Here is my problem. All port 80 traffic is being intercepted by the
iptables configuration and redirecting to squid.
Some of my users have static IP addresses and host their own
webservers. When the Squid box is up and running none of their sites
are accessible. If I shut down the squid box
I am trying to avoid using iptables to bypass some sites which have
issues with squid.
I have created the following but the sites are still broken ... any
ideas how to force these sites to go direct?
acl directurls url_regex /etc/squid3/direct-urls
cache deny directurls
Contents of
For some reason when squid is running a speed test (www.speedtest.net)
will run fine though the download but when it tries the upload test
there will be a 20 second pause then it will start. With squid
disabled everything runs as normal.
No delay pools in my configs. It affects other flash
I am having issues with a few sites like megavideo, hotmail, etc and
looking to bypass them entirely via IPTables ... I have added some
rules to IPTables but I still see the traffic hitting the caches. Any
ideas?
Strange thing is that when running an iptables --list it shows no
rules configured
I am having issues with a few sites like megavideo, hotmail, etc and
looking to bypass them entirely via IPTables ... I have added some
rules to IPTables but I still see the traffic hitting the caches. Any
ideas?
Strange thing is that when running an iptables --list it shows no
rules configured
I have TProxy working now but all those what is my ip sites are
still able to detect the cache
http://www.spyber.com is an example ...
Proxy IP detected!
66.78.102.3 Whois
Host: cache-02.ripnet.com
ISP: RipNET Limited
Country: (CAN) - Canada
Region/State: Ontario
City: Brockville
Any ideas how
)$ 1440 40% 40320
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 40% 40320
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE,
IT MAY CONTAIN PRIVILEGED
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE,
IT MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION.
ANY UNAUTHORIZED DISCLOSURE IS STRICTLY PROHIBITED.
IF YOU HAVE RECEIVED
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE,
IT MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION.
ANY UNAUTHORIZED DISCLOSURE IS STRICTLY PROHIBITED.
IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR,
PLEASE
destination
MARK all -- anywhere anywhereMARK xset
0x1/0x
ACCEPT all -- anywhere anywhere
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
. Is there any completed/ fully documented
article available for us knuckleheads that describes step by step how
this may be accomplished. Any help would be most appreciated.
Regards,
Tom
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel
these were just samples of URLs ... ALL traffic is not being cached ...
I am talking about 24 hours of traffic on a busy network. If i switch
back to the old transparent setup everything works in fine. I am at a
loss why tproxy is broken
Amos Jeffries wrote:
Jamie Orzechowski wrote:
I
at all.
Any ideas?
Okay, so much for the easy answer. We will have to see your config to
tell
why its not caching.
Amos
Amos Jeffries wrote:
Jamie Orzechowski wrote:
Hi,
My post does not seem to be going to the list. Wondering if you have
any ideas
I am using squid 3.1.0.6
If I check the disk free while the cache is running I do not see any of
my cache directories incrementing at all.
Any ideas?
Amos Jeffries wrote:
Jamie Orzechowski wrote:
Hi,
My post does not seem to be going to the list. Wondering if you have
any ideas?
I
--on-port 3129
//
any idea why I am not getting any TCP_HITS? ...
Amos
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE,
IT MAY CONTAIN PRIVILEGED OR CONFIDENTIAL
tcp -m socket -j DIVERT
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129
//
any idea why I am not getting any TCP_HITS? ...
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
tcp -m socket -j DIVERT
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129
//
any idea why I am not getting any TCP_HITS? ...
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
: Copyright (c) 2006-2007 BalaBit IT Ltd.
[ 15.510067] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
A tcpdump shows http traffic hitting the box but nobody it able to surf.
Any ideas what could be wrong??
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network
I went from a standard transparent setup to tproxy. Everything works
fine with the old transparent method so my ACL's are working. My
customers are seeing nothing. No squid errors on their browsers just
timesout ... my access log does not not grow.
Amos Jeffries wrote:
Jamie Orzechowski
.access.ripnet.com.3743
66.235.143.70.www: S 3961780886:3961780886(0) win 65535 mss
1452,nop,nop,sackOK
10:42:02.359148 IP 66-78-124-223.access.ripnet.com.1123
64.215.158.17.www: S 2435980027:2435980027(0) win 65535 mss
1452,nop,nop,sackOK
Amos Jeffries wrote:
Jamie Orzechowski wrote:
I went
I have installed a Foundry ServerIron XL in front of my caches.
The problem is that I do not see any traffic going towards my caches and
nothing on tcpdump. If I manually force the proxy it works fine.
Any ideas?? ... Here is my Configs. I am directly connected to port 10
for testing
--to-port 3128
Depends entirely on which of the many tests the site uses are showing the
proxy.
Look anonymization in the FAQ.
http://wiki.squid-cache.org
Amos
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
I am running squid stable 13 on a ubuntu linux box in transparent mode.
Is there a way to hide the proxy so it will pass the test located at
http://www.lagado.com/proxy-test
my iptables rule looks like
/sbin/iptables -t nat -A PREROUTING -i bond0.998 -p tcp --dport 80 -j
REDIRECT --to-port
to a blank page. If
they click refresh on the browser the mailbox shows up correctly.
Any ideas how to avoid this problem?
I have tried bypassing hotmail.com, live.com domains with no luck.
--
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613
24 matches
Mail list logo
