So !
anybody has experience concerning SQUID-2.lrp cofiguration ?

thank
Maurizio

__
Tiscali Adsl 2 Mega Free: naviga gratis tutto l'anno!
Supera tutti i limiti di velocita' con Tiscali Adsl 2 Mega Free.
Sei libero da costi fissi e, se ti abboni entro l'8 novembre,
navighi gratis tutto l'anno.
http://abbonati.tiscali.it/adsl/





---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Squid

2004-09-16 Thread Mike Noyes 
On Thu, 2004-09-09 at 17:03, Homer wrote:
   What, and where, is the latest squid package for Bering 1.2?

Homer,
The only squid package I know of that may work is the old package for
Oxygen. Be sure to test it first.

http://prdownloads.sourceforge.net/leaf/Oxygen_Mar.2001_pkg_packages.tar.gz?download

-- 
Mike Noyes mhnoyes at users.sourceforge.net
http://sourceforge.net/users/mhnoyes/
SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Squid

2004-09-09 Thread Homer 

What, and where, is the latest squid package for Bering 1.2?

-- 
Homer Parker

Bill Gates reports on security progress made and the challenges ahead.
-- Microsoft's Homepage, on the day an SQL Server bug crippled large
   sections of the Internet.



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] squid-2.lrp gone? uclibc incompatible? eek!

2004-01-17 Thread Sam Lander 
[I am new to the list, but have been using an LRP
or LEAF box for many years now. Many, many
thanks to everyone involved. I love it.]
From the archive, I see that the solution to the
/usr/sbin/squid: not found error is to *not* use
squid-2.lrp with the current (20040117) Bering
uclibc. Gosh.
I, like Tim Massey, only want to use squid to log
web access. Like him, I think that squid is probably
overkill, given the little foot print LEAF aims at
and the big footprint squid has (600kB bin, +logs,
+mem usage)
My options seem to be:
1. use tcpdump to store each passing port 80 GET
packet, then mawk and display the results. Not bad.
2. Fix squid. More work than I am after, in an area
that I am not familiar with. Maybe if the God of
Spare Time shines upon me then I will look at the
How To Build LEAF Packages pages.
3. Stop being such a busybody and get A Life. Best
option of all, I suspect.
However, I have a nagging doubt - that I really
want squid to be in place for other reasons. For
instance, traffic control (because of ISP bandwidth
limits) and the possibility of switching ON caching
easily later.
What is the likelyhood that squid-2.lrp for uclibc
will receive the attention of someone with more
skill than me anytime soon? Can I offer money, beer
or moral support to help it along?


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] squid-2.lrp on wisp 2470

2003-03-26 Thread Nicolas Cedraschi 
Hello everybody,

I tried to add the squid-2.lrp package out of the 
Oxygen_Mar.2001_pkg_packages tarball into a running wisp distribution 
(2470). The result was a segmentation fault and a unstable system.
Is there another package for squid working with wisp or is it just my 
configuration?

Thanks  regards



---
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] squid-2.lrp on wisp 2470

2003-03-19 Thread Nicolas Cedraschi 
Hello everybody,

I tried to add the squid-2.lrp package out of the 
Oxygen_Mar.2001_pkg_packages tarball into a running wisp distribution 
(2470). The result was a segmentation fault and a unstable system.
Is there another package for squid working with wisp or is it just my 
configuration?

Thanks  regards



---
This SF.net email is sponsored by: Does your code think in ink? 
You could win a Tablet PC. Get a free Tablet PC hat just for playing. 
What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] squid-2.lrp on wisp 2470

2003-03-19 Thread Jim TerWee 
I have used the squid package from Lince from 2493 forward and it works
great. They also have dansguardian in the distro.

 Hello everybody,

 I tried to add the squid-2.lrp package out of the
 Oxygen_Mar.2001_pkg_packages tarball into a running wisp distribution
 (2470). The result was a segmentation fault and a unstable system. Is
 there another package for squid working with wisp or is it just my
 configuration?

 Thanks  regards





-- 
Jim TerWee   | Our capacity for understanding is
[EMAIL PROTECTED]   | inversely proportional to how
Invisimax| much we think we know. The more I
 | know, the more I don't know!




---
This SF.net email is sponsored by: Does your code think in ink? 
You could win a Tablet PC. Get a free Tablet PC hat just for playing. 
What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Squid

2003-02-27 Thread Jan Johansson 
Someone said me, that using a RAM as cache of a proxy reduces the life
of
the RAM to two years. Is it true?

Whoever said that has no idea what they are talking about.




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Squid

2003-02-26 Thread Heriberto Höhlke 
Hello

Someone said me, that using a RAM as cache of a proxy reduces the life of
the RAM to two years. Is it true?
When I run squid en a Bering Box, it opens 18 squid and 5 dnsserver
processes. Is it normal?
23686 root   6352 S(squid)
 9198 root   6352 S(squid)
31611 root   6352 S(squid)
 2594 root   6352 S(squid)
15099 root   6352 S(squid)
25392 root   6352 S(squid)
24601 root   6352 S(squid)
 4909 root   6352 S(squid)
15289 root   6352 S(squid)
23633 root   6352 S(squid)
30299 root   6352 S(squid)
 4555 root   6352 S(squid)
  661 root   6352 S(squid)
  887 root   6352 S(squid)
12540 root   6352 S(squid)
 2384 root   6352 S(squid)
28901 root   6352 S(squid)
11511 root   6352 S(squid)
29810 nobody 1632 S(dnsserver)
22106 nobody 1476 S(dnsserver)
 7665 nobody 1836 S(dnsserver)
 2033 nobody  980 S(dnsserver)
29127 nobody 1476 S(dnsserver)

Regards
Heriberto


¡Internet GRATIS es Yahoo! Conexión!
Usuario yahoo, contraseña yahoo. 
Desde Buenos Aires, 4004-1010.
Otras ciudades: http://conexion.yahoo.com.ar/avanzados.html


---
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Squid

2003-02-26 Thread Peter Mueller 
 Someone said me, that using a RAM as cache of a proxy reduces 
 the life of
 the RAM to two years. Is it true?

I don't see how this can be true.

 When I run squid en a Bering Box, it opens 18 squid and 5 dnsserver
 processes. Is it normal?
 23686 root   6352 S(squid)
  9198 root   6352 S(squid)
.
 29810 nobody 1632 S(dnsserver)
 22106 nobody 1476 S(dnsserver)

I think these are configurable in your .conf files.

Guys : I haven't used Squid on LRP before, but I know on my home box I set
it to run as user : squid.  Squid should definitely not be run as root...

P


---
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Squid

2003-02-26 Thread Ray Olszewski 
At 05:35 PM 2/25/2003 -0300, Heriberto Höhlke wrote:
Hello

Someone said me, that using a RAM as cache of a proxy reduces the life of
the RAM to two years. Is it true?
No. I wonder if you were actually told that using a device like a 
DiskOnChip or a Sandisk memory card this way shortened its life. If so, 
that's probably true, since it is write cycles that ultimately limit the 
life of solid-state disk emulators of this sort (or at least it used to 
be). True RAM disks don't have this limitation.

When I run squid en a Bering Box, it opens 18 squid and 5 dnsserver
processes. Is it normal?
It's been awhile since I ran squid, but I recall that it routinely spawns a 
lot of children and keeps them around, so it can handle requests quickly 
(in much the way tha apache does). I don't know about the *specific* 
numbers you are seeing, but multiple processes are narutal for this sort of 
server.

[rest deleted]





---
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Squid and Bering

2002-05-20 Thread Mike Noyes 

On Sun, 2002-05-19 at 17:24, Shawn wrote:
 Does anyone know if there's a Squid package for Bering or if the squid.lrp
 package available for the other LEAF branches (e.g., Oxygen) is compatible
 with Bering?

Shawn,
There are a few squid packages listed here:

http://leaf-project.org/pub/packages-list.html

-- 
Mike Noyes [EMAIL PROTECTED]
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Hundreds of nodes, one monster rendering program.
Now that's a super model! Visit http://clustering.foundries.sf.net/



leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [Leaf-user] Squid package??

2001-12-14 Thread Ewald Wasscher 

Sergio Morilla wrote:

Dave

Thanks for the package and the dependecies info!!
Just one more question, I would like to move the cache to an HD I have
on the computer, is this a paremeter on squid.conf?

IIRC it's CacheDirectory. The manual at http://www.squid-cache.org/ will 
tell you if I was right.

Ewald Wasscher



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Squid package??

2001-12-14 Thread David Douthitt 

Ewald Wasscher wrote:
 
 Sergio Morilla wrote:

 Thanks for the package and the dependecies info!!
 Just one more question, I would like to move the cache to an HD I have
 on the computer, is this a paremeter on squid.conf?

 IIRC it's CacheDirectory. The manual at http://www.squid-cache.org/ will
 tell you if I was right.

You don't have to do that, though, necessarily:

Add a line something like this to /etc/fstab:

/dev/hda1  /var/spool/cache  ext2  defaults 1 2

...and then:

# mkdir /var/spool/cache
# squid -z

...and you're all set.  Then you just have to make sure that /etc/fstab
is restored on boot.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Squid redirect dachstein floppy

2001-12-12 Thread Charles Steinkuehler 

Kevin Kropf wrote:
  I am not that familiar with ipchains and was hoping for a little more
  detail.
  I put together the following command from the info on the squid FAQ:
  $IPCH -A input -p tcp -d 0/0 80 -j REDIRECT 3128
  However I am not sure what else is needed and where to put it in
  ipfilter.conf
 
  Thanks for any help on this.

Todd Pearsall replied:
 You can create a file in /etc named ipchains.input and add the command:
 ipchains -A input -p tcp -d 0/0 www -j REDIRECT 3128

 If you are worried about users bypassing the proxy you can add following
to
 block non-proxy web traffic
 ipchains -A input -i eth1 -d 0/0 www -j reject

 With those lines added type
 svi network ipfilter reload
 this will reload the rules including the ones in the /etc/ipchains.input
 file.

 Charles added the ipchains.input , ipchains.output and ipchains.forward
 cabability so you could extend the rules w/o editing the ipfilter.conf
 directly.

As Todd mentioned, the place for this rule is /etc/ipchains.input.  There
are a few other things to be aware of, however.  One big issue is the fact
that inbound connections to high ports (=1024) are allowed by the default
firewall rules.  In addition to configuring squid so it only answered
requests from internal network(s), I'd also want to block inbound connection
attemts to squid from the internet.  Port-scanners have taken to using
proxies (as well as zombies) to do their port-scanning dirty work for them,
and I'm sure you don't want that happening with your systems.

Anyway, start with a deny of any squid requests from the internet:
$IPCH -A input -p tcp -d 0/0 3128 -i $EXTERN_IF

If you're running (or port-forwarding) a web server from your LRP box, you
need rules to allow that traffic rather than redirecting it to squid.
For internal access to weblet, you need something like:
$IPCH -A input -j ACCEPT -p tcp -d $INTERN_IP www -i $INTERN_IF

For a publicly visible webserver, you need something like the following, due
to where the ipchains.input file rules get added to the overall rule-chain:
$IPCH -A input -j ACCEPT -p tcp -d $EX_IP www -i $EXTERN_IF

Finally, you can redirect all other web queries to your squid proxy:
$IPCH -A input -j REDIRECT 3128 -p tcp -d 0/0 www

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Squid package??

2001-12-12 Thread David Douthitt 

Todd Pearsall wrote:
 
 I grabbed it from the Oxygen packages, but I don't know and can't currently
 check what version it is.

It's the same one.

I've compiled Squid 2.4 STABLE3 to run under glibc 2.0; it should work
in any system.  I also compiled it with SNMP enabled.  It requires the
libm library, and libcrypt.  It does NOT need libnsl (I removed it...)

It's a big package - the squid binary (stripped) is about 477k, and the
compressed package is about 311k.

The cache will be at /usr/cache.

The package, if you want it, is at
http://leaf.sourceforge.net/pub/oxygen/packages/squid.lrp.  If you have
any problems, let me know.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Squid package??

2001-12-12 Thread Kevin Kropf 

I poked around a bit and found that the Oxygen version does not include
squidGuard.  How hard would it be to put up the latest version that includes
squidGuard?

Kevin


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David
Douthitt
Sent: Wednesday, December 12, 2001 10:30 AM
To: LEAF Users List
Subject: Re: [Leaf-user] Squid package??


Todd Pearsall wrote:

 I grabbed it from the Oxygen packages, but I don't know and can't
currently
 check what version it is.

It's the same one.

I've compiled Squid 2.4 STABLE3 to run under glibc 2.0; it should work
in any system.  I also compiled it with SNMP enabled.  It requires the
libm library, and libcrypt.  It does NOT need libnsl (I removed it...)

It's a big package - the squid binary (stripped) is about 477k, and the
compressed package is about 311k.

The cache will be at /usr/cache.

The package, if you want it, is at
http://leaf.sourceforge.net/pub/oxygen/packages/squid.lrp.  If you have
any problems, let me know.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Squid redirect dachstein floppy

2001-12-12 Thread Todd Pearsall 

On a related note, I was having problems after I started using squid on a
dachstein CD (default RAM disk size) on a P75 with 32MB of RAM.  After
installing squid it would work fine for a while and then I'd start
periodically seeing messages like:
  VM Process Killing: {different service name}
  VM Process Killing: {different service name}
  VM Process Killing: {different service name}

as services stopped.  The error message are from my memory so it may not be
exact, but should be close.  I assume this is the kernel killing processes
since it is low on virtual memory to keep the kernel from running out of VM
and crashing.  Anyone else running into this?  BTW, this is running as
proxy-only, no caching.

I also wanted to log squid to a remote machine but the usual syslog.conf *.*
#re.mo.te.ip didn't seem to work, no squid logs that I could find appeared
on there remote server.  Does squid not use the syslog daemon?

Thanks,
Todd

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Todd Pearsall
 Sent: Wednesday, December 12, 2001 8:49 AM
 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Leaf-User (E-mail)
 Subject: RE: [Leaf-user] Squid redirect dachstein floppy


 You can create a file in /etc named ipchains.input and add the command:
 ipchains -A input -p tcp -d 0/0 www -j REDIRECT 3128

 If you are worried about users bypassing the proxy you can add
 following to
 block non-proxy web traffic
 ipchains -A input -i eth1 -d 0/0 www -j reject


 With those lines added type
 svi network ipfilter reload
 this will reload the rules including the ones in the /etc/ipchains.input
 file.

 Charles added the ipchains.input , ipchains.output and ipchains.forward
 cabability so you could extend the rules w/o editing the ipfilter.conf
 directly.

 - Todd




  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Kropf
  Sent: Wednesday, December 12, 2001 1:18 AM
  To: [EMAIL PROTECTED]; Leaf-User (E-mail)
  Subject: RE: [Leaf-user] Squid redirect dachstein floppy
 
 
  I am not that familiar with ipchains and was hoping for a little more
  detail.
  I put together the following command from the info on the squid FAQ:
  $IPCH -A input -p tcp -d 0/0 80 -j REDIRECT 3128
  However I am not sure what else is needed and where to put it in
  ipfilter.conf
 
  Thanks for any help on this.
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of David
  Douthitt
  Sent: Tuesday, December 11, 2001 5:32 PM
  To: LEAF Users List
  Subject: Re: [Leaf-user] Squid redirect dachstein floppy
 
 
  Kevin Kropf wrote:
 
   I have Squid running on dachstein-rc2-1680.exe and would like
  to redirect
   all internal port 80 requests to the default Squid port of 3128
  on the LRP
   box.
  
   I have read through the archives and found very little of use.
  
   What is the best way to do this?
 
  This is in the Squid FAQ - in fact, it's an entire section (#17); go to
  the Squid home page at http://www.squid-cache.org/ .
 
  ___
  Leaf-user mailing list
  [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/leaf-user
 
 
  ___
  Leaf-user mailing list
  [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/leaf-user


 ___
 Leaf-user mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Squid package??

2001-12-12 Thread Kevin Kropf 

I do not know as I am new to squid etc...
It (squidGuard) was included in the squid-2.lrp I used and had instructions
on how to use it.  http://users.bart.nl/~nelemans/squid/squid.html
I assumed someone did the research and thought it best to do this.
What is your experience and opinion?
What is Squirm?

Thanks.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David
Douthitt
Sent: Wednesday, December 12, 2001 11:45 AM
To: LEAF Users List
Subject: Re: [Leaf-user] Squid package??


Kevin Kropf wrote:

 I poked around a bit and found that the Oxygen version does not include
 squidGuard.  How hard would it be to put up the latest version that
includes
 squidGuard?

squidGuard is a separate product.  It'll take some doing, since it
requires libdb.

Some questions though: why use squidGuard when you have the redirection
capabilities in Squid?  Why use squidGuard instead of Squirm?

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Squid redirect dachstein floppy

2001-12-12 Thread David Douthitt 

Todd Pearsall wrote:

 On a related note, I was having problems after I started using squid on a
 dachstein CD (default RAM disk size) on a P75 with 32MB of RAM.  After
 installing squid it would work fine for a while and then I'd start
 periodically seeing messages like:
   VM Process Killing: {different service name}
   VM Process Killing: {different service name}
   VM Process Killing: {different service name}
 
 as services stopped.  The error message are from my memory so it may not be
 exact, but should be close.  I assume this is the kernel killing processes
 since it is low on virtual memory to keep the kernel from running out of VM
 and crashing.  Anyone else running into this?  BTW, this is running as
 proxy-only, no caching.

Squid needs *LOTS* of memory and disk space.  I'd recommend you run with
64M at least, maybe more.  Remember, too, that unlike normal
distributions a major chunk of that 32M is used by the RAM disks, so
you're actually running on something like 16M or less for Squid to run
in.  Get more memory

 I also wanted to log squid to a remote machine but the usual syslog.conf *.*
 #re.mo.te.ip didn't seem to work, no squid logs that I could find appeared
 on there remote server.  Does squid not use the syslog daemon?

Use squid -s to log startups and shutdowns (and such like) to syslog. 
As for accesses, it's not currently possible.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Squid redirect dachstein floppy

2001-12-11 Thread David Douthitt 

Kevin Kropf wrote:

 I have Squid running on dachstein-rc2-1680.exe and would like to redirect
 all internal port 80 requests to the default Squid port of 3128 on the LRP
 box.
 
 I have read through the archives and found very little of use.
 
 What is the best way to do this?

This is in the Squid FAQ - in fact, it's an entire section (#17); go to
the Squid home page at http://www.squid-cache.org/ .

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Squid redirect dachstein floppy

2001-12-11 Thread Kevin Kropf 

I am not that familiar with ipchains and was hoping for a little more
detail.
I put together the following command from the info on the squid FAQ:
$IPCH -A input -p tcp -d 0/0 80 -j REDIRECT 3128
However I am not sure what else is needed and where to put it in
ipfilter.conf

Thanks for any help on this.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David
Douthitt
Sent: Tuesday, December 11, 2001 5:32 PM
To: LEAF Users List
Subject: Re: [Leaf-user] Squid redirect dachstein floppy


Kevin Kropf wrote:

 I have Squid running on dachstein-rc2-1680.exe and would like to redirect
 all internal port 80 requests to the default Squid port of 3128 on the LRP
 box.

 I have read through the archives and found very little of use.

 What is the best way to do this?

This is in the Squid FAQ - in fact, it's an entire section (#17); go to
the Squid home page at http://www.squid-cache.org/ .

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user