Re: [squid-users] cache performance
I would recommend you to have the clients reconfigured to use the proxy, but there is several ways you can place it as a transparent proxy inbetween the clients and the gateway if you prefer. Any of the following would work: a) Create a new network between the proxy and your gateway, and assign the internal address which was on the gateway to the proxy. b) Use proxy-arp on the proxy server to divide your internal network in two parts without renumbering. c) Run the proxy server as a bridge with interception capabilities. Most likely 'b' is easiest to set up. Regards Henrik On Sat, 29 Nov 2003, Nelson Serrao wrote: hi, my access.log shows a hit rate of 40%. but all this does not matter much because the linux authentication box i use restricts bandwith of my customer for obvious reasons. the cache server is on a live ip with a single nic. it is place in between the router and linux authentication box. i was just imagining the performance it would return if cache server was configured for use on the lan. this would cause cached pages retreival at lan speeds and the results would be wonderful. i am looking out for a way to do it. one of the ways i thought to do this was to place it on the lan but all my customers have the linux authentication box ip as its gateway. the next thing was to use proxy on all client pcs which is a tedious job. any transparent way to do this. thanks in advance
Re: [squid-users] Version 3
On Sat, 29 Nov 2003, Zoup wrote: Is Squid version 3 is stable enught for little isp ? Squid-3.0 is not yet ready for production use, but you are welcome to test it if you like. Regards Henrik
[squid-users] why it works so SLOW ???
[Im repeating this question because I havent receive help] Hallo everyone, My problem: I use squid to access WWW. But when I try to get to any page than I have to wait about 20 second or more till anything appear in my browser ( Opera 7.21 ). I have no idea why its like that. When I turn off squid and set browser not to use proxy then any page I request load immediately. If anyone would help me to resolve this problem then I ll be in debt forever. This is my squid version Squid Cache: Version 2.5.STABLE2 and this is options that I used to configure and compile configure options: --prefix=/proxy/usr --exec-prefix=/proxy/usr --enable-delay-pools --enable-cache-digests --enable-poll --disable-ident-lookups --enable-truncate --enable-removal-policies --enable-err-language=Polish and this is my squid.conf http_port 3128 icp_port 0 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 32 MB cache_dir ufs /cache 100 8 126 redirect_rewrites_host_header off #replacement_policy GDSF acl localnet src 192.168.1.0/255.255.255.0 acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 80 443 210 119 70 21 1025-65535 acl CONNECT method CONNECT acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object httpd_accel_with_proxy on http_access allow localnet http_access allow localhost http_access deny !Safe_ports http_access deny CONNECT http_access deny all maximum_object_size 1000 KB ipcache_size 1024 ipcache_low 60 ipcache_high 75 cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid log_icp_queries off cachemgr_passwd tajnehaselko all buffered_logs on positive_dns_ttl 6 hours There is a state of my system: This is TOP 18:18:36 up 8 days, 21:06, 1 user, load average: 0.00, 0.00, 0.00 44 processes: 43 sleeping, 1 running, 0 zombie, 0 stopped CPU states: 0.0% user, 0.4% system, 0.0% nice, 99.6% idle Mem:255324K total, 153520K used, 101804K free,15340K buffers Swap:0K total,0K used,0K free,59500K cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 15075 root 12 0 1712 1712 1512 S 0.1 0.6 0:00 sshd 15088 root 15 0 972 972 768 R 0.1 0.3 0:00 top 1 root 8 0 216 216 184 S 0.0 0.0 0:06 init 2 root 9 0 00 0 SW0.0 0.0 0:00 keventd 3 root 19 19 00 0 SWN 0.0 0.0 0:00 ksoftirqd_CPU0 4 root 9 0 00 0 SW0.0 0.0 0:00 kswapd 5 root 9 0 00 0 SW0.0 0.0 0:00 bdflush 6 root 9 0 00 0 SW0.0 0.0 0:00 kupdated 7 root -1 -20 00 0 SW 0.0 0.0 0:00 mdrecoveryd 67 root 9 0 756 756 648 S 0.0 0.2 0:00 syslogd 70 root 9 0 464 464 392 S 0.0 0.1 0:00 klogd 100 root 8 0 696 696 612 S 0.0 0.2 0:00 inetd 103 root 9 0 1148 1148 1032 S 0.0 0.4 0:01 sshd 109 lp 9 0 884 884 744 S 0.0 0.3 0:00 lpd 112 root 9 0 568 568 488 S 0.0 0.2 0:00 crond 118 root 9 0 1612 1608 1008 S 0.0 0.6 0:00 smbd 122 root 9 0 472 472 408 S 0.0 0.1 0:01 gpm 125 root 9 0 00 0 SW0.0 0.0 0:00 eth1 127 root 9 0 1504 1504 896 S 0.0 0.5 0:00 dhcpd 143 root 9 0 00 0 SW0.0 0.0 0:00 eth0 343 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 344 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 345 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 346 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 347 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 348 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 5127 root 9 0 940 940 764 S 0.0 0.3 0:00 adsl-connect 5385 root 9 0 936 936 768 S 0.0 0.3 0:00 safe_mysqld 5407 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 5409 mysql 8 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 5410 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 5411 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 5412 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 5413 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 5414 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 5415 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 5416 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 5417 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 12721 root 9 0 1016 1016 860 S 0.0 0.3 0:00 squid 12723 squid 14 0 7496 7472 1536 S 0.0 2.9 0:06 squid 12726 squid 9 0 316 316 264 S 0.0 0.1 0:00 unlinkd 14439 root 9 0 824 820 680 S 0.0 0.3
Re: [squid-users] why it works so SLOW ???
Ok, have you tried the following to see if you can repeat the problem: 1) Use a newer version of Squid. If you're compiling from source get the latest stable build. 2) Use a default install of Squid and use the default squid.conf options except for changing things like cache_dir, IP, ICP port etc. Leave everything at default, get it working and then start to 'play'. Things like cache_dir folders may be best left at the default until things are going. I'd think the default settings in squid.conf are there for a reason. Only change them if you know exactly why you are changing them. Don't alter ./configure options until a default compile works fine for you. 3) Do you get the same slowness if you use a different browser? 4) Are you browsing from the server running squid or are you browsing from a LAN client? 5) What OS are you running Squid on? Regards, nry [Im repeating this question because I havent receive help] Hallo everyone, My problem: I use squid to access WWW. But when I try to get to any page than I have to wait about 20 second or more till anything appear in my browser ( Opera 7.21 ). I have no idea why its like that. When I turn off squid and set browser not to use proxy then any page I request load immediately. If anyone would help me to resolve this problem then I ll be in debt forever. This is my squid version Squid Cache: Version 2.5.STABLE2 and this is options that I used to configure and compile configure options: --prefix=/proxy/usr --exec-prefix=/proxy/usr --enable-delay-pools --enable-cache-digests --enable-poll --disable-ident-lookups --enable-truncate --enable-removal-policies --enable-err-language=Polish and this is my squid.conf http_port 3128 icp_port 0 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 32 MB cache_dir ufs /cache 100 8 126 redirect_rewrites_host_header off #replacement_policy GDSF acl localnet src 192.168.1.0/255.255.255.0 acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 80 443 210 119 70 21 1025-65535 acl CONNECT method CONNECT acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object httpd_accel_with_proxy on http_access allow localnet http_access allow localhost http_access deny !Safe_ports http_access deny CONNECT http_access deny all maximum_object_size 1000 KB ipcache_size 1024 ipcache_low 60 ipcache_high 75 cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid log_icp_queries off cachemgr_passwd tajnehaselko all buffered_logs on positive_dns_ttl 6 hours There is a state of my system: This is TOP 18:18:36 up 8 days, 21:06, 1 user, load average: 0.00, 0.00, 0.00 44 processes: 43 sleeping, 1 running, 0 zombie, 0 stopped CPU states: 0.0% user, 0.4% system, 0.0% nice, 99.6% idle Mem:255324K total, 153520K used, 101804K free,15340K buffers Swap:0K total,0K used,0K free,59500K cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 15075 root 12 0 1712 1712 1512 S 0.1 0.6 0:00 sshd 15088 root 15 0 972 972 768 R 0.1 0.3 0:00 top 1 root 8 0 216 216 184 S 0.0 0.0 0:06 init 2 root 9 0 00 0 SW0.0 0.0 0:00 keventd 3 root 19 19 00 0 SWN 0.0 0.0 0:00 ksoftirqd_CPU0 4 root 9 0 00 0 SW0.0 0.0 0:00 kswapd 5 root 9 0 00 0 SW0.0 0.0 0:00 bdflush 6 root 9 0 00 0 SW0.0 0.0 0:00 kupdated 7 root -1 -20 00 0 SW 0.0 0.0 0:00 mdrecoveryd 67 root 9 0 756 756 648 S 0.0 0.2 0:00 syslogd 70 root 9 0 464 464 392 S 0.0 0.1 0:00 klogd 100 root 8 0 696 696 612 S 0.0 0.2 0:00 inetd 103 root 9 0 1148 1148 1032 S 0.0 0.4 0:01 sshd 109 lp 9 0 884 884 744 S 0.0 0.3 0:00 lpd 112 root 9 0 568 568 488 S 0.0 0.2 0:00 crond 118 root 9 0 1612 1608 1008 S 0.0 0.6 0:00 smbd 122 root 9 0 472 472 408 S 0.0 0.1 0:01 gpm 125 root 9 0 00 0 SW0.0 0.0 0:00 eth1 127 root 9 0 1504 1504 896 S 0.0 0.5 0:00 dhcpd 143 root 9 0 00 0 SW0.0 0.0 0:00 eth0 343 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 344 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 345 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 346 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 347 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 348 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 5127 root 9 0 940 940 764 S 0.0 0.3 0:00 adsl-connect 5385 root 9 0 936 936 768 S 0.0 0.3 0:00 safe_mysqld 5407 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld
RE: [squid-users] Implication of positive_dns_ttl?
if you have no service contract with RH9 then you better move to another distro or to Fedora (which im migrating loads too now). Support is about to be completely dropped on the non enterprise version of RedHat but RH did fork it into the Fedora project which was something I had wished they did a year ago. Now I have a system very similar to RH9, completely free, recent rpm builds if I want, multiple rpm synch mechanisms, no trademark issues when building my own cd's from RH. Anyway go to fedora.redhat.com for more info. If you have more questions about Fedora, email me direct as its off-topic for this list. Since you said you were new to Linux I figured you may not be aware of the recent changes at RH. -Greg On Fri, 28 Nov 2003, Cafe Admin wrote: Thanks Greg. My RH9 came with 2.5stable1-2 too, but I obtained the latest stable RPM (at that time) from http://swelltech.com/support/updates/squid/9/i386/ and upgraded to 2.5.Stable3. Your suggestion sounds helpful, but I need to do a little more research/reading to fully understand what you mean. I'm still relatively newbie to Linux and Squid. This is for my own private network of 30 clients and I have no service contract with RH9 so I pretty much can do what I see fit for my situation :) I'll let you know if I'm successful or run into any road block. Thanks. -Original Message- From: squiduser [mailto:[EMAIL PROTECTED] Sent: Friday, November 28, 2003 11:26 PM To: Cafe Admin Cc: [EMAIL PROTECTED] Subject: RE: [squid-users] Implication of positive_dns_ttl? Did you get that rpm from updates.redhat.com? Ive been looking for an updated squid rpm but mine shows 2.5stable1-2 (im not at work but im pretty sure thats it). If not where? Otherwise im probably going to rebuild an rpm for 2.5stable-latest. What you can try is getting the SRPM for it and apply that patches. The problem I found with some of RH rpms is the things they do to backport fixes sometimes make patching difficult. So what im going to try to do next week while at work is grab the SRPM file and since it contains the SPEC file, ill use it to reference the newer Squid sources to rebuild the RPM. If that fails, Ill check rpmfind for an updated SRPM to get a working spec file and then rebuild locally. Note if yours is an enterprise system I doubt RH will support any changes you make to their loadout. But if your just wanting that config option, get the SRPM, modify the SPEC file and rebuild. The spec file contains the configuration flags used. More info at www.rpm.org on how this is done. -greg On Fri, 28 Nov 2003, Cafe Admin wrote: I think I found the answer to my first question How do I tell whether it was compiled with the --disable-internal-dns option? Typing squid -v at the prompt tells me the squid version in addition to the compile options. --disable-internal-dns is not listed so I assume the binary was not compiled with it. Please tell me if I'm looking at the wrong place. My other questions remain to be answered: Where can I find the patch (and instruction on how to apply the patch) to force squid to cache positive dns longer? Can I apply the patch to my current RPM binary? Thanks. -Original Message- From: Cafe Admin [mailto:[EMAIL PROTECTED] Sent: Friday, November 28, 2003 8:19 PM To: [EMAIL PROTECTED] Subject: RE: [squid-users] Implication of positive_dns_ttl? Thanks Henrik. I'm using Squid 2.5.Stable3 RPM for RH9. How do I tell whether it was compiled with the --disable-internal-dns option? Also, where can I find the patch (and instruction on how to apply the patch) to force squid to cache positive dns longer. Can I apply the patch to my current RPM binary? Excuse my ignorance; I'm still learning my way around with Squid and Linux. Thanks. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Friday, November 28, 2003 4:44 PM To: Cafe Admin Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Implication of positive_dns_ttl? On Fri, 28 Nov 2003, Cafe Admin wrote: Hi all, I'm using the default positive_dns_ttl 6 hours in my squid.conf. Does this mean that Squid will overide all DNS ttl and cache every successfull DNS lookup for at least 6 hours? If your Squid is not compiled with the default internal DNS client (--disable-interna-dns not used) then the positive_dns_ttl parameter is not used at all by Squid. Instead the TTL value given by DNS is used. There is a patch to make Squid-2.5 use this parameter as a upper limit on DNS TTL for positive caching. Is there a means to force positive DNS lookup to be cached longer than the ttl provided by the host domain? Thanks. If you build Squid with --disable-internal-dns then DNS TTL information will not be available to Squid and the positive_dns_ttl will be used. Regards Henrik
Re: [squid-users] Re: Hardware filewall + squid: blocking kazaa/kazaa lite
I figured you have tried google groups and their directory and if you didnt get anything from that then you can check out the Snort database signatures. I use snort IDS (www.snort.org) and it has P2P signatures in it. Or you could try www.whitehats.com which is a massive online site full of IDS signatures. Probably some P2P sigs listed there as well -Greg On Sat, 29 Nov 2003, Henrik Nordstrom wrote: On Fri, 28 Nov 2003, Robert S wrote: Thanks. I've seen various suggestions around the place, but none look workable. What other ports would I need to block to block kazaa/kazaa lite? There was an article in Linux Journal on how to block kazaa not long ago.. unfortunately I don't have it around. Regards Henrik
Re: Re[2]: [squid-users] why it works so SLOW ???
have just compiled newest stable version of squid... work this same slow about 20 second till anything appear on screan :( ( www browsing work perfect without squid ) i think its a reason of my squid.conf can I see ur squid.conf if possible plz send it to me -- Best regards, Maciejmailto:[EMAIL PROTECTED] Hi, Since I have certain things in my squid.conf that I'd prefer to keep private (IPs etc) here's the minimum lines you'll need to change: 1) cache_dir ufs /hdd1/squidcache 1000 16 256 2) acl MyLan src 192.168.3.1-192.168.3.254/255.255.255.255 3) http_access allow MyLan 4) visible_hostname Squid Cache These lines are: 1) Alter the path to your personal cache directory. Leave directory numbers etc standard. I've increased my cache_dir size to 1Gbyte. I have a VERY small LAN so 1Gbyte is enough. 2) Create an ACL for your LAN 3) Allow your LAN access through Squid 4) Unless your Squid box has a Fully Qualified Domain Name, set this to your liking. Last thing I can think of: make sure that the user for which Squid runs as (as listed in the squid.conf file) has full permissions on the cache_dir and log directories. My current guess is that Squid can't write to the cache or logs. Check these permissions and see if speed improves! hth Regards, nry _ Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband
[squid-users] Re: Squid authentication problem
On Sat, 29 Nov 2003, Hariom Upadhyay wrote: 2. file1 genereted through apache htpassword program Did you remember to tell htpasswd to use crypt hasing of the password (the default is md5 which is not understood by ncsa_auth) And please use the squid-users mailinglist for Squid questions. The squid-faq address is for submissions of information or corrections to the Squid FAQ. Regards Henrik