[squid-users] Best load balancing switch for transparent Squid
Hi all, Hope all of you are doing fine. I am not sure if this is the right list to post the following question. I just wanted to know which is the best load balancing switch for transparent caching in Squid? Basically, I would like to have some information on a L4 switch with at least 8 gigabit copper ports. Refurbished or some end of life switch will do. Thanks.. Best regards, Tek Bahadur Limbu
Re: [squid-users] Squid startup scripts.
Hi Dave,
Dave Coventry wrote:
Hi,
Still battling to get Squid up and running...
I have installed Squid3.0 from source into /usr/local/squid.
However, there is no startup script to place into /etc/init.d/
Surely it's not simply a case of placing the following into a file
called squid, making it executable, update-rc, etc?
#!/bin/sh
start () {
/usr/local/squid/sbin/squid
}
Try:
vi /etc/init.d/squid
#!/bin/sh
echo -n ' Squid '
case "$1" in
start)
/usr/local/squid/sbin/squid -D
;;
stop)
/usr/local/squid/sbin/squid -k shutdown
;;
restart)
/usr/local/squid/sbin/squid -k reconfigure
;;
*)
echo "Usage: `basename $0` {start|stop|restart}"
;;
esac
Hope that helps.
Thanking you...
--
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
http://teklimbu.wordpress.com
Re: [squid-users] Squid SNMP Err: [Timeout: No Response from host], Squid 2.6-STABLE6
Hi Serg, Serg A. Androsov wrote: Hello there, Squid 2.6-STABLE6 CentOS 5 (2.6.18-8.el5xen #1 SMP x86_64 x86_64 x86_64 GNU/Linux) Trying to solve some trouble. I get " 172.16.3.1:3401" error. Here it is snmp config in squid.conf ... acl snmpbsu snmp_community xx acl admins snmp_port 3401 snmp_access allow snmpbsu localhost snmp_access allow snmpbsu admins snmp_access deny all Try running it locally first: acl snmpbsu snmp_community snmpsecret acl admins src 192.168.0.0/24 snmp_port 3401 snmp_access allow snmpbsu localhost snmp_access allow snmpbsu admins snmp_access deny all #/usr/bin/snmpwalk -m /etc/squid/mib.txt -c snmpsecret -v1 localhost:3401 .1.3.6.1.4.1.3495.1 Hope that helps. Thanking you... snmp_incoming_address 172.16.3.1 #here it is internal proxy interface. snmp_outgoing_address 255.255.255.255 ... How it's trying (from localhost): #/usr/bin/snmpwalk -v 1 -m /etc/squid/mib.txt -c xx 172.16.3.1:3401 .1.3.6.1.4.1.3495.1 Timeout: No Response from 172.16.3.1:3401 Also try to use version 2c protocol. SNMP is listening the port. [EMAIL PROTECTED] squid]# netstat -an | grep 3401 udp0 0 172.16.3.1:3401 0.0.0.0:* [EMAIL PROTECTED] squid]# /sbin/iptables -n -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) ...skipped ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:3401 ...skipped also trying to stop iptables service Where am I wrong? --- Serj. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Cache for mp3 and ogg in memory...
Hi Adrian, Adrian Chadd wrote: Hi, I'd first give ZFS a shot - either through opensolaris or FreeBSD. It has slightly saner memory caching logic (which eats RAM for breakfast mind you) that may suit this workload a little better. Since you mentioned ZFS, I have been thinking for some time now about deploying a Squid box with a ZFS cache either on a single drive or a separate drive. Thats probably a smarter move than trying to squeeze a HTTP proxy inline just yet. :) Do you think that this ZFS file system scales better than current file systems if used for caching such as Squid? Do you have any statistics? Thanking you... adrian On Sat, Jan 19, 2008, Michelle Konzack wrote: Hello, I have killed a hardisk (160 GByte) again because to heavy traffic of "gnump3d". The problem is, that the "natural" caching of linux does not work, even if I have only arround 700 MByte of songs I hear all the time and the installed memory is 2 GByte. The access of gnump3d on the harddisk is very heavy, specialy if more then 4 clients use it the same time... -- and the Media-Server is working 24/7 and use already a Hardware Raid-1 with HotFix! What I like to do is to cache those files in a Ramdisk of 1 GByte and like to use squid-cache to do the "administration" of it, exactly, I want to CACHE and HOLD files with following rules: 1. most heared songs with highest priority (e.g. songs which are heared more then 20 times a week should never removed from cache) 2. if ram-disk-space is availlable all other songs and of course, the cached files should never expire... (the Media-Server is connected to a "bigger" 3000VA APC-Smart-UPS) Note 1: Since 1 GByte memories (DDR400) are availlable under 40 Euro I can add a third module... Can this be done with squid? Note 2: My Idea was already to put the "always heared" songs on a Infineon CF-Card of 8 GByte (arround 88 Euro) which is definitivly cheaper as replacing all 12 month a harddisk. Ideas? Thanks, Greetings and nice Day Michelle Konzack Tamay Dogan Network -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] squid 3.0 stable
Hi Peng, J. Peng wrote: We have the plan to upgrade all our squid from 2.6 to 3.0 Is squid 3.0 stable really now? I don't wish it get coredump or something like that in later days. The best bet is to install 3.0 in one of your servers and monitor it. Thanks! -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] storeDiskdSend OPEN: (35) Resource temporarily unavailable
Hi Monah, Monah Baki wrote: Hi all, I'm running squid 2.6-stable17 on Freebsd 6.3. Machine is a 500MHz with 512MB RAM. Don't you think that your system is a little low on resources even for a low number of users? ./configure --prefix=/usr/local/squid --enable-storeio=ufs,coss,diskd,null --enable-underscores --with-large-files --enable-large-cache-files --enable-delay-pools --disable-ident-lookups --enable-snmp --enable-cache-digests --enable-underscores --enable-kill-parent-hack --enable-removal-policies --enable-async-io --enable-kqueue --enable-follow-x-forwarded-for I think it's better to use "--enable-storeio=ufs,aufs,coss,diskd,null" and remove "--enable-async-io". I just have squid displaying the following error message: 2008/01/20 18:24:15| storeDiskdSend OPEN: (35) Resource temporarily unavailable 2008/01/20 18:24:15| storeDiskdSend: msgsnd: (35) Resource temporarily unavailable 2008/01/20 18:24:15| assertion failed: diskd/store_io_diskd.c:541: "++send_errors < 100" I have seen these error logs due to DISKD in the past. It went away after I switched to UFS. jubilee# ipcs -a Message Queues: T ID KEY MODEOWNERGROUPCREATOR CGROUP CBYTES QNUM QBYTESLSPIDLRPID STIMERTIMECTIME q 524288 942080 --rwa-- nobody nobody nobody nobody 1280 40 2048 920 927 18:05:08 18:05:08 7:34:35 q 524289 942081 --rwa-- nobody nobody nobody nobody00 2048 927 920 18:05:08 18:05:08 7:34:35 Shared Memory: T ID KEY MODEOWNERGROUPCREATOR CGROUP NATTCHSEGSZ CPID LPID ATIME DTIMECTIME m 524288 942082 --rw--- nobody nobody nobody nobody1 339968 920 927 7:34:35 18:05:28 7:34:35 Semaphores: T ID KEY MODEOWNERGROUPCREATOR CGROUP NSEMS OTIMECTIME There's only 4 users on this server, and it's been running for quite sometime now. I read that I need to increase the message queue limits, Im presuming it's the "kern.ipc.msgmnb=16384". How can I monitor system before anything happens. I can run squidclient mgr:info, but what do I need to look for. Configured thee system with following parameters: kern.ipc.nmbclusters: 65536 kern.maxfiles=65536 kern.maxfilesperproc=32768 net.inet.ip.portrange.last=65535 kern.ipc.somaxconn=2048 kern.maxvnodes=10 kern.ipc.msgmnb=16384 kern.ipc.msgmni=40 kern.ipc.msgseg=512 kern.ipc.msgssz=64 kern.ipc.msgtql=2048 options SHMSEG=16 options SHMMNI=41 options MSGSSZ=64 options MSGTQL=512 options MSGSEZ=2048 options SHMMNI=40 options SHMMAX=2097152 options SHMALL=4096 options MAXFILES=8192 options NMBCLUSTERS=32768 options MSGMNB=16384 options VFS_AIO Did you compiled your kernel or are you loading these tunables dynamically? I really am not an expert on this kernel compilation with FreeBSD. But I use the following values: options SHMSEG=128 options SHMMNI=256 options SHMMAX=50331648 # max shared memory segment size (bytes) options SHMALL=16384 # max amount of shared memory (pages) options MSGMNB=16384 # max # of bytes in a queue options MSGMNI=48 # number of message queue identifiers options MSGSEG=768 # number of message segments options MSGSSZ=64 # size of a message segment options MSGTQL=4096 # max messages in system But I guess they are not relevant with 6.x because they are tunables which you can load dynamically. In the end if DISKD does not work for you, then I guess you should use UFS, AUFS or COSS. Since you only have 4 users, all of them will work fine for you... Thanking you... In my squid.conf: cache_dir diskd /usr/local/squid/var/cache 28000 32 512 Q1=72 Q2=64 Thanks BSD Networking, Microsoft Notworking -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] squid-2.7 pre-release testing
Hi Adrian, Adrian Chadd wrote: Hi everyone, I've had a couple of people report that Squid-2.7 snapshots are working for them. We had a couple of memory leak hiccups which were sorted out reasonably quickly. I'd like to get Squid-2.7 released as soon as possible so I can continue with the code restructuring and performance improvements. To this effect, I would appreciate it if a few Squid-2.6 users would be willing to upgrade to the latest Squid-2.7 snapshot and provide feedback on performance and stability. I am using squid 2.7.DEVEL0-20080112 on one of my proxy servers since 4 days now. Seems quite stable and running well :D Attached are some of the current graphs of this squid proxy server. Thanking you... Chances are you won't see much in the way of performance improvements with this release but, time and funding permitting, I hope to push through plenty of improvements in Squid-2.8, including HTTP/1.1 support (which Henrik has been steadily working on, his time and funding permitting) IPv6 support with a focus on improving performance. You can fetch the daily snapshots from: http://www.squid-cache.org/Versions/v2/2.7/ Thanks! Adrian (On holiday!) -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com <><><><><><><><><><>
Re: [squid-users] Page not Displayed through Squid proxy 2.6 Stable 9.0
Hi PRShahu, I think there's some firewall or routing issue between your Squid boxes and and the remote web servers. Try running tcpdump and make sure that you see a 2-way traffic between your Squid box and the remote web server. Squid is hardly to be blamed for this type of issues. The usual suspect is routing or firewall in most cases. Thanking you... [EMAIL PROTECTED] wrote: Hi Al I am facing strange problem with squid proxy version 2.6 STABLE 9 running on Red HAT Linux AS 4.0 Update 5.0. Some of site are not getting displayed (e.g. www.sciencedirect.com) even after long time of wait and no error message is displayed on the browser. We have checked on FIREWALL and cache.log nothing is found ther We have two proxy both are running Squid 2.6 STABLE 9. one is runing RED HAT LINUX AS 4.0 update 5 while other is running RED HAT LINUX AS 3.0 update 3 (both are using same squid.conf file). We are able see pages when we are using proxy hosted on RHEL 3.0 update 3 but we do not get any response when we are using proxy hosted on RHEL 4.0 U 5 for the same web site .. Log in access.log shows proxy had received the request from the client .. Your help in regard is highly apperciative . Thanks and Regards Please Visit our New Corporate Web Site www.wockhardt.com - Disclaimer -- Information transmitted by this E-MAIL is proprietary to Wockhardt Ltd. and/ or its Group Companies and/or,its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. --- -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] squid 2.7 vs 3.x
Hi Adrian, So does that mean that there will be no Squid-2.6.19? Will Squid-2.6.STABLE19 be Squid-2.7.STABLE1 ? Thanking you... Adrian Chadd wrote: On Sat, Jan 12, 2008, Marcus Kool wrote: I tried the FAQ and Squid website for some more info but I found none. The RoadMap2 and RoadMap3 are a bit vague to draw any conclusions. Thats because we're developers, not documentation authors. :) Can you be more elaborate ? What are the major differences between 3.x and 2.7 ? 3.x: has some internal code restructuring, is a C/C++ hybrid, includes integrated ICAP support; Amos has ipv6 support included in 3.HEAD. 2.x: functional cyclic filesystem (COSS), some of my recent work (store URL rewriting to allow CDN type content to be cached with appropriate administrator intervention; my logging helper framework to make logging lightweight again and allow other logging destinations to be easily written, like UDP, MySQL, etc), performance improvements, HTTP/1.1 compliance improvements. I've promised the squid-3 developers that I wouldn't make my Squid-3 complaints public anymore. Suffice to say, I don't really agree with the direction or the implementation of Squid-3 and I got sick of waiting. I'm going to focus my attentions to modifying the Squid-2 codebase to be what I think it should've looked like before we tried the "great C++ experiment". That includes how features are tested and developed, how often minor releases are, well, released, and concentrating on code restructuring and improvements. If this becomes too confusing for users, and this may be the case, then I might have to spin it off as a new project. I'd rather not do this, but I'm not sure how to get it across that Squid-2 is and will be actively developed. If you follow the blog then you'll find articles from Amos and I talking about what we've been working on in Squid-2 and Squid-3. I'd like it if the other project participants chimed in too, but not everyone feels up to writing articles on what they're doing. :) Adrian -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Memory usage of squid parent proces the same as child
Hi Tomasz, Tomek K. wrote: Thanks for Your reply, As you sugested now I have squid 2.6 STABLE 17 and the memory usage is the same as it was before: top - 21:59:22 up 4 min, 1 user, load average: 0.01, 0.06, 0.02 Tasks: 112 total, 1 running, 111 sleeping, 0 stopped, 0 zombie Cpu(s): 0.2%us, 0.0%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 3502208k total, 3059428k used, 442780k free, 3828k buffers Swap: 2650684k total,0k used, 2650684k free,32544k cached %MEM PID USER PR NI VIRT RES SHR S %CPUTIME+ COMMAND 42.9 2339 proxy 15 0 1469m 1.4g 1512 S0 0:11.99 squid 42.5 2322 root 25 0 1456m 1.4g 396 S0 0:00.11 squid Amos Jeffries-2 wrote: Tomek K. wrote: Hello, I have squid server running on Linux Debian Etch. Squid Version 2.6.STABLE5 First step is upgrade to the latest 2.6 STABLE17 from unstable. There have been a lot of improvements made since stable5. Amos is using LDAP group authentication based on Win2003 domain controller. The hardware configuration is: IBM xSeries 336 with one XEON 3.4GHz, 4GB RAM, 2xHDD SCSI 146GB 15K with RAID 1 The problem is that the squid restarts after memory leak. I tried to find the reason, and I found that the reason is to big memory consumption by squid parent proces which is almost the same as child memory usage which is the main cache proces. Below is the top informations about memory usage: top - 22:41:04 up 1 day, 3:55, 1 user, load average: 0.00, 0.00, 0.00 Tasks: 112 total, 1 running, 111 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni, 99.8%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 3502208k total, 3360836k used, 141372k free, 118448k buffers Swap: 2650684k total,0k used, 2650684k free, 165420k cached %MEM PID USER PR NI VIRT RES SHR S %CPUTIME+ COMMAND 42.9 4181 proxy 15 0 1469m 1.4g 1512 S0 0:11.81 squid 42.5 4175 root 25 0 1456m 1.4g 404 S0 0:00.10 squid This are the main squid.conf entries: http_port 8080 icp_port 0 auth_param basic children 50 auth_param basic credentialsttl 1 minute no_cache deny QUERY cache_mem 48 MB maximum_object_size 90 KB Try reducing: maximum_object_size 9 KB minimum_object_size 0 KB request_body_max_size 90 KB cache_dir ufs /var/spool/squid 8192 128 256 cache_dir ufs /var/spool/squid 8192 16 256 cache_replacement_policy heap LFUDA cache_store_log none access_log /var/log/squid/access.log forwarded_for off delay_pools 1 delay_class 1 1 delay_access 1 allow all delay_parameters 1 74000/74000 Is this memory usage by parent proces right ? How can I change it ? Regards Tomasz Krawczyk -- Please use Squid 2.6STABLE17 or 3.0STABLE1. There are serious security advisories out on all earlier releases. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid restarted Signal 25
Hi, [EMAIL PROTECTED] wrote: Today we noticed that our squid process restarted on its own today with a signal 25. Squid Parent: child process 12554 exited due to signal 25 Squid Parent: child process 1512 started How often do you get this error? Have you noticed any kind of patterns? This seems to have been covered many times before and I understand that this is usually caused by a large log file, but the logs (access, store and cache) are all small. The access log gets rotated daily and was rotated about 3 hours before this occurred. I can not find any evidence that a large log file caused this. Also, the file system does not seem to have any errors (fsck). Is there anything else that may cause this? Anything suggestions? This particular box is running squid-2.5.STABLE1-3.9 on RedHat. I am not sure if this will help but have you compiled Squid with the parameter "--with-large-files" or "--enable-large-cache-files" This is the year 2008 where squid-3.0.STABLE1 is available! Upgrade your Squid to the latest stable version of Squid-2.6 which is currently: http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE18.tar.gz I am sure that your problem will be much less troublesome and the mailing list will be more helpful in diagnosing your current problem. Thanking you... Thanks -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] inode ratio and block-size
Hi Man, Linux Man wrote: Thanks for you help Well, I'll use it for cache web traffic, thus save bandwidth. The cache dir will have 50 GB, and the linux box 2 GB RAM. I think that while coss is under development, diskd is a good alternative, so that is will I use. Which Squid version and Operating system is your Squid cache running on? From my experience with COSS, I don't think that COSS is unstable, at least for my Squid caches. Below is the status of one of my Squid cache using COSS. [EMAIL PROTECTED] ~]# squidclient mgr:info HTTP/1.0 200 OK Server: squid Date: Thu, 10 Jan 2008 15:17:39 GMT Content-Type: text/plain Expires: Thu, 10 Jan 2008 15:17:39 GMT Last-Modified: Thu, 10 Jan 2008 15:17:39 GMT X-Cache: MISS from cache8.myhost.com X-Cache-Lookup: MISS from cache8.myhost.com:3128 Via: 1.0 cache8.myhost.com:3128 (squid) Proxy-Connection: close Squid Object Cache: Version 2.6.STABLE16 Start Time: Sun, 09 Sep 2007 11:31:49 GMT Current Time: Thu, 10 Jan 2008 15:17:39 GMT Connection information for squid: Number of clients accessing cache: 5458 Number of HTTP requests received: 646905419 Number of ICP messages received:3418793728 Number of ICP messages sent:3443241002 Number of queued ICP replies: 1725 Request failure ratio: 0.00 Average HTTP requests per minute since start: 3647.7 Average ICP messages per minute since start:-9743.1 Select loop called: 1343923409 times, 7.918 ms avg Cache information for squid: Request Hit Ratios: 5min: 30.4%, 60min: 35.5% Byte Hit Ratios:5min: 13.2%, 60min: 17.8% Request Memory Hit Ratios: 5min: 0.5%, 60min: 0.5% Request Disk Hit Ratios:5min: 64.0%, 60min: 62.2% Storage Swap size: 7539358 KB Storage Mem size: 62772 KB Mean Object Size: 8.74 KB Requests given to unlinkd: 0 Median Service Times (seconds) 5 min60 min: HTTP Requests (All): 1.24267 1.24267 Cache Misses: 1.54242 1.46131 Cache Hits:0.01164 0.01035 Near Hits: 1.24267 1.31166 Not-Modified Replies: 0.00179 0.00091 DNS Lookups: 0.00190 0.00190 ICP Queries: 0.00108 0.00108 Resource usage for squid: UP Time:10640749.431 seconds CPU Time: 776356.607 seconds CPU Usage: 7.30% CPU Usage, 5 minute avg:0.00% CPU Usage, 60 minute avg: 0.00% Process Data Segment Size via sbrk(): 1267032 KB Maximum Resident Size: 558596 KB Page faults with physical i/o: 7602194 Memory accounted for: Total accounted: 635652 KB memPoolAlloc calls: 1433656781 memPoolFree calls: 1427221210 File descriptor usage for squid: Maximum number of file descriptors: 8192 Largest file desc currently in use: 1659 Number of file desc currently in use: 1444 Files queued for open: 0 Available number of file descriptors: 6748 Reserved number of file descriptors: 100 Store Disk files open: 0 IO loop method: kqueue Internal Data Structures: 863282 StoreEntries 1952 StoreEntries with MemObjects 1215 Hot Object Cache Items 862395 on-disk objects As you can see from the above stats, this cache utilizing the COSS storage scheme has been running up without downtime since 09-Sep-2007! With an average of 13KB is a good choice a block size of 4KB? I suggest using 2 cache directories schemes for your Squid box. The 1st for COSS and the 2nd for AUFS or DISKD. But I think that AUFS is more suitable for Linux though. Thanking you... Thanks a lot Best regards 2008/1/8, Matus UHLAR - fantomas <[EMAIL PROTECTED]>: On 08.01.08 00:42, Linux Man wrote: In your experience, when you make a new fs (I will use ext3) for cache dir, what block-size and inode ratio do you use? depends on usage, but the average file size is usually around 13KB which may tell enough... using COSS for small files should change this a lot, however COSS is still not stable enough iirc -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] coss vs aufs vs diskd
Hi Monah, Monah Baki wrote: Hi all, I am trying to deploy a cache server in a environment for kids (approx 2000). Currently my cache (squid-2.6-stable17) is configured to use diskd, but since it's in a test environment I did not reach the limit where I read under high load it will crash. Coss since it's experimental, yet some users have given it good remarks as far as performance and stability. So should I stick with diskd or switch to coss? What is your hardware setup? I am guessing it will be a P4 machine with 1 or 2 GB of memory with a couple of hard drives. From my experience, if your server is running FreeBSD and the average requests are under 50 req/sec, then DISKD is the best choice. However if your req/sec should go above 50-60, then I would suggest AUFS. If your squid proxy will be running on a Linux box, then I would suggest AUFS. COSS is working great for me on my FreeBSD squid boxes. It seems specially good for caching small objects. The only drawback of COSS is it's long rebuilding process. The best option would be to use two (2) storage schemes. (1.) DISKD + COSS for FreeBSD (2.) AUFS + COSS for Linux Note: This are just my suggestions! Hope that helps. Thanking you... Thanks BSD Networking, Microsoft Notworking -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] squid banner zapping and antivirus filtering
Hi Dave, Dave wrote: Hello, I'm setting up a box for a friend, a FreeBSD machine that does firewall and nat for his local lan. I've added squid as a transparent proxy so i can also add in adzapping and antivirus and later if the situation calls for it content filtering with dansguardian. I'm using squid 2.6.17 i believe the version is and this time it's not working. Squid-2.6.17 will work. It's your configuration which seems to be not working. I'm wondering if one of my squid parameters is wrong, should a redirector be called with redirect_program or url_rewrite_program? Can you post your relevant parts of your squid.conf? I'm using adzap's zapchain as the squid redirector and running suqidguard, bannerfilter chained off of it, i tried to run squidclam for av but that program kept core dumping. For such a setup would raising the number of redirector processes from 5 to 10 be advisable? I don't want to go out of memory with this setup. If anyone is doing this with other programs i'd like to hear experiences as well. Thanks. What's your hardware setup? Probably the best setup will be: Client --> Dansguardian --> Squid Thanking you... Dave. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] How to Clear Cache in SQUID
Hi, TRM wrote: Hi List, My HardDisk is getting full, i want to clear the cache. how can do that? If your cache resides in /var/squid/cache/ rm -fr /var/squid/cache/ then recreate the directory and rebuild it!! -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] small req for gru,s
Hi learner, squid learner wrote: Thanks dear please help if U can just i am in problem of speed many times i check direct proxy of isp work faster then via squid cache There could be many things affecting the speed of your proxy in relation to your ISP parent cache. What is your bandwidth medium and pipe? Where is your proxy located in your network? Which Squid version and OS are you running on your machine? How many users is your proxy server serving? How did you install Squid in the 1st place? What's the output of "squid -v"? Try the following squid.conf to see if it works better: ###Start of squid.conf### cache_effective_user squid cache_effective_group squid http_port 3128 cache_peer proxy-dsl.nesma.net.sa parent 8080 0 cache_peer 212.162.158.52 parent 8080 0 acl all src all never_direct allow all emulate_httpd_log on cache_mem 128 MB cache_dir aufs /usr/local/squid/var/cache 1 16 256 cache_store_log none cache_log /var/log/squid/cache.log access_log /var/log/squid/cache.log acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY logfile_rotate 10 #here your network acl lan src 192.168.2.0/24 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl GET method GET acl POST method POST refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 40% 4320 #Time-to-Live (TTL) for failed request negative_dns_ttl 2 minutes #Time-to-Live (TTL) for positive caching of successful DNS lookups. positive_dns_ttl 1 hours #Time-to-Live (TTL) for negative caching of failed DNS lookups negative_dns_ttl 2 minutes #Time awaited before Squid respond with the error msg. "Connection timed out." connect_timeout 90 seconds #Time awaited by Squid after establishment with a HTTP connection. request_timeout 20 seconds #Close half-closed TCP connections half_closed_clients off pconn_timeout 30 seconds ie_refresh on client_persistent_connections off http_access allow localhost http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow lan http_access deny all icp_access allow all miss_access allow all cache_mgr [EMAIL PROTECTED] visible_hostname fastcache unique_hostname fastcache ###End of squid.conf After running your cache for some time, can you post the output of: squidclient mgr:info Last but not the least, check if there are errors in your network interfaces. Hope that helps. Thanking you... here my squid.conf #your proxy from isp cache_peer proxy-dsl.nesma.net.sa parent 8080 3130 weight=2 no-query round-robin cache_peer 212.162.158.52 parent 8080 0 weight=1 no-query round-robin acl all src 0.0.0.0/0.0.0.0 never_direct allow all #prefer_direct allow cache_mem 32 MB cache_dir diskd /usr/local/squid/var/cache 3 16 256 Q1=72 Q2=64 cache_store_log none acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 #===adition for ip statics hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY #forwarded_for of logfile_rotate 10 #=== up to here #here your network acl lan src 192.168.2.0/24 acl mylan src 0.0.0.0/24 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl GET method GET acl POST method POST # If nothing else matches, use this rule refresh_pattern . 480 50% 9 negative_ttl 0 minutes positive_dns_ttl 24 hours negative_dns_ttl 1 minutes range_offset_limit 0 KB connect_timeout 120 minutes peer_connect_timeout 30 seconds read_timeout 15 minutes request_timeout 60 seconds client_lifetime 1 day pconn_timeout 120 seconds shutdown_lifetime 30 seconds http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow lan http_access allow mylan http_access deny all icp_access allow all miss_access allow all cache_mgr [EMAIL PROTECTED] visible_hostname fastcache unique_hostname fastcache cache_effective_user squid cache_effective_group squid #httpd_accel_host vertual #httpd_accel_port 80 #httpd_accel_with_proxy on #httpd_accel_uses_host_header on http_port 8080 http_port 8586 http_port 3128 --- Tek Bahadur Limbu <[EMAIL PROTECTED]> wrote: Hi learner, squid learner wrote: sir i am using squid in my lan 192.168.1.0/255.255.255.0 with onle one lan card the squid server ip is 192.168.1.200:8080 so all clients proxy setting is 192.168.1.200:8080 did chang
Re: [squid-users] small req for gru,s
Hi learner, squid learner wrote: sir i am using squid in my lan 192.168.1.0/255.255.255.0 with onle one lan card the squid server ip is 192.168.1.200:8080 so all clients proxy setting is 192.168.1.200:8080 did changing the cachi box with two lan cards make deffrence i mean speed difference I am not sure if I understand your question! I don't think that you will see any speed difference just by adding an extra LAN card. There is no relation between the number of network cards and Squid. Of course, by adding the extra network card, you can do many useful things like making this Squid cache box the gateway for your network. What this means is that you can now locally intercept your clients web requests. No manual proxy configuration in your client's browsers or router redirection needed. Then you can also make this Squid box to act as a firewall for your internal network. Finally, but not the last, you can make this Squid box a bandwidth shaper too. Thanking you... thank you Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] cache_peer maximum limit quesion
Dear All, Happy New Year 2008 to everyone on the Squid mailing list. May the new year 2008 bring more happiness, success and prosperity to your lives. Mr Crack wrote: On Dec 31, 2007 7:33 AM, Henrik Nordstrom <[EMAIL PROTECTED]> wrote: On sön, 2007-12-30 at 23:41 +0700, Mr Crack wrote: So, I put all proxy server list in squid.conf with cache_peer But squid only find 3 parents and leave other parent without query. I wanna know, how to fix this. I want squid to detect all proxy in list How did you add them? I.e. what do your cache_peer line look like? is ICP used, or only HTTP? (actually answered by the above..) I dont know whether I use ICP or not but my configuration is show bewlo cache_peer x.x.x.1 8080 3130 no-query cache_peer x.x.x.2 8080 3130 no-query cache_peer x.x.x.3 8080 3130 no-query cache_peer x.x.x.4 8080 3130 no-query cache_peer x.x.x.5 8080 3130 no-query cache_peer x.x.x.6 8080 3130 no-query cache_peer x.x.x.7 8080 3130 no-query cache_peer x.x.x.8 8080 3130 no-query And how to view my ISP proxy use ICP or nor... I am sure that your ISP uses ICP and cache-digests too. Check with tcpdump on port 3130 for 2 way traffic between your proxy and your ISP proxies. But I doubt that they will allow clients to query their proxy caches with ICP queries. But I am not sure. Thanking you... How do you want Squid to use them? Randomly send requests around to the different peers, or more smartly prefer to use the same peers for session affinity? Regards Henrik -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: Fwd: [squid-users] Squid, SNMP and MRTG
stem: mail.douglas.lk in Unknown Maintainer: [EMAIL PROTECTED] Description:eth1 ifType: ethernetCsmacd (6) ifName: Max Speed: 12.5 MBytes/s Ip: 192.168.4.6 (mail.douglas.lk) ### Interface 4 >> Descr: 'sit0' | Name: '' | Ip: '' | Eth: '00-00-00-00-41-d9' ### ### The following interface is commented out because: ### * it is administratively DOWN ### * it is operationally DOWN ### * has a speed of 0 which makes no sense # # Target[localhost_4]: 4:[EMAIL PROTECTED]: # SetEnv[localhost_4]: MRTG_INT_IP="" MRTG_INT_DESCR="sit0" # MaxBytes[localhost_4]: 0 # Title[localhost_4]: Traffic Analysis for 4 -- mail.douglas.lk # PageTop[localhost_4]: Traffic Analysis for 4 -- mail.douglas.lk # #System: mail.douglas.lk in Unknown #Maintainer: [EMAIL PROTECTED] #Description:sit0 #ifType: Encapsulation Interface (131) #ifName: #Max Speed: 0.0 Bytes/s # and here is my /etc/snmp/snmpd.conf file [EMAIL PROTECTED] mrtgnew]# cat /etc/snmp/snmpd.conf com2sec local localhost public com2sec mynetwork 192.1.54.0/24 public com2sec mynetwork 192.168.9.0/24 public group MyRWGroup v1 local group MyROGroup v1 mynetwork group MyRWGroup v1 otherv3user view all included .1 80 access MyROGroup "" any noauth exact all none none access MyRWGroup "" any noauth exact all all all syscontact [EMAIL PROTECTED] then , I ran below command. it worked too. [EMAIL PROTECTED] mrtgnew]# indexmaker --output=/var/www/mrtgnew/indexnew.html /etc/mrtg/mrtgnew.cfg then, I ran below commands 3 times. [EMAIL PROTECTED] mrtgnew]# indexmaker --output=/var/www/mrtgnew/indexnew.html /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] mrtgnew]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtgnew.cfg Rateup WARNING: /usr/bin/rateup could not read the primary log file for localhost_3 Rateup WARNING: /usr/bin/rateup The backup log file for localhost_3 was invalid as well Rateup WARNING: /usr/bin/rateup Can't remove localhost_3.old updating log file Rateup WARNING: /usr/bin/rateup Can't rename localhost_3.log to localhost_3.old updating log [EMAIL PROTECTED] mrtgnew]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtgnew.cfg Rateup WARNING: /usr/bin/rateup Can't remove localhost_3.old updating log file [EMAIL PROTECTED] mrtgnew]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtgnew.cfg But, I get traditional mrtg page. Nothing related to squid. No LoadMIBs: /etc/squid/mib.txt file hase been loaed to that index.html page? HELP NEEDED again? -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Pending Squid-2.7 release - testers wanted!
Hi Adrian, Adrian Chadd wrote: Hi everyone, The Squid-2.7 release should be tagged any day now, so we'd appreciate it if people currently using Squid-2.6 in high-traffic environments could give Squid-2.HEAD a whirl. It should just drop in with no configuration changes needed. More fun stuff will start appearing in Squid-2 after Squid-2.7 is release so stay tuned. Is the StoreUrlRewrite helper which you wrote some time ago for caching Google Earth/Map/YouTube available in this Squid-2.7 release? Adrian -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid-3.0.STABLE1 dies repeatedly
current capabilities 2007/12/19 09:31:27| Accepting SNMP messages on port 166, FD 18. 2007/12/19 09:31:27| Configuring Parent 127.0.0.1/8080/0 2007/12/19 09:31:27| Invalid capability version 0 (expected 429392688) 2007/12/19 09:31:27| Ready to serve requests. 2007/12/19 09:31:27| Store rebuilding is 44.59% complete 2007/12/19 09:31:27| Done reading /data1/squid_cache/coss01 swaplog (9186 entries) 2007/12/19 09:31:28| Done reading /data1/squid_cache swaplog (38478 entries) 2007/12/19 09:31:28| Finished rebuilding storage from disk. 2007/12/19 09:31:28| 47664 Entries scanned 2007/12/19 09:31:28| 0 Invalid entries. 2007/12/19 09:31:28| 0 With invalid flags. 2007/12/19 09:31:28| 47664 Objects loaded. < it goes on and on and on dying repeatedly . . .> -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Transparent proxy plus outsite proxy
Hi Jose Noto, Jose Noto wrote: Good morning, I am seting up a Transparent proxy using squid where we already have a proxy server provided by our ISP and I am having some troubles. If I congure in the browser connections my ISP proxy, internet is working fine but I am not using the transparent proxy (the proxy server doesn't log anything) and if I don't configure it I cannot see any website because I am not using the external proxy, but my squid server is working trying to resolve all the requests. How can I integrate my ISP proxy on the squid proxy server? Is there something to do with my iptables rules that should redirect to my ISP proxy server? I am a little confused! When you say your internal proxy server doesn't log anything and then you say that it is trying to resolve all the requests, what is that suppose to mean? IMHO, you can accomplish the integrating of your internal transparent proxy with your ISP proxy in 2 steps: client --> Internal transproxy (Gw) --> External ISP Proxy (Parent) STEP 1: You need to make your internal transproxy the gateway of your clients. Or redirect web requests from your router to your internal transparent proxy. I guess your internal Squid box has 2 network interfaces (eth0, eth1). If this squid box also does NAT, then you will need the following script: #!/bin/sh #Define your network interfaces and network where # eth0=Public Internet Interface # eth1=Private Internal Interface # Enable simple IP Forwarding OUT_IF=eth0 INT_IF=eth1 OUT_IF_IP=Public.Static.IP.Address INT_IF_NET=192.168.0.0/24 echo "1" >/proc/sys/net/ipv4/ip_forward ###Enable Network Address Translation /sbin/iptables -t nat -A POSTROUTING -o $OUT_IF -s $INT_IF_NET -j SNAT --to-source $OUT_IF_IP ###Redirect web requests on port 80 to Squid port 3128. Intercepting. /sbin/iptables -t nat -A PREROUTING -p tcp -s $INT_IF_NET --dport 80 -j REDIRECT --to-port 3128 #End Of Script### STEP 2: Configure your transparent/intercepting Squid to use your ISP proxy as it's parent. In your squid.conf, you need to add an entry something like the following: cache_peer IP.Of.ISP.Proxyparent 3128 0 default Of course, you can use the hostname of your ISP's proxy instead of it's IP address. Hope that will help you out. Thanking you... Many thanks. Jose -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid transparent mode slow down clients
Hi Ferraroni , Ferraroni Matteo wrote: Hi folks, I have a little bandwidth problem. My customer's network is simple like this: internet ---> squid 2.6 StabLe 5 (trasparent mode) > lan 172.16.0.0/16 Now, the problem is that when I redirect the 80 port to 8080 (squid) all the clients' connection slow down (from 250 Kbyte/s to 20/30 kbyte/s), and when I disable the iptables rule all returns fast. How did you measure the slowdown is speed? And what is your actual bandwidth pipe? How can I solve this? Squid.conf http_port 8080 transparent icp_port 0 htcp_port 0 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log emulate_httpd_log on mime_table /etc/squid/mime.conf pid_filename /var/run/squid.pid dns_nameservers 213.140.2.12 208.67.222.222 193.205.245.66 acl all src 0.0.0.0/0.0.0.0 http_access allow all iptables rules $IPTABLES -t nat -A PREROUTING -p tcp --dport 80 -s 172.16.0.0/16 -j REDIRECT --to-port 8080 $IPTABLES -t nat -A POSTROUTING -s 172.16.0.0/16 -j SNAT --to-source 192.168.1.2 How many network interfaces does your Squid box have? So this box performs NAT and Proxy service simultaneously? Maybe you have large ACLs filtering on your squid.conf? What is the output of "squidclient mgr:info"? Thanking you... Thank you in advance Matteo -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Can't assign requested address
Hi nix_kot, nix_kot wrote: Hello, squid-users. In my cache.log very many such messages > 2007/12/06 08:44:37| commBind: Cannot bind socket FD 7703 to *:0: (49) Can't assign requested address 2007/12/06 08:44:37| commBind: Cannot bind socket FD 7703 to *:0: (49) Can't assign requested address 2007/12/06 08:44:38| commBind: Cannot bind socket FD 7697 to *:0: (49) Can't assign requested address 2007/12/06 08:44:38| commBind: Cannot bind socket FD 7697 to *:0: (49) Can't assign requested address 2007/12/06 08:49:10| comm_accept: FD 80: (53) Software caused connection abort 2007/12/06 08:49:10| httpAccept: FD 80: accept failure: (53) Software caused connection abort 2007/12/06 08:50:03| parseHttpRequest: Unsupported method '..CONNECT' 2007/12/06 08:50:03| clientReadRequest: FD 103 Invalid Request 2007/12/06 08:52:31| sslReadServer: FD 91: read failure: (54) Connection reset by peer I don't know, that is it. Squid restarted after per minutes. Users message in browser on the opening page: Can't assign requested address You seem to be running out of file descriptors or mbufs. And in this time squid load all Processor (80-90%). Use the latest version of Squid which is Squid-2.6.17. It's very CPU friendly. http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE17.tar.gz squid 2.5 stable12 freebsd 4.11 Please help me Try increasing your file descriptors and mbufs. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Best configuration parameters for effective caching
Hi Arun, Arun S wrote: Sorry for the worng subject in the previous mail -- Forwarded message -- From: Arun S <[EMAIL PROTECTED]> Date: 5 Dec 2007 10:13 Subject: Re: [squid-users] Squid-2.6.STABLE17 available To: squid-users@squid-cache.org Hi list, Can someone please suggest the best configuration parameters like cache size, cache algorithm, FQDN memory size, etc. for Squid to cache effectively? There is no magic configuration for an effective Squid cache. It depends upon many factors like number of users, bandwidth pipe, hardware limits, Squid version, Operating systems,etc. But you can try the parameters below: cache size = 10 GB cache_replacement_policy = GDSF memory_replacement_policy = GDSF ipcache_size = 8192 fqdncache_size = 8192 Storage Scheme = AUFS cache mem = 128 MB Thanking you... -- Regards, Arun S. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] looking for testers: google maps/earth/youtube caching
Hi Adrian, Adrian Chadd wrote: On Thu, Nov 29, 2007, Tek Bahadur Limbu wrote: 2007/11/29 15:58:43| WARNING: store_rewriter #5 (FD 11) exited 2007/11/29 15:58:43| WARNING: store_rewriter #4 (FD 10) exited 2007/11/29 15:58:43| WARNING: store_rewriter #3 (FD 9) exited 2007/11/29 15:58:43| Too few store_rewriter processes are running FATAL: The store_rewriter helpers are crashing too rapidly, need help! Run the helper manually and see what it says! Oops sorry. Small typo mistake. The helper is running now. In the Debian 4.1 box, everything seems to be working fine. symbol in file MD5Init store_key_md5.o (symbol belongs to implicit dependency /usr/lib/libmd5.so.1) MD5Finalstore_key_md5.o (symbol belongs to implicit dependency /usr/lib/libmd5.so.1) MD5Update store_key_md5.o (symbol belongs to implicit dependency /usr/lib/libmd5.so.1) ld: fatal: Symbol referencing errors. No output written to squid collect2: ld returned 1 exit status gmake[3]: *** [squid] Error 1 Can Squid-2.HEAD be used for a Solaris 10 box? Compile with --enable-openssl. We're trying to figure out whats going on. In both FreeBSD and Solaris, compiling with the parameter "--enable-ssl" completed successfully. However, I have not really tested it extensively. I will further test and monitor it extensively in the coming heads ahead. Anyway, thanks alot for the caching stuff for Google Earth/Maps/YouTube. I am sure that the caching will improve further in the coming days. Will this feature be merged into Squid-2.6 sometime in the future? Thanking you... Adrian -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] looking for testers: google maps/earth/youtube caching
Hi Adrian, Adrian Chadd wrote: On Mon, Nov 26, 2007, Tek Bahadur Limbu wrote: I'm saying right now that I'm willing to spend the time and effort to work with people for free to get this stuff tested and debugged. It doesn't benefit me - I'm not getting paid -at all- to do this. I am interested. Let me study it in more detail. For the time being, if I need help, you will be there, won't you? Sure. Just trial Squid-2.HEAD on your caches first and let me know if that breaks anything. Once Squid-2.HEAD is stable for you then we'll be able to do the extra magic to get some maps and youtube caching going. Compiled Squid-2.HEAD successfully in a Debian 4.0 (2.6.18) box. Added the following in squid.conf: acl store_rewrite_list dstdomain .youtube.com storeurl_access allow store_rewrite_list storeurl_access deny all storeurl_rewrite_program /usr/local/squid/run/store_url_rewrite However, starting squid reported the following: 2007/11/29 15:58:43| WARNING: store_rewriter #5 (FD 11) exited 2007/11/29 15:58:43| WARNING: store_rewriter #4 (FD 10) exited 2007/11/29 15:58:43| WARNING: store_rewriter #3 (FD 9) exited 2007/11/29 15:58:43| Too few store_rewriter processes are running FATAL: The store_rewriter helpers are crashing too rapidly, need help! Aborted Am I must be missing something fundamental here? By the way, I also tried to install Squid-2.HEAD on a Solaris 10 box: I get the following errors while compiling: .a fs/libcoss.a fs/libdiskd.a fs/libaufs.a fs/libnull.a auth/libbasic.a -lcrypt ../snmplib/libsnmp.a -L../lib -ldlmalloc -lmiscutil -lrt -lpthread -lm -lsocket -lnsl -lresolv Undefined first referenced symbol in file MD5Init store_key_md5.o (symbol belongs to implicit dependency /usr/lib/libmd5.so.1) MD5Finalstore_key_md5.o (symbol belongs to implicit dependency /usr/lib/libmd5.so.1) MD5Update store_key_md5.o (symbol belongs to implicit dependency /usr/lib/libmd5.so.1) ld: fatal: Symbol referencing errors. No output written to squid collect2: ld returned 1 exit status gmake[3]: *** [squid] Error 1 Can Squid-2.HEAD be used for a Solaris 10 box? Thanking you... Adrian -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Concurrent question
Hi Monah, Monah Baki wrote: Hi all, I'm running squid 2.6 stable 16 on a Pentium III 500Mhz with 512MB RAM, IDE HDD, installed FreeBSD 6.3 with the following: --enable-storeio=ufs,diskd,null --enable-underscores --with-large-files --enable-large-cache-files --enable-delay-pools --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-async-io --enable-kqueue I would add the following compilation parameters to --enable-storeio: '--enable-storeio=ufs,coss,diskd,aufs,null' Just in case, you may want to try the aufs or coss storage schemes. As far as I know, if you include aufs in --enable-storeio, then you don't need the "--enable-async-io" parameter. Added into the /boot/loader.conf: kern.ipc.nmbclusters: 32768 kern.maxfiles=65536 kern.maxfilesperproc=32768 net.inet.ip.portrange.last: 65535 I suggest increasing the kern.ipc.nmbclusters to at least 65536. I have too often faced the shortage of mbufs in FreeBSD! Compiled kernel with these options: options SHMSEG=16 options SHMMNI=32 options SHMMAX=2097152 options SHMALL=4096 options MAXFILES=8192 I'm also running Dans Guardian on it too. My question is approximately how many users can I proxy for? From my experience, if you don't have too many or complicated filtering rules in both Dans Guardian and Squid, then it should be scalable to about 200 - 500 users. A lot will also depend upon your internet connection link and your users browsing habits. The size of bandwidth pipe and it's medium will also determine how many users your proxy can handle. And of course as Adrian mentioned, active monitoring and collecting statistics from Squid and your FreeBSD machine via SNMP and MRTG/RRD will help you out. Thanking you... Thanks BSD Networking, Microsoft Notworking Cool phrase!!! -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] High CPU usage when cache full
Hi John, John Moylan wrote: Hi, I have three memory only caches set up 7GB of memory each (the machines have 12GB of physical memory each). Throughput is fairly high and this setup works well in reducing the number of requests for smaller files from my backend storage with lower latency that a disk and mem. solution. Do you have statistics regarding fetching from memory and disk? How much is the performance increment when using memory cache only? However, the cache's on of the machines fill up every 2-3 days and Squid's CPU usage subsequently goes up to 100% (These are all dual SMP machines and system load average remains around 0.7). FD's, the number of connections and swap are all fine when the CPU goes up so the culprit is more than likely to be cache replacement. I am using heap GDSF as the policy. The maximum size in memory is set to 96 KB. Have you tried the LFUDA or the default LRU memory replacement policies? I am using squid-2.6.STABLE6-4.el5 on Linux 2.6. Try upgrading to the latest version of squid. http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE16.tar.gz It probably contains some improvements over version 2.6.6. Is there anything I can do to improve expensive cache replacement apart from stopping and starting Squid every day? By the way, which Linux distro are you using? Can you post the output of "squidclient mgr:info" or the relevant parts of your squid.conf? Thanking you... J -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] looking for testers: google maps/earth/youtube caching
Hi Adrian, Adrian Chadd wrote: I don't know if people understood my last email about the StoreUrlRewrite changes I've made to squid-2.HEAD, so I'll just be really clear this time around. http://www.squid-cache.org/mail-archive/squid-users/200711/0490.html I read it and I think I understand your email. At least I understand it's mission which is to make non-cachable stuff get cached! I've implemented some changes to Squid-2.HEAD which will allow certain stuff to be cached which couldn't be in the past. The first two things I'm going to try and concrete the support for is google maps/earth (web only) and Youtube. So, I'm looking for testers who are willing to run squid-2.HEAD snapshots and work with me to evaluate and fine-tune my squid extensions to support this. Who is interested? Come on, after the amount of "How do you cache youtube?" questions from the mailing lists and search results hitting the squidproxy blog over the last few months -some- of you have to be interested. I'm saying right now that I'm willing to spend the time and effort to work with people for free to get this stuff tested and debugged. It doesn't benefit me - I'm not getting paid -at all- to do this. I am interested. Let me study it in more detail. For the time being, if I need help, you will be there, won't you? Thanking you... Adrian -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
Hi George, Siju George wrote: On Nov 21, 2007 12:21 PM, Tek Bahadur Limbu <[EMAIL PROTECTED]> wrote: Hi George, Siju George wrote: Hi, I have a System with two Internet connections. Is it possible to configure squid to load balance out going internet traffic through those two Internet Connections? To keep things simple, you can just use the "tcp_outgoing_address" parameter in squid.conf. It didn't work :-( I am running OpenSBD and using the route-to option in pf.conf http://www.openbsd.org/faq/pf/pools.html#outgoing I am not familiar with OpenBSD systems. How many network interface cards does this OpenBSD system have? And how is your network setup layout? to load balance Internet connections. It is not multipath routing with two default routes. Why don't you create 2 alias in your network interface pointing to the 2 routers having internet connectivity and then use the "tcp_outgoing_address" parameter? Thanking you... Thank you so much for the response :-) Kind Regards Siju -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Problems connecting to some websites
Hi Haytham, Haytham KHOUJA (devnull) wrote: Hello All, I have some problems connecting to some websites such as: google.com, yahoo.com, facebook.com and some local websites, this is not constant. i have the following configured: echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/tcp_window_scaling echo 0 > /proc/sys/net/ipv4/tcp_ecn echo 0 > /proc/sys/net/ipv4/tcp_low_latency echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range echo 1 > /proc/sys/net/ipv4/tcp_moderate_rcvbuf echo 10240 > /proc/sys/net/ipv4/tcp_max_syn_backlog echo 100 > /proc/sys/net/ipv4/ip_conntrack_max Note that i have a busy (500 concurrent requests) proxy connected to a L4 Foundry Switch. So this is a transparent (intercepting) proxy? There are always some issues with it even though there is much less than before. As always, tcpdump and investigation is your best way out. Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
Hi George, Siju George wrote: Hi, I have a System with two Internet connections. Is it possible to configure squid to load balance out going internet traffic through those two Internet Connections? To keep things simple, you can just use the "tcp_outgoing_address" parameter in squid.conf. Thanking you... Thank you so much Kind Regards Siju -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] DNS Question
Hi Joseph, Joseph Jenkins wrote: May be I am missing this, but I have not been able to find it. How do I have the squid cache do the dns lookup and use that rather than trusting the address that the client looks up? Install a DNS server in the Squid box itself and point Squid's DNS to itself. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid Performance (with Polygraph)
Hi Dave, Dave Raven wrote: I have seen the error messages before, but not during these tests. diskd definitely seems to delay the time-till-crash by a lot - as I understand it the problems in diskd are crashes under high load, not that it slows it down right? From my experience, YES, DISKD crashes under high load but does not actually slows Squid down. It slows Squid initially while rebuilding it's cache after the crash but recovers quite fast not to hamper performance. Only under certain circumstances, will it cause the cache to go beyond repair and the only way out is to wipe out the cache and rebuild it from scratch. The time for the DISKD crashes also seems to vary alot from crashing multiple times a day to a single crash a week or two. From your earlier posts, since all your testings lasted from 10 minutes to 18 hours, maybe the DISKD crash did not appear during that time. Also your FreeBSD version 4.x might have also made the difference! Can you post your FreeBSD 4.x KERNEL parameters that you compiled for your testing purposes? Thanking you... Thanks for the help Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Moylan Sent: Wednesday, November 14, 2007 12:39 PM To: Dave Raven Subject: Re: [squid-users] Squid Performance (with Polygraph) Doesn't diskd have a bug whereby it has issues under heavy load. http://www.squid-cache.org/bugs/show_bug.cgi?id=761 . If so, I am surprised that it is behaving best under heavy load. http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE16-RELEASENOTES.html J -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] how to pass all internet traffic through squid
ED] coredump_dir /var/spool/squid Looks fine to me. *** WHAT ARE THE NECESSARY CHANGES I HAVE TO TAKE TO WORK SQUID AS I MENTIONED ABOVE. You probably want to setup a transparent proxy... oh, and btw PLEASE DON'T SHOUT we hear you just fine in lowercase. thanks. Sorry to post it again i haven't get the answer from the post give me some suggestions to make it out To sum it up, make this Squid box the gateway or redirect web requests from your router to this Squid box. Then redirect web requests on port 80 to Squid's port 8080 using the IPTABLES firewall if your Squid box's operating system is Linux. Hope that helps. Thanking you..... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid not responding
Hi Stephane, stephane lepain wrote: On Saturday 10 November 2007 01:46:59 Amos Jeffries wrote: stephane lepain wrote: On Friday 09 November 2007 15:20:04 Tek Bahadur Limbu wrote: Hi Stephane, stephane lepain wrote: Hi Guys, Squid did not respond when I restarted my PC. I don't have any error message in /etc/squid/squid.out. It seems that squid is not even registering. Since I don't have an error message, I can't sort this out. I also tried a restart, stop and start but nothing would do. /etc/rc.d/init.d/ and then ./squid restart. Anyone has any thought on this? Which OS and Squid version are you running? What do you have for the following directive in your squid.conf: cache_log If you had tried to restart Squid from /etc/rc.d/init.d and if Squid failed to load, then Squid will report errors in cache.log unless you have configured Squid not to generate a cache.log file! By the way, just in case, check your hard drive disk space usage. If nothing helps, check where the Squid binary is located from your startup script in /etc/rc.d/init.d/squid. Go to the directory where the Squid binary is residing and run: ./squid -NCd1 You will see the errors why your Squid is not starting or not responding in the 1st place. Thanking you ... Cheers to all of you Hi all, I now have got an error message saying "could not determine fully qualified host name. set visible host name" . I cant seem to get around this. I would appreciate a hand. Cheers to all Publicly visible host needs a FQDN assigned and rDNS configured. All the networking software on your host will be having problems with this. Assuming you are on a unice; /etc/hostname should contains a FQDN OR in the rare event that you CANT do that; it must contain a valid host name (ie 'proxy') and /etc/resolv.conf must contain a domain entry that combines to form a FQDN . with rDNS that resolves to an IP asigned to that machine. As a hack-around just for squid there is the visible_hostname directive, although this will go nowhere to fixing the DNS/rDNS problems at the cause of the message. Amos Though that is kind of weird because I didn't have that problem before. I have switched all my server from Mandriva to Ubuntu Server version. I think that could be the problem!! I am now using SQUID 2.6 stable 14 as well. Should I run the latest version? I think it's the Squid version which was causing the problem rather than the Linux distribution. Running the latest current version always helps in terms of security patches, minor improvements and debugging. Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Maximum users a squid-server can handle
Hi Goj, Goj, Dirk wrote: Hi there :) Is it possible to give any forecast about the maximum clients a specified machine can server in future ? I know it depends hardly on the behave of the clients... It will also depend on the hardware of your Squid machine. More memory and fast hard drives will help you alot. More detailed... a the moment we're using one squid to serve only about 150 inhouse users. In future the proxy should serve 400-600 outsourced office connectet via vpn, but surfing via the proxy-server. From my experience, a single proxy server can handle anywhere from 100 to 2000 users. That will approximately be 10 to 300 requests per second. I suppose all your future clients will be on fiber optical connections which will definitely be much more friendly to Squid compared to satellite connections. I am attaching some monthly graphs of one of my Squid proxy server. They include req/sec, traffic/sec and average number of clients. The graph in red represents the number of TCP connections per second. In case your clients user base grows above 1000, then you can always add another Squid proxy server which will not only serve your increased HTTP traffic but will also act as a fail-over method for redundancy. Hope that helps. Thanking you ... Best thanks Dirk As you know, messages sent by e-mail can be manipulated by third parties. For this reason our e-mail messages are generally not legally binding. This message (and any files transmitted with it) may contain confidential and/or privileged material. The information transmitted is intended only for the person or entity to which it is addressed. If you have received this e-mail in error please notify the sender or the system manager immediately by reply e-mail and delete this message and any attachments. Any review, disclosure, copy, distribution or other use of contents of this message by persons or entities other than the intended recipient is prohibited. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com <><><><>
Re: [squid-users] Squid not responding
Hi Stephane, stephane lepain wrote: Hi Guys, Squid did not respond when I restarted my PC. I don't have any error message in /etc/squid/squid.out. It seems that squid is not even registering. Since I don't have an error message, I can't sort this out. I also tried a restart, stop and start but nothing would do. /etc/rc.d/init.d/ and then ./squid restart. Anyone has any thought on this? Which OS and Squid version are you running? What do you have for the following directive in your squid.conf: cache_log If you had tried to restart Squid from /etc/rc.d/init.d and if Squid failed to load, then Squid will report errors in cache.log unless you have configured Squid not to generate a cache.log file! By the way, just in case, check your hard drive disk space usage. If nothing helps, check where the Squid binary is located from your startup script in /etc/rc.d/init.d/squid. Go to the directory where the Squid binary is residing and run: ./squid -NCd1 You will see the errors why your Squid is not starting or not responding in the 1st place. Thanking you ... Cheers to all of you -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] WCCPv2 and HTTPS problems
Hi Dalibor, Dalibor Dukic wrote: On Wed, 2007-11-07 at 17:15 +0545, Tek Bahadur Limbu wrote: Hi Adrian, Adrian Chadd wrote: On Wed, Nov 07, 2007, Hemant Raj Chhetri wrote: Hi Adrian, I am also facing the same problem with https sites. Yahoo works fine with me but I am having problem with hotmail. Please advice me on how do I handle this or is there any guide which I can refer to. I don't know of an easy way to handle this, I'm sorry. I know how I'd handle it in Squid-2.6 but it'd require a couple weeks of work and another few weeks of testing. I have 2 FreeBSD-6.2 transparent Squid proxies using WCCP2 with a Cisco 3620 router. Up till now, I am not facing any HTTPS problem. At least, nobody is complaining about Hotmail and Yahoo web mail services. Are clients on private address space? If You NATed clients and squid on same address web server see just one address. My clients are all using public IP addresses. (Considering how much of a problem this has caused people in the past I'm surprised a solution hasn't been contributed back to the project..) Maybe, the solution lies on the setup of the Operating System, Squid and Router itself. I don't think so. HTTPS request are not forwarded to squid box in web-cache service group only port HTTP. Yes I know that Squid does not handle HTTPS requests which leads to another question. If HTTPS does not go through Squid, then does WCCP see them or how does WCCP handle them if at all? We all know since the beginning when we started learning and using Squid that intercepting or transparent proxy servers will cause some problems down the way. In fact, all softwares will cause some problems. Maybe this is one of the problems. In fact, I had been facing this Hotmail and Yahoo HTTPS problem with Squid-2.5 in the past. I can't remember exactly how I got it solved. On one occasion, routing solved the problem and in another case, a firewall modification solved the problem. Maybe the problem still exists now but somehow it has not caught my attention for which I am happy :) But sooner or later, I'm sure this problem will again pop up on my proxies too and users will be banging my phone! I guess somebody or one of us on this list has to do some really complete analysis and study using whatever tools is required to solve this problem once and for all. Thanking you... Thanking you... Adrian -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] WCCPv2 and HTTPS problems
Hi Adrian, Adrian Chadd wrote: On Wed, Nov 07, 2007, Hemant Raj Chhetri wrote: Hi Adrian, I am also facing the same problem with https sites. Yahoo works fine with me but I am having problem with hotmail. Please advice me on how do I handle this or is there any guide which I can refer to. I don't know of an easy way to handle this, I'm sorry. I know how I'd handle it in Squid-2.6 but it'd require a couple weeks of work and another few weeks of testing. I have 2 FreeBSD-6.2 transparent Squid proxies using WCCP2 with a Cisco 3620 router. Up till now, I am not facing any HTTPS problem. At least, nobody is complaining about Hotmail and Yahoo web mail services. (Considering how much of a problem this has caused people in the past I'm surprised a solution hasn't been contributed back to the project..) Maybe, the solution lies on the setup of the Operating System, Squid and Router itself. Thanking you... Adrian -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Optimal maximum cache size
Hi Amos, Amos Jeffries wrote: Is there such a thing as too much disk cache? Presumably squid has to have some way of checking this cache, and at some point it takes longer to look for a cached page than to serve it direct. At what point do you hit that sort of problem, or is it so large no human mind should worry? :) Paul IT Systems Admin Disk cache is limited by access time and ironically RAM. Squid holds an in-memory index of 10MB-ram per GB-disk. With large disk caches this can fill RAM pretty fast, particularly if the cache is full of small objects. Large objects use less index space more disk. Some with smaller systems hit the limit at 20-100GB, others in cache farms reach TB. As for the speed of lookup vs DIRECT. If anyone has stats, please let us know. I can't understand under what circumstances the cache Lookup will be slower than DIRECT lookup unless one has a net connection faster than the disks! For a 20 GB cache with 1175539 on-disk objects: Median Service Times (seconds) 5 min60 min: HTTP Requests (All): 1.24267 1.38447 Cache Misses: 1.54242 1.71839 Cache Hits:0.00919 0.00865 Near Hits: 1.38447 1.62803 Not-Modified Replies: 0.00179 0.00091 DNS Lookups: 0.04237 0.04433 ICP Queries: 0.00102 0.00096 The cache Lookup is 170 times faster than DIRECT lookups! MAYBE, if I use a bigger cache say, 100-300 GB, the results could be different. But I believe that running multiple Squid boxes with smaller caches (10-30 GB) is always better than running 1 single Squid box with a (100-300 GB) cache. The benefits of running multiple smaller caches far outweigh running a single large cache. But this is only my opinion. From my guess and experience, to run a 300 GB cache, one needs about 6 GB of memory! But I can't imagine how to manage a 300 GB cache if it gets corrupted! Thanking you... Amos -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] FreeBSD, enable or not memory_pools
Hi Alexandre, Alexandre Correa wrote: Hello !! Wich is best for FreeBSD, enable or disable memory_pools ? freebsd 6.2 amd64 The default value seems to work fine for me. But you are free to experiment with it and report back your results! regards !! -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] squid proccess freeze
ix=3D/usr' '--bindir=3D/usr/bin' '--sbindir=3D/usr/sbin' '--sysconfdir=3D/etc' '--includedir=3D/usr/include' '--libdir=3D/usr/lib' '--libexecdir=3D/usr/li= bexec' '--sharedstatedir=3D/usr/com' '--mandir=3D/usr/share/man' '--infodir=3D/usr/share/info' '--exec_prefix=3D/usr' '--bindir=3D/usr/sbin' '--libexecdir=3D/usr/lib/squid' '--localstatedir=3D/var' '--sysconfdir=3D/etc/squid' '--disable-useragent-log' '--disable-referer-lo= g' '--enable-kqueue' '--enable-snmp' '--enable-removal-policies=3Dheap,lru' '--enable-storeio=3Daufs,coss,diskd,ufs' '--enable-ssl' '--enable-ipf-transparent' '--enable-linux-netfilter' '--with-pthreads' '--disable-dependency-tracking' '--enable-cachemgr-hostname=3Dlocalhost' '--disable-ident-lookups' '--enable-underscores' '--datadir=3D/usr/share' '--with-maxfd=3D4096' '--enable-async-io' '--disable-dlmalloc' '--with-aio' somebody knowns wat=B4s happens ?! Is that the output of "squid -v"? By the way, what is the 3D reference in your compilation parameters for? Did you install Squid from FreeBSD ports or did you compile it yourself? thanks.. regards, -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] squid proccess freeze
Alexandre Correa wrote: Hello !! I testing squid on freebsd 6.2 amd64+SMP, server is 2 procs dual-core opteron 4gb ram ... after some time running .. squid proccess refusing connections, if i try to "kill" them, proccess don=B4t stop.. no errors is show.. without core dumps= ... How many users is your Squid box serving? It's strange that there is no errors. Where have you defined the cache_log directive in your squid.conf? When you say "after some time running .. squid proccess refusing connections", is it a few minutes or hours or even days? Can you post the output of "squidclient mgr:info"? Posting your squid.conf may help too. # ps auwx | grep squid USERPID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND squid 807 0.0 16.1 679548 671268 ?? T10:52PM 10:50.02 (squid) -D -s (squid) squid 864 0.0 0.0 2472 752 ?? Is 10:52PM 0:00.00 (unlinkd) (unlinkd) root 36341 0.0 0.0 5852 1212 p0 R+ 10:59AM 0:00.00 grep squi= d using AUFS !! squid 2.6.STABLE16 configure options: '--program-prefix=3D' '--prefix=3D/usr' '--exec-prefix=3D/usr' '--bindir=3D/usr/bin' '--sbindir=3D/usr/sbin' '--sysconfdir=3D/etc' '--includedir=3D/usr/include' '--libdir=3D/usr/lib' '--libexecdir=3D/usr/li= bexec' '--sharedstatedir=3D/usr/com' '--mandir=3D/usr/share/man' '--infodir=3D/usr/share/info' '--exec_prefix=3D/usr' '--bindir=3D/usr/sbin' '--libexecdir=3D/usr/lib/squid' '--localstatedir=3D/var' '--sysconfdir=3D/etc/squid' '--disable-useragent-log' '--disable-referer-lo= g' '--enable-kqueue' '--enable-snmp' '--enable-removal-policies=3Dheap,lru' '--enable-storeio=3Daufs,coss,diskd,ufs' '--enable-ssl' '--enable-ipf-transparent' '--enable-linux-netfilter' '--with-pthreads' '--disable-dependency-tracking' '--enable-cachemgr-hostname=3Dlocalhost' '--disable-ident-lookups' '--enable-underscores' '--datadir=3D/usr/share' '--with-maxfd=3D4096' '--enable-async-io' '--disable-dlmalloc' '--with-aio' somebody knowns wat=B4s happens ?! Is that the output of "squid -v"? By the way, what is the 3D reference in your compilation parameters for? Did you install Squid from FreeBSD ports or did you compile it yourself? thanks.. regards, -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid to Log DNS Querys
Hi Robin, Robin-Vossen wrote: Hello, I wonder is there a way to log all DNS requests that go out of our network with Squid. Since I noticed that we had a Trojan Horse on our Company Network. And well it didnt send it self the data out. It did send DNS Querys to there DNS Server.. And a Firewall doesnt detect that. Is there a way to Log the DNS Querys with Squid so I can Monitor that myself? Are you runing Squid transparently? As Thomas pointed out, Squid does not see DNS queries on your network. That's the job of your DNS servers and your gateway firewall. You can only log the DNS queries that your Squid box actually makes to your DNS servers. You can use the following option in your squid.conf: dns_nameservers IP.OF.YOUR.DNSSERVER One way is to run a local DNS caching name server on the Squid box itself and point your clients machines to this caching name server which then forwards the DNS requests to your actual DNS servers. Probably the better way is to block the unwanted DNS queries on your DNS servers or gateway firewall. Just curious, which Trojan Horse did you detect in your network? When you say that your firewall does not detect them, do you mean a firewall running on your clients' machines or on your Gateway firewall itself? Thanking you... Thanks alot. Cheers, Robin -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid Cache on a Solaris ZFS file system
Hi Michael, Michael Pye wrote: On Tue, Oct 30, 2007 at 01:38:31PM +0545, Tek Bahadur Limbu wrote: I wanted to know if somebody here is running a Squid cache on a Solaris box (i386)? Basically, I want to know if somebody here on this list is using a ZFS file system for a proxy cache and what will be it's performance? Will it improve or degrade Squid's performance? Or better still, is there any kind of benchmark tools for graphing Squid performance on a ZFS file system? Well I can't offer you much info, but I am running squid on a solaris 10 sparc box (v100) using zfs for the cache and logging areas of squid. It's not a high performing system but my impression is that performance has improved, but I haven't done any benchmarking, the v100 is pretty low spec cpu and only 1 IDE hd. However, I can recommend using zfs for your caching filesystem. Also on solaris 10 make sure you compile squid with --enable-devpoll to get good performance. I appreciate your tips and suggestions. Let me compile with the "--enable-devpoll" parameter and put Squid's Cache objects on a ZFS file system. Will update you regarding the performance in the coming days ahead. Thanking you... -- Michael -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid Stopped Working
:38| User-Agent logging is disabled. 2007/11/01 12:47:38| Referer logging is disabled. 2007/11/01 12:47:38| Unlinkd pipe opened on FD 11 2007/11/01 12:47:38| Swap maxSize 9216 KB, estimated 7089230 objects 2007/11/01 12:47:38| Target number of buckets: 354461 2007/11/01 12:47:38| Using 524288 Store buckets 2007/11/01 12:47:38| Max Mem size: 8192 KB 2007/11/01 12:47:38| Max Swap size: 9216 KB 2007/11/01 12:47:38| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2007/11/01 12:47:38| Rebuilding storage in /var/spool/squid (DIRTY) 2007/11/01 12:47:38| Using Least Load store dir selection 2007/11/01 12:47:38| Set Current Directory to /var/cache/squid 2007/11/01 12:47:38| Loaded Icons. 2007/11/01 12:47:38| Accepting proxy HTTP connections at 0.0.0.0, port 8000, FD 13. 2007/11/01 12:47:38| Accepting ICP messages at 0.0.0.0, port 3130, FD 14. 2007/11/01 12:47:38| HTCP Disabled. 2007/11/01 12:47:38| Accepting SNMP messages on port 3401, FD 15. 2007/11/01 12:47:38| WCCP Disabled. 2007/11/01 12:47:38| Pinger socket opened on FD 16 2007/11/01 12:47:38| Ready to serve requests. 2007/11/01 12:47:38| Store rebuilding is 3.1% complete 2007/11/01 12:47:38| icmpSend: send: (111) Connection refused 2007/11/01 12:47:38| Closing Pinger socket on FD 16 2007/11/01 12:47:41| Starting Squid Cache version 2.6.STABLE16 for i686-pc-linux-gnu... 2007/11/01 12:47:41| Process ID 12094 2007/11/01 12:47:41| With 4096 file descriptors available 2007/11/01 12:47:41| Using epoll for the IO loop 2007/11/01 12:47:41| DNS Socket created at 0.0.0.0, port 1025, FD 6 2007/11/01 12:47:41| Adding nameserver xx..x.xx from /etc/resolv.conf 2007/11/01 12:47:41| Adding nameserver xxx.x.xx.xxx from /etc/resolv.conf 2007/11/01 12:47:41| Adding domain x.au from /etc/resolv.conf 2007/11/01 12:47:41| User-Agent logging is disabled. 2007/11/01 12:47:41| Referer logging is disabled. 2007/11/01 12:47:41| Unlinkd pipe opened on FD 11 2007/11/01 12:47:41| Swap maxSize 9216 KB, estimated 7089230 objects 2007/11/01 12:47:41| Target number of buckets: 354461 2007/11/01 12:47:41| Using 524288 Store buckets 2007/11/01 12:47:41| Max Mem size: 8192 KB 2007/11/01 12:47:41| Max Swap size: 9216 KB 2007/11/01 12:47:41| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2007/11/01 12:47:41| Rebuilding storage in /var/spool/squid (DIRTY) 2007/11/01 12:47:41| Using Least Load store dir selection 2007/11/01 12:47:41| Set Current Directory to /var/cache/squid 2007/11/01 12:47:41| Loaded Icons. 2007/11/01 12:47:41| Accepting proxy HTTP connections at 0.0.0.0, port 8000, FD 13. 2007/11/01 12:47:41| Accepting ICP messages at 0.0.0.0, port 3130, FD 14. 2007/11/01 12:47:41| HTCP Disabled. 2007/11/01 12:47:41| Accepting SNMP messages on port 3401, FD 15. 2007/11/01 12:47:41| WCCP Disabled. 2007/11/01 12:47:41| Pinger socket opened on FD 16 2007/11/01 12:47:41| Ready to serve requests. 2007/11/01 12:47:42| Store rebuilding is 3.1% complete 2007/11/01 12:47:42| icmpSend: send: (111) Connection refused 2007/11/01 12:47:42| Closing Pinger socket on FD 16 2007/11/01 12:47:45| Starting Squid Cache version 2.6.STABLE16 for i686-pc-linux-gnu... 2007/11/01 12:47:45| Process ID 12098 _ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the email administrator. This footnote also confirms that this email message has been swept by MAILsweeper for the presence of computer viruses. __ -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] possible memory leak
Hi Rihad, rihad wrote: Squid using almost twice as much memory as was accounted for (according to top(1)): 4243 squid 29 200 1325M 1317M kserel 42:39 0.00% squid Since last time, after you reduced your cache_mem from 1000 MB to 300 MB, your Squid memory usage has gone down by half!! Is this expected? FreeBSD 6.2-RELEASE-p8 Squid 2.6.16 using kqueue, aufs. Some squid.conf lines: cache_mem 300 MB cache_replacement_policy heap LFUDA cache_dir aufs /cache 5 128 256 cache_dir aufs /cache2 5 128 256 I guess /cache and /cache2 reside on the same hard drive? Try reducing your 1st level directories in the range of 16-64. Other options have been kept default more or less. Some relevant cachemgr lines: Storage Mem size:307212 KB Total accounted: 763252 KB Number of clients accessing cache:794 I suggest cleaning your directories and rebuilding it once again. Squid might be reporting the wrong values since the last time you restart it! Can you post the full output of "squidclient mgr:info"? Thanking you... . -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] How to setup squid as http proxy server
Hi Ying, ying lcs wrote: On 10/31/07, Tek Bahadur Limbu <[EMAIL PROTECTED]> wrote: Hi Ying, ying lcs wrote: Hi, I am able to compile and get squid running on my ubuntu machine. However, when I see my proxy setting in my firefox: Manual proxy configuration: HTTP Proxy: 127.0.0.1 Port: 3128 And when when I load 'www.google.com' in my firefox , I get this error page: The proxy server is refusing connections Firefox is configured to use a proxy server that is refusing connections. * Check the proxy settings to make sure that they are correct. * Contact your network administrator to make sure the proxy server is working. Are you sure that you are running Squid on port 3128? Yes, I am sure it is running on 3128. I check the squid access log, I see the following: 1193801812.865 0 127.0.0.1 TCP_DENIED/403 1404 GET http://127.0.0.1/plain.t xt - NONE/- text/html 1193801816.006 0 127.0.0.1 TCP_DENIED/403 1404 GET http://127.0.0.1/plain.t xt - NONE/- text/html 1193805983.331 0 127.0.0.1 TCP_DENIED/400 1503 GET www.google.com - NONE/- text/html 1193806012.286 0 127.0.0.1 TCP_DENIED/403 1394 GET http://www.google.com - NONE/- text/html Or you need to add the following ACL acl localhost src 127.0.0.1/32 http_access allow localhost Note: Remember to add it before the "http_access deny all" ACL I have these as my ACL (I am just using the defaults in squid 2.6 16): Can you please tell me why do I need to add '' acl localhost src 127.0.0.1/32"? And I tried 'http://www.google.com' (not just 127.0.0.1/plain.txt) and it does not work either. #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # TAG: http_access # Allowing or Denying access based on defined access lists # # Access to the HTTP port: # http_access allow|deny [!]aclname ... # # NOTE on default values: # # If there are no "access" lines present, the default is to deny # the request. # # If none of the "access" lines cause a match, the default is the # opposite of the last line in the list. If the last line was # deny, the default is allow. Conversely, if the last line # is allow, the default will be deny. For these reasons, it is a # good idea to have an "deny all" or "allow all" entry at the end # of your access lists to avoid potential confusion. # #Default: # http_access deny all # #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access allow manager localhost is NOT THE SAME as http_access allow localhost Just add "http_access allow localhost" below your "http_access allow manager localhost". It should work after that! An alternative way is to use the actual IP of your Squid proxy server. Supposing that your IP of your Squid Proxy is: 192.168.1.1, just use: Proxy: 192.168.1.1 Port: 3128 in your web browser. This should work as well. http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks # And finally deny all other access to this proxy http_access deny all And when I load '127.0.0.1/plain.txt' in my firefox, I get this error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://127.0.0.1/plain.txt The following error was encountered: * Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is webmaster. Squid is a proxy cache server and not an Apache web server. There is a big difference
Re: [squid-users] How to setup squid as http proxy server
Hi Ying, ying lcs wrote: Hi, I am able to compile and get squid running on my ubuntu machine. However, when I see my proxy setting in my firefox: Manual proxy configuration: HTTP Proxy: 127.0.0.1 Port: 3128 And when when I load 'www.google.com' in my firefox , I get this error page: The proxy server is refusing connections Firefox is configured to use a proxy server that is refusing connections. * Check the proxy settings to make sure that they are correct. * Contact your network administrator to make sure the proxy server is working. Are you sure that you are running Squid on port 3128? Or you need to add the following ACL acl localhost src 127.0.0.1/32 http_access allow localhost Note: Remember to add it before the "http_access deny all" ACL And when I load '127.0.0.1/plain.txt' in my firefox, I get this error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://127.0.0.1/plain.txt The following error was encountered: * Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is webmaster. Squid is a proxy cache server and not an Apache web server. There is a big difference between them! Apache serves the web pages and Squid fetches those web pages. Can you please tell me what am I missing in setting up my squid as the http server? Check out the following sites for more information. (1.) http://wiki.squid-cache.org/FrontPage (2.) http://wiki.squid-cache.org/SquidFaq (3.) http://www.deckle.co.za/squid-users-guide/Main_Page Thank you. Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
[squid-users] Squid Cache on a Solaris ZFS file system
Hi all, I wanted to know if somebody here is running a Squid cache on a Solaris box (i386)? I am planning to deploy a Squid proxy cache on a Solaris box. Now since a proxy cache will probably be storing a couple of million objects on disk (most of them small objects), I wanted to know what ZFS's impact will be on Squid? Basically, I want to know if somebody here on this list is using a ZFS file system for a proxy cache and what will be it's performance? Will it improve or degrade Squid's performance? Or better still, is there any kind of benchmark tools for graphing Squid performance on a ZFS file system? I know that it question is not related to Squid directly. But no harm in asking, right? Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] yahoo web cam service behind squid
Hi Mohan, Mohan Jayaweera wrote: Greetings to everybody! my yahoo web cam says that I am behind to a firewall and can't not connect to the yahoo web cam service when I try thru squid proxy. but there is no firewall or SELinux policies applied at the squid proxy. ( i use squid-2.6.STABLE16 on Fedora 7) any idea? Where is your Squid proxy server located in your network? Are you running it in transparent mode? Are you sure that no default firewall is running on your Fedora box? What does "/sbin/iptables -vnL" say? How do you get your bandwidth pipe? Thanking you... Mohan -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid can't connect some web sites
Hi Bruce, Cheng Bruce wrote: Hi Tek, Thank you so much. Do you live in Nepal ? Yes I am currently living in the Himalayan Kingdom of Nepal! And you are from Singapore? So pfSense is based on OpenBSD's PF firewall. Which OS is your hardware running on? pfSense's OS is FreeBSD 6.2, it is based on OpenBSD's PF firewall. If you are interested in pfSense, we can chat in private, pfSense is opensource, I think it very nice. pfSense sounds interesting. If I decide to implement it, I will get help from you then! Although, the first time, I admit that it took a long time to access it. However, once the pages start loading, the browsing of this site is fine. I think that is maybe the problem is due to this site. What is the exact error message that Squid reports before timing out? I see a lot of TCP_MISS. It could be the web server's problem. How did you install Squid? Are you sure that your ACLs are not affecting this site? pfSense ( www.pfsense.com) is the open source, it bases on m0n0wall (another firewall, OS is FreeBSD). pfSense has this package, I just click squid package link in webGUI, it will finish installing all relative packages. So pfSense is something similar to Webmin? So you just click the Squid package and it gets installed? What other packages besides Squid are there in pfSense? I am sure that the RULEs are not affecting this site, and I set the rules in firewall to pass it to make sure it will go through my network. Well since I can access this site, it could also mean the problem is arising due to pfSense. But I am not sure about it. At the beginning, I access this site without squid, and I can access this site but I need to wait for a long time to see whole pages. Therefore I think the problem may be due to pfSense. But I asked my friends (in Malaysia, in China, in Taiwan, in USA) access this site via Squid, they don't use pfSense, They have the same problems like me. Since so many different people located in different regions are facing the same problem too, then it is highly likely to be a problem at the web server. By the way, how are you managing access to this site (www.hsa.gov.sg) currently? Are you bypassing this from your squid proxy server right now to access it? Therefore I think there is something wrong between this site and Squid. I am trying to figure out what happen, but ... 12:21:25 [EMAIL PROTECTED]:~$ telnet www.hsa.gov.sg 80 I traced it before, but I am not quite sure where the main problem is. Maybe other people on this list may have further suggestions. Let's wait for a few more days. By the way, do you also have a parent proxy server besides your pfSense Squid box? Please advise me. Thank you in advance. Best Regards, Bruce Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Low HIT ratio with Coss
Hi Usman, usman wrote: Hi EveryOne, I am getting very low Request Hit ratio on squid cache since i implemented coss. The caching directories containing coss stripes file are filling up very very slow. /dev/amrd1s1d 16G136M 15G 1%/cache1 /dev/amrd2s1d 16G141M 15G 1%/cache2 /dev/amrd3s1d 33G5.9G 24G20%/cache3 From what I understand, COSS by default stores smaller objects in comparison to UFS, AUFS or DISKD. This may explain why the COSS directories are filling up slowly. you can see the comparison between diskd and coss directories. The cache_dir settings are cache_dir coss /cache1 12000 max-size=1048576 max-stripe-waste=524288 membufs=500 cache_dir coss /cache2 12000 max-size=1048576 max-stripe-waste=524288 membufs=500 cache_dir diskd /cache3 28000 16 256 Q1=72 Q2=64 My COSS cache_dir are as follows: cache_dir coss /cache1/squid/coss 8192 max-size=131072 max-stripe-waste=16384 block-size=1024 membufs=500 On other caches with same refresh pattern (total Diskd or Aufs) I get around 45 - 55 % Request HIT ratio. Currently its 12 % with coss. The caching directories are not fully loaded yet but still I feel its very low request hit ratio. In one of my FreeBSD Squid box utilizing COSS with the following uptime: Squid Object Cache: Version 2.6.STABLE16 Start Time: Sun, 09 Sep 2007 11:31:49 GMT Current Time: Thu, 25 Oct 2007 16:33:23 GMT I get the following results: Request Hit Ratios: 5min: 47.3%, 60min: 46.1% Byte Hit Ratios:5min: 17.9%, 60min: 17.5% Request Memory Hit Ratios: 5min: 0.2%, 60min: 0.3% Request Disk Hit Ratios:5min: 55.2%, 60min: 54.5% Cache Hits:0.00767 0.00767 Near Hits: 1.38447 1.31166 Where is something wrong in my Config ? I am sure that the low HIT ratio is not a Configuration problem. Also please suggest the size of "block-size" in coss settings, I am using FreeBSD 6.2 with UFS2 file system (with default block size of file system 16384 bytes). RAM is 4 GB, SMP System. How long has your FreeBSD squid box been running? My advise is to be a little more patience with COSS. Let the COSS directories get filled up. I am sure that your request HIT ratios will gradually increase. Regards usman Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid can't connect some web sites
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Bruce, On Thu, 25 Oct 2007 09:58:39 +0800 "Cheng Bruce" <[EMAIL PROTECTED]> wrote: > Dear all, > > Recently I meet the strange problem, Squid can't access some web > sites. For example, http://www.hsa.gov.sg/ > > I'm using pfSense 1.2-RC2(built on Fri Aug 17 17:46:06 EDT 2007), and > I have Squid ( 2.6.5_1-p15) installed as a transparent proxy on my > LAN. All seemed to be working fine until my users told me there's the > website that can't see. Most of the times, it's not Squid's problem if it can't access some sites. It's either some misconfigured web server or firewall which is causing the problem in the 1st place. Squid just reports the errors. So pfSense is based on OpenBSD's PF firewall. Which OS is your hardware running on? > > I check the access.log, I saw a lot of TCP_MISS, and I use ethereal to > trace from my local computer to that web site, It seems to lost some > packets. I can browse this site using either my transparent proxy or manually putting the proxy serer in my web browser. Although, the first time, I admit that it took a long time to access it. However, once the pages start loading, the browsing of this site is fine. > > The browser of the windows clients only can see the title and the > browser just keeps trying to connect the HTML page until it times-out, > its source html page is not full retrieved. > I looked up the source of this website, it has not finished with this > tag What is the exact error message that Squid reports before timing out? Since your clients can see the Title of the web page, then the problem must be somewhere between your pfSense box and the remote web server. How did you install Squid? Are you sure that your ACLs are not affecting this site? > > I tried to modify the squid.conf to directly connect out without > caching, I google it and found this page > http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-d82a8d4c42f3600c857cef92d77d76914af54592 > (Can I make Squid go direct for some sites?) and modified the setting > then restarted. It still can't work it out. This only works if you have a parent proxy. You probably have to edit your firewall to bypass this site from your transproxy. > > I found another article > http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-699d810035c099c8b4bff21e12bb365438a21027 > ( Can't connect to some sites through Squid ) > But don't know how to test it in pfSense. Is your pfSense a commercial customized box or did you just installed this pfSense on a local Linux/BSD machine? > > I asked my friends access this web site via their own squid proxy, > they have the same problems, therefore I don't think it is due to > pfSnese. Well since I can access this site, it could also mean the problem is arising due to pfSense. But I am not sure about it. > > Any suggestions will be appreciated. Maybe, the following results could provide something if any: 12:21:25 [EMAIL PROTECTED]:~$ telnet www.hsa.gov.sg 80 Trying 160.96.5.221... Connected to www.hsa.gov.sg. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 302 Moved Temporarily Server: Sun-ONE-Web-Server/6.1 Date: Thu, 25 Oct 2007 07:16:39 GMT Content-length: 0 Content-type: text/html Location: http://www.hsa.gov.sg/publish/hsaportal/en/home.html Connection: close Set-Cookie: BIGipServerHSA_Portia_Inter=403298058.20480.; path=/ Connection closed by foreign host. 13:03:43 [EMAIL PROTECTED]:~$ telnet www.hsa.gov.sg 80 Trying 160.96.5.221... Connected to www.hsa.gov.sg. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 302 Moved Temporarily Server: Sun-ONE-Web-Server/6.1 Date: Thu, 25 Oct 2007 07:17:02 GMT Content-length: 0 Content-type: text/html Location: http://www.hsa.gov.sg/publish/hsaportal/en/home.html Connection: close Set-Cookie: BIGipServerHSA_Portia_Inter=403298058.20480.0000; path=/ Connection closed by foreign host. Thanking you... > > Please advise me. > Thank you in advance. > Best Regards, > Bruce > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np http://teklimbu.wordpress.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHIEwQfpE0pz+xqQQRAk2yAJ0e0M1IMNXaqrZRm0ab9s/m9f0uVwCfeDBA 1f0hez/TWpiSOERnsTx+C0k= =KKBm -END PGP SIGNATURE-
Re: [squid-users] how to Configure squid cache with 1 NIC, 1 public IP ?
Hi Yogesh, Yogesh Patil wrote: Hello, Thanks for the help, i am using Dell PowerEdge 840 Server with Fedora Core 7, and Squid 2.6, my sceanario is as follows. 1) Router connected to the fiber leased line (it is the gateway for all system now) 2) Squid Cache Server (1 NIC, Public IP) 3) DNS Server (1 NIC Public IP) 4) Bandwidth Management Server with 2 NIC (1 Goes to Public IP / Another Goes to Customer with Private IP) Now i want to use Squid for Cache and natting will be done at my bandwidth management server, currently there is not natting enabled on my router, so if you can help me in configuring the router for forwarding the web requests to the Squid, i will be very thankful to you also one on which port i have to implement port forwarding for forwarding web requests to the Squid, and as i will be configuring squid with transparency. I think you can put your Bandwidth management shaper in front of your router and add a static route in it to forward all packets to the router. This way, the shaper becomes the router and you will have total control of your traffic management rules. (1.) Shaper (Gw) --> Router (wccp) --> Squid Then, you can use WCCP on your router for forwarding web requests to Squid's port transparently. Or you can forward your all NAT web traffic from your bandwidth shaper to your Squid box. You need a static route-map in your router to run Squid transparently. (2.) Router(Gw/route-map) --> Shaper ---> Squid However, these are just my thoughts. I maybe be wrong and somebody else should have a better idea and way to deal with your case. One thing I want to advise is: Why run NAT on an ISP level? You are bound to face problems sooner or later! Or simply, it's not worth it! If possible, get a minimum /22 network. Thanks & Regards, Yogesh Patil Thanking you... On 10/22/07, Tek Bahadur Limbu <[EMAIL PROTECTED]> wrote: Hi Yogesh, Yogesh Patil wrote: Hi, there I would like to configure squid cache for ISP setup only with 1 NIC and 1 Public IP (live IP), so now the question is, how should i configure the squid cache server, with this, as i am having no previous experience with the squid, anybody please tell me procedure, else let me know the website where i can get tutorial for the same. Of course you can configure Squid with just 1 NIC card and I public IP. You need either a load balancer sitting in front of Squid or you need your router to forward web request to your Squid box. I am guessing that you want your Squid to run transparently too. If configuring squid with 1 NIC & 1 public ip is not possible, please tell me the procedure for configuring squid cache with 2 NIC & 2 PUBLIC IP (not a single private IP), * I am connecting to the internet through dedicated leased line. Do you have a router connected to your leased line? If so, then setup your router to forward web requests to your single NIC Squid box. Since you mentioned using this Squid box for an ISP, will your customers also be having Public IP addresses or will they be having private address running under NAT? Which OS will you be using on what hardware? Thanks in advance Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] how to Configure squid cache with 1 NIC, 1 public IP ?
Hi Yogesh, Yogesh Patil wrote: Hi, there I would like to configure squid cache for ISP setup only with 1 NIC and 1 Public IP (live IP), so now the question is, how should i configure the squid cache server, with this, as i am having no previous experience with the squid, anybody please tell me procedure, else let me know the website where i can get tutorial for the same. Of course you can configure Squid with just 1 NIC card and I public IP. You need either a load balancer sitting in front of Squid or you need your router to forward web request to your Squid box. I am guessing that you want your Squid to run transparently too. If configuring squid with 1 NIC & 1 public ip is not possible, please tell me the procedure for configuring squid cache with 2 NIC & 2 PUBLIC IP (not a single private IP), * I am connecting to the internet through dedicated leased line. Do you have a router connected to your leased line? If so, then setup your router to forward web requests to your single NIC Squid box. Since you mentioned using this Squid box for an ISP, will your customers also be having Public IP addresses or will they be having private address running under NAT? Which OS will you be using on what hardware? Thanks in advance Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid eating too much memory
Hi Rihad, rihad wrote: Tek Bahadur Limbu wrote: Hi Rihad, rihad wrote: CacheMgr output: Memory accounted for: Total accounted: 1323944 KB Memory usage using top(1): PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 29601 squid 29 200 2533M 2465M kserel 92:12 0.00% squid Almost twice as much memory! Any hints? What is your settings for the following parameters? cache_mem maximum_object_size maximum_object_size_in_memory cache_replacement_policy memory_replacement_policy ipcache_size fqdncache_size cache_mem 1000 MB maximum_object_size 100 MB # maximum_object_size_in_memory 8 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA # ipcache_size 1024 # fqdncache_size 1024 I also suggest you to reduce the size of your cache_mem. Which storage scheme are you using? aufs Should work nicely on a 6.2 Number of clients accessing cache:517 Normally load is within 500-1500 clients. How long is your Squid process been running? 3 to 4 days, but it doesn't matter: I've had weeks or months of uptime, too. Eventually the process hits its memory size limit (kern.maxdsiz) set at 2.5 gigs at the moment and croaks (and restarts) unless I decrease cache_mem. There's little point in using less RAM as the box has ~3.3 gigs of it, and is dedicated to Squid (and its dedicated dnscache). You can also try increasing your kern.maxdsiz then. Your server's memory usage seems unusually high even for 1500 clients. My proxy server which serves 2000-3000 clients is currently using 650 MB of memory despite running for more than 55 days. How big is your cache store? I have a COSS store with a size of 10 GB. Used to have bigger cache sizes, but COSS rebuilding time is it's weakest point in my opinion. Squid 2.6.16 FreeBSD 6.2-RELEASE-p8 What is your machines specs? # grep -e ^CPU: -e memory -e ^ad /var/run/dmesg.boot CPU: Intel(R) Pentium(R) D CPU 2.80GHz (2813.85-MHz 686-class CPU) real memory = 3489595392 (3327 MB) avail memory = 3414970368 (3256 MB) ad4: 238475MB at ata2-master SATA150 ad6: 238475MB at ata3-master SATA150 Pretty decent hardware. Two cache_dir's lie on both disks (25 gigs each at the moment, but I'm planning for more). The bigger the cache sizes, the more rebuilding time it takes! Port compiled with all options unchecked and both AUFS & KQUEUE checked (as per "make config" and /var/db/ports/squid/options) Can you post the full output of "squidclient mgr:info"? Squid Object Cache: Version 2.6.STABLE16 Start Time: Thu, 18 Oct 2007 17:10:09 GMT Current Time: Sun, 21 Oct 2007 09:39:51 GMT Connection information for squid: Number of clients accessing cache: 517 Number of HTTP requests received: 9410288 Number of ICP messages received:0 Number of ICP messages sent:0 Number of queued ICP replies: 0 Request failure ratio: 0.00 Average HTTP requests per minute since start: 2431.8 Average ICP messages per minute since start:0.0 Select loop called: 74113837 times, 3.133 ms avg Cache information for squid: Request Hit Ratios: 5min: 35.6%, 60min: 37.1% Byte Hit Ratios:5min: 21.4%, 60min: 18.1% Request Memory Hit Ratios: 5min: 12.0%, 60min: 15.0% Request Disk Hit Ratios:5min: 22.9%, 60min: 26.2% Storage Swap size: 22427274 KB Storage Mem size: 1023900 KB Mean Object Size: 13.62 KB Requests given to unlinkd: 0 Median Service Times (seconds) 5 min60 min: HTTP Requests (All): 0.08265 0.08265 Cache Misses: 0.17711 0.18699 Cache Hits:0.00463 0.00562 Near Hits: 0.12106 0.14252 Not-Modified Replies: 0.00286 0.00379 DNS Lookups: 0.11405 0.10906 ICP Queries: 0.0 0.0 You seem to have a fast connection? Probably fiber optic? How big is your bandwidth pipe? Still, your DNS lookups seems a little slow compared to your Median response time. You also mentioned that you are running a DNS caching name server on this squid box? So you are just using a single squid box? Resource usage for squid: UP Time:232181.468 seconds CPU Time: 5971.253 seconds CPU Usage: 2.57% CPU Usage, 5 minute avg:3.98% CPU Usage, 60 minute avg: 3.55% Process Data Segment Size via sbrk(): -1583756 KB Maximum Resident Size: 2549632 KB Page faults with physical i/o: 3799 Very little CPU utilization. That's one of the best feature of Squid-2.6 I guess. Are you having service outages? Your page faults seems a little high for a cache which is only 3-4 days old. Memory accounted for: Total ac
Re: [squid-users] Squid eating too much memory
Hi Rihad, rihad wrote: CacheMgr output: Memory accounted for: Total accounted: 1323944 KB Memory usage using top(1): PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 29601 squid 29 200 2533M 2465M kserel 92:12 0.00% squid Almost twice as much memory! Any hints? What is your settings for the following parameters? cache_mem maximum_object_size maximum_object_size_in_memory cache_replacement_policy memory_replacement_policy ipcache_size fqdncache_size Which storage scheme are you using? Can you post your relevant configs of your squid.conf? Number of clients accessing cache:517 Normally load is within 500-1500 clients. How long is your Squid process been running? Your server's memory usage seems unusually high even for 1500 clients. My proxy server which serves 2000-3000 clients is currently using 650 MB of memory despite running for more than 55 days. Squid 2.6.16 FreeBSD 6.2-RELEASE-p8 What is your machines specs? Port compiled with all options unchecked and both AUFS & KQUEUE checked (as per "make config" and /var/db/ports/squid/options) Can you post the full output of "squidclient mgr:info"? Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] common squid hostnames & RFC 2219
Hi Craig, Craig Skinner wrote: What are the most common host names that users on this list use for their squid boxes? I'm asking in light of RFC 2219 while cobbling up a fairly generic WPAD proxy.pac file. http://www.faqs.org/rfcs/rfc2219.html 3. Special cases Special Cases: --- Alias Service --- archiearchie [ARCHIE] fingerFinger [RFC-1288] ftp File Transfer Protocol [RFC-959] gopherInternet Gopher Protocol [RFC-1436] ldap Lightweight Directory Access Protocol [RFC-1777] mail SMTP mail [RFC-821] news Usenet News via NNTP [RFC-977] ntp Network Time Protocol [RFC-1305] phCCSO nameserver [PH] pop Post Office Protocol [RFC-1939] rwhoisReferral WHOIS [RFC-1714] wais Wide Area Information Server [RFC-1625] whois NICNAME/WHOIS [RFC-954] www World-Wide Web HTTP [RFC-1945] --- So do folk commonly use these host names for squid, or something else?: squid.example.org proxy.exam.. webcache. cache. www-proxy. webproxy. gateway. I will go with "proxy.exam.." option. What is the "prefered" host name for the service? I will prefer "proxy.exam.." from my side. Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] monthly log rotation
Hi Arun, Arun Shrimali wrote: Dear All, I have configured Squid 2.5 stable 6. My all settings related to log are default, thus log automatic rotate on sunday night. I want this to be rotate on monthly basis i.e. on 30th / 31st night. where should i make the changes How are you rotating your logs every Sunday night currently? Does your log rotation include just Squid logs or everything (kernel messages,etc)? Is Redhat your OS? Basically, you normally use the utility called logrotate to rotate your machine's various log files. You can check the site below for more information on using logrotate to rotate Squid and Apache logs: http://teklimbu.wordpress.com/2007/10/16/managing-your-linuxunix-log-files-using-logrotate/ Or simply, Add the following entry to rotate your squid logs on the 28th of every month at 1 AM in your /etc/crontab 00 01 28 * * root squid -k rotate > /dev/null 2>&1 Note: you may need to specify the full path of your squid binary. By the way, I personally feel that your Squid 2.5stable6 is way too old! I feel that your time has come to upgrade. Check out the latest stable release below: http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE16.tar.gz Thanking you... Arun -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid on DualxQuad Core 8GB Rams - Optimization - Performance - Large Scale - IP Spoofing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I would also like to share my thoughts regarding the hardware specs for a Squid proxy server which I am posting below. On Wed, 17 Oct 2007 08:03:22 +0100 Tony Dodd <[EMAIL PROTECTED]> wrote: > Adrian Chadd wrote: > > Out of curiousity, how many Squid servers do you have deployed out there? > > > > > > > > Adrian > > > > We've got 8 in total, currently. I'll preempt you asking for specs: > > 4 are: > > Supermicro 1u with Dual Core Xeon 5148 2.33Ghz, 4gb DDR2, 4 x 400gb > 7200rpm disks in hardware raid 1+0. > > These guys proved to be too slow; they start hitting I/O overloads at > around 100-150 requests/sec, so I got: > > Poweredge 1950s with one Quad Core Xeon L5310 1.6Ghz, 8gb FB-DIMM, 4 x > 73gb 15krpm SAS drives in hardware raid 1+0. > > I haven't actually been able to hit the performance limits of these > machines yet; I capped out at a kernel limit around 400 requests/sec. > Interestingly, these guys only cost $200 more than the poor spec SM > machines. Well I think that it's not only hardware specs that we have to consider. We also have to take into account the operating systems, optimizations, Squid versions, Squid's conf files, gateway routers, etc... One of my hardware is a refurbished Dell OptiPlex GX-270 purchased at around $200. Technically this is not a server but rather a desktop! It has the following specs: OS: FreeBSD-6.2 (i386) 38146MB 7200 RPM IDE hard drive 38146MB at ata0-master UDMA100 CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2793.01-MHz 686-class CPU) real memory = 1072103424 (1022 MB) /dev/ad0s1d 10154158 6294544 304728267%/cache1 With this hardware, my proxy server can easily serve 60-80 req/sec (3600 - 4800 req/min). If I push it, it can serve upto 150 req/sec (9000 req/min). The median response service time hardly cross 1.3 seconds considering that we have a satellite link. The CPU utilization which is always less than 15% suggests that it can serve more requests than what it is currently serving. Attached are the current Request/Service/CPU RRD graphs for this proxy server. But I don't mean that we should disregard good and expensive hardware but not everybody can afford them due to some restrictions and constraints. I would love to have a IBM System P series server someday!! > > The squid cluster is set up to only talk to origin servers, and they > don't have a sibling relationship; I found that the 1-2 second overhead > for query/fetch from siblings was impeeding performance... and screwing > up my graphs with leaps to 2000msec from the usual 10msec response time. > In front of the squids, we have lvs + perlbal, depending on the domain > being accessed. I should also mention that they're in use as a reverse > caching proxy. Are your siblings on different subnets? Thanking you... > > > > -- > Tony Dodd, Systems Administrator > > Last.fm | http://www.last.fm > Karen House 1-11 Baches Street > London N1 6DL > > check out my music taste at: > http://www.last.fm/user/hawkeviper > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np http://teklimbu.wordpress.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHFc9bfpE0pz+xqQQRAhfuAJ0cvLNLib5w0TBTYbnYcgKvw38BRACeKM6n 47mme7N7E55O36Zh6nbDA1c= =2l5a -END PGP SIGNATURE- <><><>
Re: [squid-users] Squid on DualxQuad Core 8GB Rams - Optimization - Performance - Large Scale - IP Spoofing
t as a matter of fact, I chose COSS over DISKD because DISKD kept crashing under high load (100 - 250 req/sec). What is your likely customer base? How much requests per second does your Proxies handle currently? If your squid boxes are handling more than 500 requests per second, then I am not sure if COSS will be able to handle them. That's because I have not experimented with requests above 300 req/sec. I am currently running COSS with Squid serving 200 req/sec and I can confirm that it is quite stable and fast. Squid has been running over 50 days without a problem since switching from DISKD to COSS. And I hope that it will continue to run without a problem for a further 365 days!! cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none :: No need to log cache_store, so minimizing the Disk I/O fqdncache_size 51200 ipcache_size 51200 :: Caching IPs/Domain Name and whatnot pipeline_prefetch on :: Performance enhancement shutdown_lifetime 1 second :: Tired to wait whenever i restart my Squids (Only on testing) read_ahead_gap 60 KB maximum_object_size 2 GB minimum_object_size 0 KB maximum_object_size_in_memory 128 KB cache_swap_high 80% cache_swap_low 70% half_closed_clients off memory_pools on positive_dns_ttl 24 hours negative_dns_ttl 30 seconds request_timeout 60 seconds connect_timeout 30 seconds pconn_timeout 30 seconds ie_refresh on dns_nameservers DNS1 DNS2 emulate_httpd_log off log_ip_on_direct on debug_options ALL, 9 pid_filename /var/run/squid.pid My IPtables/sysctl and startup file: #!/bin/sh iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 80 :: I run Squids on port 80 so that i can forward all incoming requests on port 80 to the Squids on the Cisco router level Are you using WCCP or route-map for this? echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range echo 102400 > /proc/sys/net/ipv4/tcp_max_syn_backlog echo 100 > /proc/sys/net/ipv4/ip_conntrack_max echo 100 > /proc/sys/fs/file-max echo 60 > /proc/sys/kernel/msgmni echo 32768 > /proc/sys/kernel/msgmax echo 65536 > /proc/sys/kernel/msgmnb :: Maximizing Kernel configuration ulimit -HSn 100 1 million file descriptors? Will your squid boxes be serving 1 million customers? If that's so, wow, that's great! The maximum file descriptors I am using is 32768. /etc/init.d/squid stop /etc/init.d/squid start :: Re-enforcing ulimit parameters for the Squid process. Thank you Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] re direct mail
Hi Nandika, nandika rupasinghe wrote: Dear This is not regurding Squide matter. I want to redirect my squide mail to another mail address. how can i do it You just need to setup mail forwarding on your mail server to forward to another email address. But it will be better to create a single mail account to be used just for squid-users mailing lists. Then setup mail forwarding of this squid-users mailing list account to another email account. Thanking you... Nandika Rupasinghe UGC -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] transparent proxying
Hi Hemant, I have compiled a small How-To for running Squid + FreeBSD + WCCP on a Cisco 3620 and 7206 router. I am currently using this WCCP2 configuration on 2 of my production FreeBSD-6.x Squid boxes with a Cisco 3620 router with IOS 12.2. I think it should also work for your Cisco 1841 router with IOS 12.4. Since I am using IPFW, I recommend you to use IPFW. But this is only my opinion. I am sure that PF and IPF will also do the job fine. You can find the How-To on the following URL: http://teklimbu.wordpress.com/ Hope it helps. Thanking you... Hemant Raj Chhetri wrote: Hi Masters, I am trying to implement squid as transparent proxy. I have installed squid on freebsd 6.1. The router which I am using is cisco 1841 series router. I am using wccpv2. Could you please help me out with how could I make it a transparent proxy. Thanking you, Hemant. ++ This footer space is available to carry your advertisements unobtrusively. Please contact 02-3226999 or email [EMAIL PROTECTED] for advertisement programs available. ++ -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] upgrade to squid3:
Hi Brian, Brian J. Murrell wrote: I've upgraded from squid 2.6 to 3.0.PRE5-5 and now I am getting various errors in my log. For example: 20:32:58 squid storeSwapMetaUnpack: bad type (9)! 20:32:59 squid storeSwapMetaUnpack: bad type (9)! 20:33:02 squid storeSwapMetaUnpack: bad type (9)! 20:33:27 squid squidaio_queue_request: WARNING - Queue congestion 20:33:27 squid storeSwapMetaUnpack: bad type (9)! 20:33:40 squid storeSwapMetaUnpack: bad type (9)! 20:34:03 squid storeSwapMetaUnpack: bad type (9)! 20:36:02 squid storeSwapMetaUnpack: bad type (9)! 20:36:02 squid storeSwapMetaUnpack: bad type (9)! Which storage scheme are you using for your cache? There have been other messages but I don't have any others on hand right now. Perhaps all of my messages are related to the same issue and if I can cure the above messages, the others will just go away. Have you tried stopping Squid and manually restarting it? You can try cleaning your cache_dirs and starting with a new cache. Then check once again for any messages in your cache.log. So, any idea what those messages above are trying to tell me? Or what I can do do gather further information? I am not really sure what those messages mean but I have seen them at some point in time on my caches. I guess it's somehow related to storage corruption. But my question is, are those messages which are appearing on your cache.log giving you problems like slowness in web browsing, errors while accessing web pages, etc? Since Ubuntu still does not seem to have the latest Squid-3.0.RC1 binary packages, why don't you try downloading the squid-3.0.RC1 source package and compiling it? http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.RC1.tar.gz You will have more control over Squid this way. Squid has one of the best FAQs, installation, wiki guides, etc, covering almost everything from installation to fine-tuning your cache. Thanking you... Thanx! b. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] transparent proxying
Hi Hemant, Hemant Raj Chhetri wrote: Hi Masters, I am trying to implement squid as transparent proxy. I have installed squid on freebsd 6.1. The router which I am using is cisco 1841 series router. I am using wccpv2. Could you please help me out with how could I make it a transparent proxy. First of all, which version of Squid have you installed? From sources or ports? I recommend using 2.6.STABLE16 for WCCP2 and compiling it from sources. Secondly, you need to decide which FreeBSD firewall (IPFW, PF, IPF) you want to use to redirect web traffic to Squid's port 3128 via the GRE tunnel. You MAY need to compile the FreeBSD kernel for this. Thirdly, you need to setup up the GRE tunnel in your FreeBSD box. Luckily, you don't need to compile the FreeBSD kernel for this. 6.x has built-in support for GRE. Which IOS version is running on your 1841 router? Lastly, but not the least you need to configure WCCP on your router and setup the corresponding WCCP configurations on your squid.conf. To connect all the related pieces of information, you can use the following keywords in google and search: Squid + FreeBSD + Cisco + WCCP Good Luck! Thanking you, Hemant. ++ This footer space is available to carry your advertisements unobtrusively. Please contact 02-3226999 or email [EMAIL PROTECTED] for advertisement programs available. ++ -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Caching Expired Objects - One Small Step Forward
Hi Solomon, Solomon Asare wrote: Hi, --- Manoj_Rajkarnikar <[EMAIL PROTECTED]> wrote: Great job solomon. Many of us have been trying to achieve similar with youtube and google vids. this will help a great deal. how big of a cachedir do you keep for youtube vids. should be quite a big to be able to cache the vids in large enough quantity to get a decent hit. I'm gonna try to achieve what you've describe here for my next project. Thanks for the job well done. Manoj Currently, my cache size is 70 GB. I have just filled almost 25 GB. I will upgrade to either 200 or 500 GB when I deploy. I really appreciate your initiative and great work regarding caching youtube objects. Everybody will benefit from your work. Are you intending to run a single cache of 500 GB in size or a couple of proxy caches amounting to 500 GB in size? It's because running a 500 GB cache in a single machine is going to cause you problems along the way. Such a large cache will also be a little more difficult to maintain compared to a 10 or 20 GB cache. Despite the low cost of hard drives these days, I would prefer to spread the disk storage over a couple of squid caches instead of a single cache. They can also be configured for load-balancing later. If for some reasons, your cache gets corrupted, it might take a very long time to fix it and I am sure that Squid's median response might will get higher. Anyway, it's just my suggestion. Thanking you... Solomon. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Squid + Outlook
Hi Arun, Arun Shrimali wrote: Dear All, I am new to Linux and squid, but recently I have been able to setup fedora 6 + squid 2.5 with NCSA authentication (with due help of this list). I know that my new peoblem is not directly related to squid, but I have seen on google that lot of other users are also facing the same problem, and there is no easy guide from squid or linux users / administrator on the issue. When we (me and users) were having direct access to Internet our Outlook were also working perfectly, but as soon as I have installed fedora + squid + NCSA authentication, my users ( windows clients) are facing problem in downloading / sending mails though they can surf Internet. Every body is saying that this is not related to squid (as they work on different ports), but definatly it is a byproduct (at least sympotmatic) of Squid. Thus there is a need to have a simple howto for squid + outlook. I am still looking for help / document on it. Where in your network is this Fedora/Squid box located? Do you have an IPTABLES firewall running on this box? Is this problem just with MS Outlook or with other email clients such as Thunderbird, Eudora, etc? When your clients are having problems downloading/sending emails, can your clients telnet to your Email server on port 25, 110 or 143? While running telnet tests from your client's Windows machines, run tcpdump on your Fedora/Squid box and see if you can actually see traffic on the Outlook related ports such as 25 or 110. Do access.log and cache.log say anything relating to your Outlook problem? Thanking you... regards Arun -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] COSS still under developement?
flags: FULL,NOTWRITING,NOTWRITTEN,DISK Stripe: 11, lockcount: 1, numobjects 190, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 8, lockcount: 1, numobjects 189, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 4, lockcount: 1, numobjects 175, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 6, lockcount: 1, numobjects 175, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 1161, lockcount: 1, numobjects 121, flags: FULL,NOTWRITING,NOTWRITTEN,DISK Stripe: 2, lockcount: 1, numobjects 145, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 5, lockcount: 1, numobjects 182, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 0, lockcount: 1, numobjects 135, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Pending Relocations: Accepted object sizes: 0 - 131072 bytes Store Directory #1 (coss): /cache2/squid/coss FS Block Size 1024 Bytes Maximum Size: 6291456 KB Current Size: 5536796 KB Percent Used: 88.01% Current load metric: 0 / 1000 Number of object collisions: 3 Flags: Pending Relocations: 1 Stripe: 13, lockcount: 5, numobjects 142, flags: NOTFULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 12, lockcount: 2, numobjects 132, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 6, lockcount: 1, numobjects 134, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 4, lockcount: 3, numobjects 122, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 4261, lockcount: 0, numobjects 117, flags: NOTFULL,NOTWRITING,NOTWRITTEN,DISK Stripe: 11, lockcount: 1, numobjects 149, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 10, lockcount: 1, numobjects 154, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 7, lockcount: 1, numobjects 156, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 5, lockcount: 1, numobjects 138, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 0, lockcount: 2, numobjects 116, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 2, lockcount: 1, numobjects 113, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 8, lockcount: 1, numobjects 120, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 1, lockcount: 1, numobjects 159, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Stripe: 9, lockcount: 1, numobjects 129, flags: FULL,NOTWRITING,NOTWRITTEN,MEMONLY Pending Relocations: Stripe: 3968 Number: 1 Accepted object sizes: 0 - 131072 bytes - --- squidclient mgr:5min | grep client client_http.requests = 142.789173/sec client_http.hits = 72.886244/sec client_http.errors = 0.00/sec client_http.kbytes_in = 104.722727/sec client_http.kbytes_out = 1241.499474/sec client_http.all_median_svc_time = 0.036222 seconds client_http.miss_median_svc_time = 1.542425 seconds client_http.nm_median_svc_time = 0.000911 seconds client_http.nh_median_svc_time = 1.177316 seconds client_http.hit_median_svc_time = 0.000911 seconds - --- I need further suggestions to refine and fine-tune COSS for my systems. I appreciate suggestions from anybody regarding my stats above. I definitely hope that COSS will become better in the future. Thanking you... > > mike > > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHBHr4fpE0pz+xqQQRAoGIAKC/6qqyGY+ELbHiGMBoOb9djhKCdgCfUWQx yG9SJMQYEo9g1QaCGgI919g= =SxY9 -END PGP SIGNATURE-
Re: [squid-users] Deployment Considerations
Hi Joseph, Joseph Jenkins wrote: I had a question about how most people were deploying their squid caches, are you deploying them behind firewalls and is so what type of rule set are you using? Is there any case where someone is running the firewall and squid cache on the same box? I am running Squid on a Solaris 10. I am not an expert in Fire walling and security. I am currently deploying Squid both in Linux IPTABLES boxes and FreeBSD IPFW boxes. Both the firewall and Squid are on the same machines. The 1st part of the rules in those firewalls are for redirecting web traffic to squid's port for transproxy. Then there are rules to filter who gets access to Squid's port before hitting Squid in the 1st place. Then comes the small set of stateful rules with the firewall. Then there are the firewall rules to limit who gets access to sensitive ports. Blocking netbios and broadcast traffic from Windows machines on ports 135-139 are also common in my firewall setup. Filtering ICMP traffic is also a good thing to do with a firewall. Lastly but not the least, you make the firewall log intrusion or unwanted activity in a limited way. Some of my Linux Squid boxes are also acting as gateways, so there are some FORWARD and OUTPUT rules besides the INPUT rules to control which network traffic gets in and out of the box. Actually, you should deploy at least 2 hardware/software firewalls before any traffic reaches your Squid proxy. They might include routers, load-balancers or even a Linux/Unix hardened box itself. The reason why I run firewalls inside my Squid boxes is for it to act as the last line of defense in case unwanted traffic somehow penetrates the hardware firewalls. I don't have any experience in Solaris. Which firewall are you using in your Solaris box. I have heard that IPFILTER can run under Solaris. Also the firewall depends upon where the Squid Solaris box resides on your network? Thanking you... TIA Joseph Jenkins www.pixadmin.com -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] delays in squid.
ent mgr:5min | grep client client_http.requests = 0.00/sec client_http.hits = 0.00/sec client_http.errors = 0.00/sec client_http.kbytes_in = 0.00/sec client_http.kbytes_out = 0.01/sec client_http.all_median_svc_time = 0.00 seconds client_http.miss_median_svc_time = 0.00 seconds client_http.nm_median_svc_time = 0.00 seconds client_http.nh_median_svc_time = 0.00 seconds client_http.hit_median_svc_time = 0.00 seconds Still can't see any users using your proxy server. Can you actually post the results while your Squid box is running in your peak hour? Also posting your squid.conf might help. Thanking you... On 9/27/07, Tek Bahadur Limbu <[EMAIL PROTECTED]> wrote: Hi Azfar Hashmi, Azfar Hashmi wrote: I am running squid on a 3ghz p4 processor with 1gb ddr ram. My max simaltanous users are 250 and average 100. I have a 3.5mb circuit on it. I have a 160GB SATAII harddrive on it. My problem is i am getting huge delay with squid (5-10sec in each request and some times more) on peak hours but if i bypass the squid every thing is perfect and page complete in just 1 sec normaly. For a bandwidth pipe of 3.5 mbps, your Squid box should be able to support 250 users. By which means do you get you bandwidth? Do you have large ACLs used for filtering in your Squid box? If yes, then the problem of the huge delay could be attributed to your ACLs. Posting your squid.conf might help? Which OS, firewall and version of Squid are you using? DNS could also be the culprit. Are you running a local caching nameserver? I have defined 20GB in cache_dir. I want to know with that hardware how many users squid can handle and how much bandwidth it can handle? Can you post us the output of the following 2 commands: squidclient mgr:info and squidclient mgr:5min | grep client Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] Squid FreeBSD 6.2 and PF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Mostafa Faridi, On Sat, 29 Sep 2007 12:05:03 +0330 mostafa faridi <[EMAIL PROTECTED]> wrote: > Tek Bahadur Limbu wrote: > > Hi Mostafa Faridi, > > > > > > mostafa faridi wrote: > >> I am new user in squid I want use squid , my firewall is PF and my OS > >> is FreeBSD I want make my system for NAT. > >> > >> I would be grateful if someone help my I do this . > > > > You can check out the following URL to use Squid with PF. > > > > http://www.benzedrine.cx/transquid.html > > > > Which version of FreeBSD are you using? What kind of proxy server do > > you want to use squid for? Transparent or just a normal forward proxy? > > > > Since you will be using PF, remember to include the following > > parameter while compiling Squid either from source or from ports: > > > > "--enable-pf-transparent" > > > > Go for the latest stable release of Squid which is Squid-2.6.STABLE16 > > currently. > > > > You can find the source package from the URL below: > > > > http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE16.tar.gz > > > > > > To achieve NATing using PF, the following tutorial will help: > > > > http://www.section6.net/wiki/index.php/Setting_up_a_Firewall_NAT_using_PF > > > > > > Personally for me, I am using IPFW over PF because I was introduced to > > IPFW first. > > > > However, both should do the job fine. > > > > Hope that helps. > > > > > > Thanking you... > > > > > > > >> > >> > >> > > > > > I go to http://www.benzedrine.cx/transquid.html and do everything but > when I type in termianl > > squid -k reconfigure I see this result > > [EMAIL PROTECTED] /home/mostafa]# squid -k reconfigure > 2007/09/29 09:43:39| parseConfigFile: line 4515 unrecognized: > 'httpd_accel_host virtual' > 2007/09/29 09:43:39| parseConfigFile: line 4516 unrecognized: > 'httpd_accel_port 80' > 2007/09/29 09:43:39| parseConfigFile: line 4517 unrecognized: > 'httpd_accel_with_proxy on' > 2007/09/29 09:43:39| parseConfigFile: line 4518 unrecognized: > 'httpd_accel_uses_host_header on' > The transparent config has changed in Squid-2.6 in comparsion to Squid-2.5. In fact it has been made easy! Instead of using: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on Simply use: http_port 3128 transparent After changing the above lines, do "squid -k reconfigure". It should work out fine. Hope that helps. Thanking you... - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG/2VFfpE0pz+xqQQRAkI2AKC9+k41lMXa4SmPzdPwyT0PJa47UQCgix+2 82FbNZyUDBYxzWfInuNaVW0= =st4/ -END PGP SIGNATURE-
Re: [squid-users] delays in squid.
Hi Azfar Hashmi, Azfar Hashmi wrote: I am running squid on a 3ghz p4 processor with 1gb ddr ram. My max simaltanous users are 250 and average 100. I have a 3.5mb circuit on it. I have a 160GB SATAII harddrive on it. My problem is i am getting huge delay with squid (5-10sec in each request and some times more) on peak hours but if i bypass the squid every thing is perfect and page complete in just 1 sec normaly. For a bandwidth pipe of 3.5 mbps, your Squid box should be able to support 250 users. By which means do you get you bandwidth? Do you have large ACLs used for filtering in your Squid box? If yes, then the problem of the huge delay could be attributed to your ACLs. Posting your squid.conf might help? Which OS, firewall and version of Squid are you using? DNS could also be the culprit. Are you running a local caching nameserver? I have defined 20GB in cache_dir. I want to know with that hardware how many users squid can handle and how much bandwidth it can handle? Can you post us the output of the following 2 commands: squidclient mgr:info and squidclient mgr:5min | grep client Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] Squid FreeBSD 6.2 and PF
Hi Mostafa Faridi, mostafa faridi wrote: I am new user in squid I want use squid , my firewall is PF and my OS is FreeBSD I want make my system for NAT. I would be grateful if someone help my I do this . You can check out the following URL to use Squid with PF. http://www.benzedrine.cx/transquid.html Which version of FreeBSD are you using? What kind of proxy server do you want to use squid for? Transparent or just a normal forward proxy? Since you will be using PF, remember to include the following parameter while compiling Squid either from source or from ports: "--enable-pf-transparent" Go for the latest stable release of Squid which is Squid-2.6.STABLE16 currently. You can find the source package from the URL below: http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE16.tar.gz To achieve NATing using PF, the following tutorial will help: http://www.section6.net/wiki/index.php/Setting_up_a_Firewall_NAT_using_PF Personally for me, I am using IPFW over PF because I was introduced to IPFW first. However, both should do the job fine. Hope that helps. Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] TCP_MEM_HIT 98%, and flooding access.log
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On Thu, 27 Sep 2007 17:07:29 +0700 "dwi amk" <[EMAIL PROTECTED]> wrote: > Hello everyone, > > A client seems flooding my access.log with TCP_REFRESH_HIT. When I see > cachemgr: client_list it says: > > TCP_MEM_HIT 280283 98% > > and 'tail -f access.log' runs so fast filled with its activities. > > What is just happening? I think one of your clients is launching some kind of attack on your Squid proxy server. Post some of the logs from access.log and cache.log. Thanking you... > > TIA > -- > ::DAMK:: > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG+5vAfpE0pz+xqQQRAp12AJ4kBUbMtyI376uw5zT9BkjdtWxAfQCgx9Ni pgGnJ1er8pvVFW6uxZ8D34s= =w6hL -END PGP SIGNATURE-
Re: [squid-users] Acl for blocking sites not working - what can i DO?
Hi Razzaq, Abd-Ur-Razzaq Al-Haddad wrote: Hi all I've got 2.6 stable running on OpenSuse 10.2 I can't seem to get the squid to use the internal acls to block sites/domains.. how can this be achived? Squid.conf #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl lcl src 192.168.0.0/16 acl NTLMUsers proxy_auth REQUIRED acl blocksites urlpath_regex “/etc/squid/blocks.sites.acl†You can use: acl blocksites dstdomain "/etc/squid/blocks.sites.acl" http_access deny blocksites deny_info TCP_RESET blocksites And in your "/etc/squid/blocks.sites.acl" file, you can have something like the following: .viruses.com .adaware.com .bansite.com .malsites.com .chatsites.com Note: Using dstdomain over url_regex is recommended. Your deny rules should also come before your allow rules too! Keeping that it mind, it should work. Hope that helps. Thanking you... #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks http_access allow localhost http_access deny blocksites http_access allow lcl NTLMUsers # And finally deny all other access to this proxy http_access deny all In the DENY_INFO SECTION** deny_info ERR_BLOCKED_SITES blocksites Abd-Ur-Razzaq Al-Haddad IT Analyst 9 Queen Street London W1J 5PE Tel: +44 (0)207 659 6620Fax: +44 (0)207 659 6621 Direct: +44 (0)207 659 6632 Mob: +44 (0)7738 787881 [EMAIL PROTECTED] The information contained in this email or any of its attachments may be privileged or confidential and is intended for the exclusive use of the addressee. Any unauthorised use may be unlawful. If you received this email by mistake, please advise the sender immediately by using the reply facility in your email software and delete the email from your system. Carron Energy Limited. Registered Office 9 Queen Street, London W1J 5PE. Incorporated in England and Wales with company number 5150453 __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.488 / Virus Database: 269.13.30/1025 - Release Date: 9/23/2007 1:53 PM -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] Squid setup questions
Hi Antonio, Antonio Pereira wrote: Hi Tek, Can you setup the same IP address range on the same linux box with squid? Example Nic1 192.168.0.2 this will connect to firewall Nic2 192.168.0.3 this will connect to backbone switch Yes you can use the same IP address network range on the Linux Squid box. But since you will be operating Squid in bridging mode, you don't need to configure the network interfaces of Eth0 and Eth1. You just need the "bridge-utils" package which contains the tools to perform bridging. Thanks to Ariel Molina Rueda for his tutorial at http://freshmeat.net/articles/view/1433/ I just used the following shell script to setup the bridge: #!/bin/sh ###Start of bridging script### ifconfig eth0 0.0.0.0 promisc up ifconfig eth1 0.0.0.0 promisc up brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth1 #Set IP 192.168.0.2 to br0 for SSH access to the squid box #192.168.0.1 should match the IP of your Gateway (Firewall) ifconfig br0 192.168.0.2 netmask 255.255.255.0 up route add default gw 192.168.0.1 dev br0 #Redirect packets on port 80 to Squid's 3128 port on transparent bridge ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ --ip-destination-port 80 -j redirect --redirect-target ACCEPT iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \ -j REDIRECT --to-port 3128 ###End of Bridging script### Run this script and add it to your boot/startup run directory. Plug 1 cable from your backbone switch to the Squid box and another cable to your Firewall. If everything goes well, then you have your transparent squid bridge!! And of course, Squid needs to be configured in transparent mode too. Happy Proxying Thanking you... Antonio Pereira National IT Coordinator Coordinateur National de Technologies de l'Information Tél./Tel. : (514) 341-8181, ext./poste 267 Téléc./Fax. : (514) 341-1253 Cell: (514) 514-444-6086 Sans Frais/Toll Free: (888) 338-6266 ext./poste 267 Courriel / E-mail. : [EMAIL PROTECTED] Duocom Canada Inc. 1, Cavendish Blvd. Ville St. Laurent (Québec) H4M 2V1 www.duocom.ca -Original Message- From: Tek Bahadur Limbu [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 19, 2007 2:21 AM To: Antonio Pereira Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid setup questions -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Antonio, On Tue, 18 Sep 2007 17:00:25 -0400 "Antonio Pereira" <[EMAIL PROTECTED]> wrote: Ok Great. I have a hardware based firewall. What setup in the way of the squid box is best physically take the cable from the firewall and put 2 nics on the squid box and plug 1 nic to the firewall and the other to the backbone switch. Or just use 1 nic on the squid box and put a rule in the firewall to allow only outbound http traffic from the squid box. Right now everyone defaults to the firewall and all http traffic goes out to the internet. We also have VPN and web and ssl traffic coming is from inbound http. I think the best layout would be to put 2 NIC cards on the Squid box. Like you said, plug the 1st cable to the firewall and the 2nd cable to your backbone switch where the 4 other sites connect. The following diagram may represent the simple layout. Internet | | | Transparent Squid Bridge Box | | Backbone Switch | | - | | | | | | | | Site1 Site2 Site3Site4 I would like the Squid box to run in transparent bridging mode. This way, you don't have to change anything on your network. Furthermore if your Squid box should go down, which is unlikely, you just reconnect the cable from your backbone switch to your firewall and everything becomes normal again! Since we won't be running any firewall except for intercepting web requests to Squid's port, your VPN and SSL traffic should not get hampered. In fact, I am using this setup on a Debian shaper box and so far it is working great. Hope it helps. Thanking you... Thanks again -Original Message- From: Tek Bahadur Limbu [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 18, 2007 4:13 PM To: Antonio Pereira Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid setup questions Hi Antonio, Antonio Pereira wrote: Hello, I have pretty much redundant question but I would like some opinions before I venture into this possible solution. I have 4 sites on an MPLS network that access the internet via 1 location, at this 1 location there is already a firewall. What I would li
Re: Re[2]: [squid-users] Squid submit problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Fedor, On Wed, 19 Sep 2007 11:25:25 +0400 Fedor Trusov <[EMAIL PROTECTED]> wrote: > > > -Original Message- > From: Henrik Nordstrom <[EMAIL PROTECTED]> > To: Fedor Trusov <[EMAIL PROTECTED]> > Date: Tue, 18 Sep 2007 17:19:25 +0200 > Subject: Re: [squid-users] Squid submit problem > > > On tis, 2007-09-18 at 18:09 +0400, Fedor Trusov wrote: > > > My Squid version is 2.6.STABLE11. I have problem when i browse some pages > > > with submit button (mail.ru, icq.com). When i press such button i recieve > > > error message. > > > > Are you inside a parent proxy firewall? If so see the FAQ... > > > > Regards > > Henrik > > I solve this problem by using > acl all src 0.0.0.0/0.0.0.0 > never_direct allow all > in squid.conf. But one problem remaining. I can not see flash video from > http://osaka2007.iaaf.org/tvradio/index.html through my proxy... I can see the flash video. I think it's your browser that is causing the failure of not seeing the flash video. Try accessing the site with different browsers with the flash plugin installed. Thanking you... > > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG8PQzfpE0pz+xqQQRAtqnAKC4aMAk/zgZSGdmDaYClj6erXAiowCdGFb3 hHWfTUm33Jk0fbqb8MENkXs= =AiMB -END PGP SIGNATURE-
Re: [squid-users] Cache don't work ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On Wed, 19 Sep 2007 09:00:56 +0200 "Netmail" <[EMAIL PROTECTED]> wrote: > Hi > If download the same file from the same link after one hour I have see that > redownload completely and don't download from cache .. > Can you help me ? What is the size of the file? Make sure that your "maximum_object_size" parameter in squid.conf matches. Also check if the file is cache-able at all from the URL below: http://www.ircache.net/cgi-bin/cacheability.py Thanking you... > Thanks > > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG8PC6fpE0pz+xqQQRAnU1AKCTK1H3Zq/vrUJ51fcx6apPX0gIVQCgtU8C byRcIT27kQUVbfV1+thHrnY= =NBtY -END PGP SIGNATURE-
Re: [squid-users] Squid setup questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Antonio, On Tue, 18 Sep 2007 17:00:25 -0400 "Antonio Pereira" <[EMAIL PROTECTED]> wrote: > Ok Great. > > I have a hardware based firewall. > > What setup in the way of the squid box is best physically take the cable > from the firewall and put 2 nics on the squid box and plug 1 nic to the > firewall and the other to the backbone switch. Or just use 1 nic on the > squid box and put a rule in the firewall to allow only outbound http > traffic from the squid box. > Right now everyone defaults to the firewall and all http traffic goes > out to the internet. We also have VPN and web and ssl traffic coming is > from inbound http. I think the best layout would be to put 2 NIC cards on the Squid box. Like you said, plug the 1st cable to the firewall and the 2nd cable to your backbone switch where the 4 other sites connect. The following diagram may represent the simple layout. Internet | | | Transparent Squid Bridge Box | | Backbone Switch | | - | | | | | | | | Site1 Site2 Site3Site4 I would like the Squid box to run in transparent bridging mode. This way, you don't have to change anything on your network. Furthermore if your Squid box should go down, which is unlikely, you just reconnect the cable from your backbone switch to your firewall and everything becomes normal again! Since we won't be running any firewall except for intercepting web requests to Squid's port, your VPN and SSL traffic should not get hampered. In fact, I am using this setup on a Debian shaper box and so far it is working great. Hope it helps. Thanking you... > > Thanks again > > -Original Message- > From: Tek Bahadur Limbu [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 18, 2007 4:13 PM > To: Antonio Pereira > Cc: squid-users@squid-cache.org > Subject: Re: [squid-users] Squid setup questions > > Hi Antonio, > > Antonio Pereira wrote: > > Hello, > > > > I have pretty much redundant question but I would like some opinions > > before I venture into this possible solution. > > > > I have 4 sites on an MPLS network that access the internet via 1 > > location, at this 1 location there is already a firewall. What I would > > like to do is start blocking web sites and start block web traffic. > > > > What is the best setup with squid for this type of setup? What > documents > > should I read for this type of setup? > > Not sure about MPLS networking. However, in your case, it should be > simple. Just run Squid transparently on the gateway (firewall) from > where all 4 sites gets access to the internet. > > Adding SquidGuard or DansGuardian or even custom ACLs will provide you > with all the web blocking functionalities. > > Thanking you... > > > > > > Thanks in advance > > > > > > > > > > > > > > > > > > > -- > > With best regards and good wishes, > > Yours sincerely, > > Tek Bahadur Limbu > > System Administrator > > (TAG/TDG Group) > Jwl Systems Department > > Worldlink Communications Pvt. Ltd. > > Jawalakhel, Nepal > > http://www.wlink.com.np > > > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG8L+zfpE0pz+xqQQRAg/rAJ4sgpGJzJr+snPl3H7CAleqqWE7nwCgq+g4 0MkQ4qe+lfsTRoAMKwIITio= =Sobk -END PGP SIGNATURE-
Re: [squid-users] Squid setup questions
Hi Antonio, Antonio Pereira wrote: Hello, I have pretty much redundant question but I would like some opinions before I venture into this possible solution. I have 4 sites on an MPLS network that access the internet via 1 location, at this 1 location there is already a firewall. What I would like to do is start blocking web sites and start block web traffic. What is the best setup with squid for this type of setup? What documents should I read for this type of setup? Not sure about MPLS networking. However, in your case, it should be simple. Just run Squid transparently on the gateway (firewall) from where all 4 sites gets access to the internet. Adding SquidGuard or DansGuardian or even custom ACLs will provide you with all the web blocking functionalities. Thanking you... Thanks in advance -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] Multi-ISP / Squid 2.6 Problem going DIRECT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Philipp, On Tue, 18 Sep 2007 14:50:54 +0200 Philipp Rusch <[EMAIL PROTECTED]> wrote: > Sorry to bother you, but I don't get it. > > We have a SuSE 10.1 system and have our www-traffic going through squid. > Since upgrade from 2.5 to version 2.6 STABLE5-30 (SuSE versions) we notice > that Squid is behaving strange. After running normally a while Squid seems > to go "DIRECT" only and the browsers on the clients seem to hang and or > surfing is ultra slow. This is happening every three or four websites we > try > to access, it seems to work normal for one or two, then the next four or > five > GETs are very slow again and the circle begins again. > In /var/logs/Squid/access.log I see that most of the connections are going > DIRECT, sometimes we get connection timeouts (110) and sometimes we > see that "somehow" an :443 is added to the URL-lines. STRANGE. > Any hints appreciated. Since you upgraded from version 2.5 to 2.6, your squid.conf must have changed too. Do you have a local caching DNS server running in your Squid box? Posting your squid.conf and output of "squidclient mgr:info" and "squid -v" might help. If you have large ACLs, then squid might be busy processing them rather than serving web requests! Are you running Squid transparently and do you also have parent caches? What does cache.log say? Maybe upgrading to the latest stable version of Squid might help? Check out the URL below: http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE16.tar.gz Thanking you... > > Regards from Germany, > Mit freundlichen Grüßen > Philipp Rusch > > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG79f5fpE0pz+xqQQRAlVdAJ45QFZ6PjL2BWASWa8DboE644PkMwCfR84p F44uMq9jzryGBiHCt7sC8a0= =brq1 -END PGP SIGNATURE-
Re: [squid-users] Using Squid as a cache for Apache -- and that's it
Hi Phoenix, Phoenix Kiula wrote: Hi, I have googled like crazy for some simple instructions to setup Squid as a cache for Apache. I do NOT want any filtering or authentication. Just a transparent cache. I am on CentOS 5. For firewall, I use the usual APF and BFD with iptables, and I do not want to use Squid for any filtering. I have installed squid with the usual "yum install squid". Now how do I configure it so that Apache (on port 80) will internally check if a file is cached on Squid (on whatever port) and if the file is found, then serve that instead of an Apache connection. Am I understanding Squid right? Also, will it cache dynamic content as well -- I mean, for instance, the generated output of a PHP program, at least the ones without url parameters? We have a number of pages on the site that have no file extension at all (e.g., *.php) because the default handler is set up as php, so we could have http://ourdomain.com/index -- and Apache serves this up as a php page as it is meant to. Will Squid recognize this? Thanks for any tips or pointers. I went to the wiki but sadly it talks in very jargon-ish language, and does not answer the simple question "How to install Squid as a cache for Apache". From what you are saying above, you need a Squid reverse proxy instead of a normal forward proxy. Check out the URL below: http://wiki.squid-cache.org/SquidFaq/ReverseProxy PK -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] Only TCP_MISS/200
Hi Janczuk, f.janczuk wrote: Hello all, I have a problem with squid configuration. I has installed squid 2.6 in transparent mode on a OpenBSD server but when i look squid's log i read only TCP_MISS/200 in my access.log Any ideas? Maybe you compiled Squid with the "--enable-storeio=null,ufs,coss,diskd,aufs" option and configured it as a proxy only without caching anything? How did you test your transparent Squid proxy? With just a few requests or for an entire network? Try browsing multiple sites and check your access.log and see if you get HIT logs besides the TCP_MISS logs. Doesn't your cache.log report anything? Can you post your output of " squidclient mgr:info "? Posting your squid.conf might also help. Thanking you... Thanks. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] Squid stop responding
Hi Stefano, Stefano Fraccaro wrote: Hi, from 1 week I have a strange behaviour with my squid 2.6.STABLE5... sometime the service stop responding to one-two users (for all other the service work fine)... but the problem disappear if I reload the squid configuration with "/etc/init.d/squid reload". I don't have modified anything in squid configuration and the NTLM authentication seems to work fine. Any ideas?? At the time when Squid stops responding to your 1-2 users, can the clients telnet to the Squid box on port 3128 or whichever port your Squid is running on? Can they even ping the Squid box itself? Usually, you can find the cause of your Squid box's strange behavior by running tcpdump. What is your firewall and network layout? What does cache.log and access.log say? It would help if you post your squid.conf. Maybe it's also time to upgrade to Squid-2.6.STABLE16?? http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE16.tar.gz Thanks Stefano -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] noob squid helpþ
Hi, [EMAIL PROTECTED] wrote: I installed squid under yum, and I need help on managing it. Its great if one of you can talk to me one on one basis and teach/help me out.. I need to: 1)Learn how to run squid Is your OS Fedora? Which version of Squid did you install with Yum? Try: whereis squid locate squid Then to find the version: squid -v Find out where your squid.conf resides. It's usually in /etc/squid/ or /usr/local/etc/squid/ or /usr/local/squid/etc/ 2)Set it to only a certain IP address could use it as a proxy Rename the default copy of your squid.conf. Create a new squid.conf and add the following: ### Start of squid.conf ## http_port 3128 cache_effective_user squid cache_effective_group squid cache_dir ufs /var/spool/squid 200 16 256 cache_access_log /var/spool/squid/access.log cache_log /var/spool/squid/cache.log cache_store_log none emulate_httpd_log on cache_mem 16 MB hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 40% 4320 acl all src 0.0.0.0/0.0.0.0 acl mynetwork src 192.168.0.0/24 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl purge method PURGE acl CONNECT method CONNECT acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl SSL_ports port 443 563 http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow mynetwork http_access deny all http_reply_access allow all icp_access allow all visible_hostname myproxy.hostname.com coredump_dir /var/spool/squid End of squid.conf ## Then initialize your cache directories by running: squid -z Then run Squid in debug mode and make sure there are no errors using the following command: squid -NCd1 If all goes well, try putting this proxy server in your web browser proxy settings and check if it works. Remember to check and read the output of the following 2 commands: squid --help man squid 3)Know any other useful things I can set it so that it'll be safe. There are tons of useful things which Squid can do. It's not possible to mention them all in just 1 email! Just to mention a few, you can use Squid to filter websites, viruses, malwares, improve browsing performance, bandwidth savings, parental control, etc, etc, etc. Configuring a Squid proxy server is a continuous and enduring process. You need to monitor, tune and upgrade it on a frequent basis. But then, that's where the fun begins:) The best advice that I can give you is to sort out your priorities for which you want to use Squid for. Then search over the Internet regarding Squid's capabilities. For a beginners guide, you can start by reading the following topics: (1.) http://www.squid-cache.org/Doc/ (2.) http://www.deckle.co.za/squid-users-guide/Main_Page (3.) http://www.linux.com/articles/114084 (4.) http://linux.cudeso.be/linuxdoc/squid.php#Introduction (5.) http://www.unixcities.com/squid/index.html I know this is asking for a lot, and another bad point is that I'm noob at unix/linux also. But if you just happen to have a spare time and would like to teach someone, Please get back to me. No problem. Nobody was born with inbuilt Unix/Linux knowledge. Just read all the stuffs you can find about Unix/Linux/Squid on the Internet. As always, google is your friend.:) Your help is VERY appriciated. Hope that helps. Thanking you... -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] squid blocked 2 url, don't know way?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Michael, On Thu, 13 Sep 2007 11:30:59 +0200 Michael Harly <[EMAIL PROTECTED]> wrote: > Every thing working fin on our Debian firewall box > we can access any utl with firefox, but we have block most url for using > IE and only allow very few utl ie: microfost update What do you mean when you say that "we have block most url for using IE and only allow very few utl ie: microfost update"? Does that mean that you are filtering based on browsers? > > but now we have to url we can't access > > Our firewall box is: > Debian = 3.1 > firewall = firehol v.5 > proxy = squid v2.5 Not very sure how the mechanisms of firehol v.5 work but I assume that they use IPTABLES in the front-end. > > when we connect our new office whey want to access to url that they need > to access but was block by our firewall box but i can't fine any > entry's about this url. > > I have put them in the allow list but nothing helps Can you show us your squid.conf? > > We can connect the url from the outside on our firewall > > In the syslog i get this > Sep 13 09:23:48 worf kernel: OUT-unknown:IN= OUT=eth2 SRC=129.142.24.162 > DST=89.104.212.25 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6700 DF PROTO=TCP > SPT=59858 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 I think that your IPTABLES (firehol v.5) is filtering the site at: http://www.comendo.dk hosted at IP: 89.104.212.25. At least that's what the above IPTABLES log shows. Does the IP 129.142.24.162 come from your network inside your firewall? > > In squid log I get: > 2352524545.344 3495897 ip-adr TCP_miss/504 1422 get > http://www.comendo.dk - none/ - text/html > > HTTP Error 504 - Gateway timeout Can you show us the output of: " /sbin/iptables -vnL " How is your network setup and it's layout? > > please help! > > best regard > /harly > > The error page I get in Firefox after a log time: > > ERROR > The requested URL could not be retrieved > > While trying to retrieve the URL: http://www.comendo.dk/ > > The following error was encountered: > > * Connection Failed > > The system returned: > > (110) Connection timed out > > The remote host or network may be down. Please try the request again. - From my experience, This error usually occurs if there is some kind of firewall in between your squid box and the web host. Running tcpdump on your firewall should reveal more details regarding why the connection is timing out. Hope that helps. Thanking you. > > Your cache administrator is [EMAIL PROTECTED] > Generated Thu, 13 Sep 2007 07:23:48 GMT by worf.mydomain.dk > (squid/2.5.STABLE9) > > * > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG6RVZfpE0pz+xqQQRAk38AKCCz+daUYaaoA+9sA872xA/PGHdAwCgwZ89 zY0j3g33rSfMCFh2FDgMgec= =lVq3 -END PGP SIGNATURE-
Re: [squid-users] Squid exited due to signal 11
Hi Tahmeed, Tahmeed wrote: Dear All, I am using RedHat Enterprise Linux 3 with Squid 2.5STABLE12. Every now and then a log is generated in the /var/log/messages file stating that Squid Parent: Child process exited due to signal 11 Now that signal 11 means memory problem I am a bit confused about what to do. I did find a similar post but it was not clear to me. So here i am posting again. After the process is killed it is autometically restarted sometime afterwards. Any suggestions are most welcomed. What's your hardware configuration? What is the output of "squid -v"? Can you post the relevant parts of your squid.conf? You might want to check out the following post by Henrik even though it's way back in 2002! http://www.squid-cache.org/mail-archive/squid-users/200206/0116.html Reading the post above, your problem could also be related to hardware. You should probably run some kind of memory tests! I think that the best suggestion would be to upgrade to the latest stable version of Squid which is currently squid-2.6.STABLE16. You will definitely see significant improvements and benefits. Check out the URL below to get the latest version of Squid-2.6. http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE16.tar.gz Hope it helps. Thanking you... Thanks in Advance Tahmeed Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=list&sid=396545469 -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] Cache files of size .....
Hi Umesh, [EMAIL PROTECTED] wrote: Hello all, I tried to cache files which is more than 100MB and less than 200MB, there is no any error message with squid but I am not getting cached this type of file. Can anyone help me out. What's the value of maximum_object_size in your squid.conf? Also what's your cache_replacement_policy? Thanking you... Regards, Umesh -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] why some sites not open
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On Sun, 9 Sep 2007 21:59:31 -0700 (PDT) squid learner <[EMAIL PROTECTED]> wrote: > Here saudi telliphone site > with squid in browser > > stc.com.sa > bicomes > http://stc.com.sa/cgi-bin/cws/portal/ep/inithome.do > page will not open give error > with error HTTP 404 > > then if i try it without proxy direct from isp > > stc.com.sa > becomes > http://stc.com.sa/cwsPortal/cws.portal > > and page open > > why squid didnt open this url > And what changes i have to do in squid stc.com.sa becomes http://stc.com.sa/cwsPortal/cws.portal with or without my proxy server. It would help if you post your squid.conf. Thanking you... > > thank you > > > > > Got a little couch potato? > Check out fun summer activities for kids. > http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz > > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG5PbTfpE0pz+xqQQRAouRAJ45bXqdU2PofHt8DGAzEzO2jK+6nwCcDmIm 1sZiwToxk1THdf39sWC1Yj8= =AAOd -END PGP SIGNATURE-
Re: [squid-users] assertion failed: client_side.c:4175
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Henrik, On Thu, 06 Sep 2007 10:21:34 +0200 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > On tor, 2007-09-06 at 13:55 +0545, Tek Bahadur Limbu wrote: > > > > 2.6.STABLE16 is out. > > > > > > Also there has been a patch available for this problem the whole week.. > > > http://www.squid-cache.org/Versions/v2/2.6/changesets/11635.patch > > > > Thanks for the patch. I will apply the patch later today. > > The patch is included in 2.6.STABLE16. Sorry for the confusion:) I have already downloaded 2.6.STABLE16 and I am installing it right now!! Thanking you.. > > Regards > Henrik > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG39rDfpE0pz+xqQQRAsloAKDDyOSRC0YneJr5ZBJM4mbcBnUlrwCgkwiJ AhHyPwtfSkr9PiCLVC3oa+o= =VKea -END PGP SIGNATURE-
Re: [squid-users] assertion failed: client_side.c:4175
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Henrik, On Thu, 06 Sep 2007 01:42:12 +0200 Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > On tis, 2007-09-04 at 18:49 +0545, Tek Bahadur Limbu wrote: > > Adrian Chadd wrote: > > > On Tue, Sep 04, 2007, Tek Bahadur Limbu wrote: > > >> -BEGIN PGP SIGNED MESSAGE- > > >> Hash: SHA1 > > >> > > >> Hi All, > > >> > > >> I recently upgraded from Squid-2.6.STABLE12 to Squid-2.6.STABLE15 on a > > >> FreeBSD-6.1 amd64 machine. I am using the Diskd storage system. > > > > > > The title says it all: > > > > > > http://squidproxy.wordpress.com/2007/09/03/dont-upgrade-to-squid-26stable15-skip-straight-to-squid-26stable16/ > > > > > > :) > > > > > > > Hi Adrian, > > > > Thanks for the correction. I guess I should downgrade to squid-2.6.STABLE14. > > 2.6.STABLE16 is out. > > Also there has been a patch available for this problem the whole week.. > http://www.squid-cache.org/Versions/v2/2.6/changesets/11635.patch Thanks for the patch. I will apply the patch later today. Thanking you... > > Regards > Henrik > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG37XefpE0pz+xqQQRArz0AJ9h+2wWovG45CPF9gTB2KjJ0tZcAQCfTlBk 3/T3+WmsouERB/WXC+RT6NM= =G5Tb -END PGP SIGNATURE-
Re: [squid-users] To block perticuler IP for interner access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Nandika, On Thu, 6 Sep 2007 09:48:16 +0700 "nandika rupasinghe" <[EMAIL PROTECTED]> wrote: > Dear all > > I want to block perticular IP for internet browsing on squide proxy. can u > help me for necessary steps. You can try the following ACL: acl badip src 192.168.0.5 http_access deny badip You can find all the comprehensive ACL information on the wiki page of Squid. Please read the contents from the following link: http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-c87419712cac704d01cecc7da11cd02f489b6986 Thanking you... > > warm regurds > > Nandika > > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG37RtfpE0pz+xqQQRAlVqAJ9lfp2eJJttV7/RUkHEqOCPRpciEQCdEx/0 utTFLYApGlbGty3lgKdnrI8= =Kyi6 -END PGP SIGNATURE-
Re: [squid-users] webmails are not accessible - SQUID 2.5.STABLE12
Hi Simsam, [EMAIL PROTECTED] wrote: Hi Peter, No, this is only the https rule, I wrote it done to illustrate that the https ports are open. All http traffic are opened. Could you please give me the commands needed to install SQUID 2.6 according to tek's advise. I got the file from the site, I have some worries as the upgrade might affect the current setup! Did you install Squid-2.5 with SUSE's package management tool or did you install it from source? Which ever method you had used, you can just keep the Old Squid binary and it's configuration files just in case something goes wrong with the Squid-2.6 installation! The following installation steps might help: (1.) tar zxvf squid-2.6.STABLE14.tar.gz (2.) cd squid-2.6.STABLE14/ (3.) ./configure --bindir=/usr/local/sbin \ --sysconfdir=/usr/local/etc/squid \ --datadir=/usr/local/etc/squid \ --libexecdir=/usr/local/libexec/squid \ --localstatedir=/usr/local/squid \ --enable-removal-policies=heap,lru \ --enable-storeio=diskd,aufs,coss,ufs,null \ --enable-snmp \ --enable-epoll \ --with-large-files \ --prefix=/usr/local \ --disable-ident-lookups \ --enable-underscores \ --with-large-files \ --disable-http-violations \ --enable-delay-pools \ --with-maxfd=8192 (4.) make all (5.) make install (6.) vi /usr/local/etc/squid/squid.conf (7.) /usr/local/sbin/squid -z (8.) /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf Note: Your compilation parameters may differ. Please adjust accordingly to your demands and needs. If your SUSE Linux box has installed and updated all the required development tools, then the installation should be a breeze! Remember to read the default squid.conf which comes with the new installation. Also check this out: http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE14-RELEASENOTES.html Happy Squid proxying with Squid-2.6STABLE14 !!! Thanking you... Thank you, Simsam Peter Albrecht <[EMAIL PROTECTED]> 09/05/2007 05:58 PM To squid-users@squid-cache.org cc Subject Re: [squid-users] webmails are not accessible - SQUID 2.5.STABLE12 Hi Simsam, I am still beginner in this field but I could tell you that the proxy itself is acting as a firewall, no specific protocol filtration and here is the acl for the SSL port: acl SSL_ports port 443 563 http_access deny CONNECT !SSL_ports acl Safe_ports port 443 563 # https, snews http_access deny !Safe_ports Is this your only http_access rule? That would mean you only allow https connections and no http connections. The machine hosting the squid is directly connected to the router, as I mentioned before it is the firewall also and no ACL are there! No it is not running in the transparent mode! Before deploying the SQUID, this webmail was normally opening. When trying to access a specific webmail like http://mailhost.ccc.com.om/mail it is giving the following: If you only allow https as mentioned above, that will always be denied. Do http connections to other servers work? Internet Explorer cannot display the webpage Most likely causes: You are not connected to the Internet. The website is encountering problems. There might be a typing error in the address. This does not look like a Squid message denying access ... Please send all your ACL and http_access rules from squid.conf so that we can have a look. Regards, Peter -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] webmails are not accessible - SQUID 2.5.STABLE12
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Simsam, On Wed, 5 Sep 2007 15:12:58 +0400 [EMAIL PROTECTED] wrote: > Hello all, > > I have SQUID 2.5 server implemented on SUSE linux enterprise 10. > No access lists are there, the http traffic has no problems. > > I could not access any webmail! I have edited the squid.conf file to build > time based ACL and it worked, but even before I did that, webmails were > not accessible! Which webmails are you indicating? Hotmail, Yahoo, etc? Most of them use HTTPS. What's your ACL for SSL_ports? Are you running Squid in transparent mode? Also are you filtering traffic with some kind of firewall? Do you have an parent cache or a firewall in front of your squid box? What error message does your Squid cache give you when you try to access webmails? What does cache.log and access.log say? Try accessing webmails such as myway.com with and without secure mode and check if you can access it's webmail with HTTP and HTTPS. > > Is it a common issue? Please advise. It's not a common issue. I can't imagine what thousands of clients will say if they can't access the webmail service of Hotmail and Yahoo! And there are thousands of other webmail sites. I would also recommend you to upgrade to the latest version of Squid which is 2.6.STABLE14 currently. You can find the source package from the link below: http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE14.tar.gz Hope it helps. Thanking you... > > regards, > Simsam. > > > - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG3qSifpE0pz+xqQQRAmnEAKCibKEUGNomqgu9Llpco3Tb0E9LcwCeNWow s39Ifz4EVXRGrWf1cbNsxDs= =UPVQ -END PGP SIGNATURE-
Re: [squid-users] squid -k rotate does nothing
Hi Mogwai, Wet Mogwai wrote: My squid machine stopped rotating logs recently. The last time rotate worked was the day before I copied the access.log to my laptop for the first time. The only changes made to the configuration that day were the good.hosts , bad.hosts, good.ip, and bad.ip files. After making the new files for the ACLs, I ran squid -k reload. I tried setting the logfile_rotate option in squid.conf in case it was ignoring the default. I have checked ownership and permissions. Everything seems right. It is still writing to the log, so it is getting to be quite large. I could write my own rotate script, but I'd rather get the existing function working. This has been working properly for at least a year and a half. What could have caused squid to quit rotating? I am running Squid Cache: Version 2.5.STABLE14 on FreeBSD 6.1-RELEASE-p8 (SQUID_KERNEL). Logrotate is in the ports tree, but it is not installed. Are you sure that the absolute location of your squid's binary is correct while you issue the command "squid -k rotate"? Since you are using FreeBSD-6.1, you have at least 2 options to manage your squid logs. The simple way is by using /etc/newsyslog.conf file. Putting the following entry in newsyslog.conf will rotate your logs at 10 PM. /var/log/squid/access.logsquid:squid 644 7 * @T22 J /usr/local/squid/logs/squid.pid 30 You can also use the logrotate program to do the job but is a little difficult to setup but worth it. Please see the following thread for more details: http://www.mail-archive.com/squid-users@squid-cache.org/msg48054.html Like another user had said, you should really upgrade to the latest stable version of Squid which is 2.6.STABLE14 currently. It has lots of extra features and is extremely CPU friendly. You will really appreciate it. You can find it latest source from the URL below: http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE14.tar.gz Hope it helps. Thanking you -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
Re: [squid-users] assertion failed: client_side.c:4175
Adrian Chadd wrote: On Tue, Sep 04, 2007, Tek Bahadur Limbu wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I recently upgraded from Squid-2.6.STABLE12 to Squid-2.6.STABLE15 on a FreeBSD-6.1 amd64 machine. I am using the Diskd storage system. The title says it all: http://squidproxy.wordpress.com/2007/09/03/dont-upgrade-to-squid-26stable15-skip-straight-to-squid-26stable16/ :) Hi Adrian, Thanks for the correction. I guess I should downgrade to squid-2.6.STABLE14. Thanking you... Adrian I seem be to getting the following error causing Squid to crash and restart itself. 2007/09/04 15:24:28| assertion failed: client_side.c:4175: "buf != NULL || !conn->body.request" 2007/09/04 15:24:31| Starting Squid Cache version 2.6.STABLE15 for amd64-unknown-freebsd6.1... 2007/09/04 15:24:31| Process ID 50809 2007/09/04 15:24:31| With 8192 file descriptors available 2007/09/04 15:24:31| Using kqueue for the IO loop 2007/09/04 15:24:31| DNS Socket created at 0.0.0.0, port 51857, FD 5 2007/09/04 15:24:31| Adding nameserver 127.0.0.1 from squid.conf Is this problem related to Diskd? Thanking you... - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG3Ud9fpE0pz+xqQQRAlixAKDHmgU51EdkQan9KpPX3lyYRU7jqgCdFPHk 7g/TCRQoy42kWS49rRIo8Ss= =TIyw -END PGP SIGNATURE- -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np
[squid-users] assertion failed: client_side.c:4175
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I recently upgraded from Squid-2.6.STABLE12 to Squid-2.6.STABLE15 on a FreeBSD-6.1 amd64 machine. I am using the Diskd storage system. I seem be to getting the following error causing Squid to crash and restart itself. 2007/09/04 15:24:28| assertion failed: client_side.c:4175: "buf != NULL || !conn->body.request" 2007/09/04 15:24:31| Starting Squid Cache version 2.6.STABLE15 for amd64-unknown-freebsd6.1... 2007/09/04 15:24:31| Process ID 50809 2007/09/04 15:24:31| With 8192 file descriptors available 2007/09/04 15:24:31| Using kqueue for the IO loop 2007/09/04 15:24:31| DNS Socket created at 0.0.0.0, port 51857, FD 5 2007/09/04 15:24:31| Adding nameserver 127.0.0.1 from squid.conf Is this problem related to Diskd? Thanking you... - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG3Ud9fpE0pz+xqQQRAlixAKDHmgU51EdkQan9KpPX3lyYRU7jqgCdFPHk 7g/TCRQoy42kWS49rRIo8Ss= =TIyw -END PGP SIGNATURE-
