[squid-users] In which mode squid runs with ruckus accesspoint
Hi, Integrating squid box with rukus access point and captiive portal. we have wifi users in network and we have captive portal for them. For wifi, we are using ruckus access point and in there we configure that to forward web traffic to squid box and in squid box we configure url_rewrite, which only allow certain URL to surf and for rest it rewrite the url with captive portal url. Here what could be mode of squid ? intercept / tproxy or ? As in ruckus, simply redirect to ip : port. Regards, Ben
[squid-users] squidclient mgr:info squid performance
Safe_ports port 21# ftp acl Safe_ports port 443# https acl Safe_ports port 70# gopher acl Safe_ports port 210# wais acl Safe_ports port 1025-65535# unregistered ports acl Safe_ports port 280# http-mgmt acl Safe_ports port 488# gss-http acl Safe_ports port 591# filemaker acl Safe_ports port 777# multiling http acl CONNECT method CONNECT acl localnet src '/etc/squid/localnet' http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #http_access deny to_localhost http_access allow localnet http_access allow localhost http_access deny all http_port 3128 http_port 3129 tproxy # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. cache_dir aufs /c1 75776 64 512 cache_dir aufs /c2 102400 64 512 cache_dir aufs /c3 102400 64 512 cache_dir aufs /c4 102400 64 512 # Leave coredumps in the first cache dir coredump_dir /c1 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i \.(png|gif|jpeg|bmp|tiff|jpg|ico|tif)$ 10080 90% 43200 reload-into-ims refresh-ims refresh_pattern -i \.(zip|rar|tar|gz|tgz|z|arj|lha|lzh)$ 10080 90% 43200 reload-into-ims refresh-ims refresh_pattern -i \.(exe|msi)$ 10080 90% 43200 reload-into-ims refresh-ims refresh_pattern -i \.(mp3|wav|mid|midi|ram|ra|mov|avi|wmv|mpg|mpeg|swf)$ 10080 90% 43200 reload-into-ims refresh-ims refresh_pattern -i \.(pdf|ps|doc|ppt|pps)$ 10080 90% 43200 reload-into-ims refresh-ims refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern -i (/cgi-bin/|\?) 00%0 refresh_pattern .020%4320 shutdown_lifetime 15 seconds cache_mem 2500 MB error_directory /etc/squid/errors via off maximum_object_size_in_memory 40 KB - maximum_object_size 400 MB -- cache_swap_low 96 cache_swap_high 97 memory_replacement_policy lru cache_replacement_policy heap LFUDA quick_abort_min 1024 KB quick_abort_max 2045 KB quick_abort_pct 90 positive_dns_ttl 8 hours negative_dns_ttl 0 ipcache_size 5 ipcache_low 95 ipcache_high 97 fqdncache_size 25000 httpd_suppress_version_string on visible_hostname Proxy_server client_db off max_filedescriptors 65000 pipeline_prefetch on Kindly guide me to how to tune more for good cache gain and great performance. Does my memory cache object size and disk cache object size is perfect or need to increase it ? Please Suggest tunning from squid side and OS side to get better cache gain and more performance. Regards, Benjamin Fernandis
[squid-users] compilation error
Hi, I am trying to compile squid code on Linux, compilation is done properly but after that when i checked config.log , i can see some errors and warning.So i wonder that does it related with OS side or from squid side ? my squid configuration paramters while compilation process: Squid Cache: Version 3.1.16 configure options: '--prefix=/opt/squid/' '--with-logdir=/var/log/squid/' '--with-pidfile=/var/run/squid.pid' '--enable-icmp' '--enable-cache-digest' '--enable-forward-log' '--enable-follow-x-forwarded-for' '--enable-snmp' '--enable-linux-netfilter' '--enable-wccp2' '--enable-http-violations' '--enable-storeio=aufs,ufs' '--with-large-files' '--with-filedescriptors=22400' '--enable-async-io=128' '--enable-removal-policies=lru,heap' '--enable-useragent-log' '--enable-referer-log' '--enable-err-languages=English' '--enable-default-err-language=English' '--enable-zph-qos' '--enable-icap-client' --with-squid=/opt/squid-3.1.16 --enable-ltdl-convenience cat config.log | grep -i warning cc1: warning: command line option -fno-rtti is valid for C++/ObjC++ but not for C configure:20134: WARNING: cppunit does not appear to be installed. squid does not require this, but code testing with 'make check' will fail. conftest.c:246: warning: conflicting types for built-in function 'rint' conftest.c:246: warning: conflicting types for built-in function 'rint' conftest.c:246: warning: conflicting types for built-in function 'log' /opt/squid-3.1.16/conftest.cpp:334: warning: the use of `tempnam' is dangerous, better use `mkstemp' cat config.log | grep -i error conftest.c:12:28: error: ac_nonexistent.h: No such file or directory conftest.c:12:28: error: ac_nonexistent.h: No such file or directory | /* Override any GCC internal prototype to avoid an error. | /* Override any GCC internal prototype to avoid an error. | /* Override any GCC internal prototype to avoid an error. conftest.cpp:24:28: error: ac_nonexistent.h: No such file or directory conftest.cpp:24:28: error: ac_nonexistent.h: No such file or directory | /* Override any GCC internal prototype to avoid an error. configure:15646: checking for dlerror | #define HAVE_DLERROR 1 | /* Override any GCC internal prototype to avoid an error. configure:16099: checking for error_t conftest.cpp:38: error: expected primary-expression before ')' token | #define HAVE_DLERROR 1 | if (sizeof ((error_t))) conftest.cpp:76:18: error: ltdl.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 conftest.cpp:76:16: error: dl.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 conftest.cpp:76:20: error: sys/dl.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 conftest.cpp:76:17: error: dld.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 conftest.cpp:76:25: error: mach-o/dyld.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | /* Override any GCC internal prototype to avoid an error. | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | /* Override any GCC internal prototype to avoid an error. configure:16646: checking for dlerror | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 | /* Override any GCC internal prototype to avoid an error. conftest.cpp:110:25: error: sys/devpoll.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:77:25: error: sys/devpoll.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:78:25: error: sys/devpoll.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 |perror(devpoll_create:); conftest.c:88:28: error: ac_nonexistent.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:126:21: error: bstring.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:93:21: error: bstring.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:137:23: error: gnumalloc.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:104:23: error: gnumalloc.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:141:23: error: ip_compat.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:108:23: error: ip_compat.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:141:27: error: ip_fil_compat.h: No such file or directory | #define HAVE_DLERROR 1 | #define HAVE_ERROR_T 1 | #define HAVE_DLERROR 1 conftest.cpp:108:27: error: ip_fil_compat.h: No such file or
[squid-users] memory utilization
Hi All, I configured squid box to get good cache performance and for that i set cache_mem and object size in cache. cat /etc/squid/squid.conf | grep cache_mem cache_mem 6144 MB cat /etc/squid/squid.conf | grep -i maximum_object_size_in_memory maximum_object_size_in_memory 1 MB And whenever i check memory usage at OS level while squid is serving to traffic. it shows me free -mto total used free sharedbuffers cached Mem: 7995345 7650 0 30 78 Swap: 8999 0 8999 Total: 16995345 16650 So as per my squid setup i set 6GB , So why free -mto showing me that only 345 mb is used and 7650 mb is free. As per my understanding , if i assign 6GB RAM to squid then 6GB will be deducted from my actual memory and then OS has that remaining amount of memory. My perception is right ? What is the purpose of --enable-async-io option in squid? i read on internet that it enable more performance while using more thread with that option is it correct information which i have ? My squid version is Squid Cache: Version 3.1.15 i used squid rpm which i have from my fedora 15 64 bit os in that i can't have that option is enabled so this option is really useful for better performance in high network traffic ? Regards, Benjamin
[squid-users] too much TCP_MISS
Hi All, I setup squid on centos 6 for cache gain purpose and for that i configured squid.I am not having any problem while installing and configuring squid on Linux. But when i try to check caching is happening or not or checking traffic in access.log i can see too many TCP_MISS tags. Even for testing , i try to open same url for 2-3 times , but all time same , i can see TCP_MISS only for all requests from that site. --- squid.conf: # # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl mynetwork src '/etc/squid/mynetwork' acl youtube dstdomain .youtube.com cache allow youtube # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on localhost is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow mynetwork http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 http_port 3129 intercept # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. cache_dir aufs /CACHE 307200 64 512 # Leave coredumps in the first cache dir coredump_dir /CACHE refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.index.(html|htm)$ 0 40% 10080 refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320 refresh_pattern -i \.flv$ 10080 90% 99 ignore-no-cache override-expire ignore-private refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 40% 40320 cache_mem 2000 MB httpd_suppress_version_string on via off maximum_object_size_in_memory 40 KB maximum_object_size 4194304 KB #maximum_object_size 65536 KB cache_swap_low 96 cache_swap_high 97 memory_replacement_policy lru cache_replacement_policy heap LFUDA quick_abort_min 1024 KB quick_abort_max 2045 KB quick_abort_pct 90 positive_dns_ttl 8 hours negative_dns_ttl 0 ipcache_size 2 ipcache_low 95 ipcache_high 97 fqdncache_size 12000 cache_store_log /var/log/squid/store.log pipeline_prefetch on I can only see TCP_MISS. What could be the reason ? Is there any misconfiguration or ? Please guide me to resolve this problem. squid version: 3.1.8 centos 6 64 bit kernel version: 2.6.32-71.el6.x86_64 Regards, Benjamin Fernandis
[squid-users] Squid work consideration
Hi All, I have some basic queries which i would like to clear from your suggestions and knowledge sharing. 1) How squid identity web object size ? My understanding : Squid identifies web object size by http headers for that web object M i right ? 2) Suppose i define maximum_object_size on disk is 4 GB. then as per squid consideration , squid will store web objects which are = 4 GB.so how to validate that this object which is = 4GB is stored on disk by squid for further cache gain? Thanks Regards, Benjo
[squid-users] snmp error
Hi, I am trying to configure snmp with.When i try to run snmpwalk command for testing , i am getting erros in cache.log. cache.log 2011/10/24 00:30:48| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:49| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:50| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:51| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:52| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:53| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 snmpwalk -m /usr/share/snmp/mibs/SQUID-MIB.txt -v1 -c public localhost:3401 .1.3.6.1.4.1.3495.1.1 Timeout: No Response from localhost:3401 my squid.conf # # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl mynetwork src '/etc/squid/mynetwork' # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on localhost is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow mynetwork http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 http_port 3129 intercept # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. cache_dir aufs /CACHE 307200 64 512 # Leave coredumps in the first cache dir coredump_dir /CACHE # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_mem 2000 MB httpd_suppress_version_string on visible_hostname CACHE_ENGINE error_directory /etc/squid/errors via off maximum_object_size_in_memory 40 KB maximum_object_size 65536 KB cache_swap_low 96 cache_swap_high 97 memory_replacement_policy lru cache_replacement_policy heap LFUDA quick_abort_min 1024 KB quick_abort_max 2045 KB quick_abort_pct 90 positive_dns_ttl 8 hours negative_dns_ttl 0 ipcache_size 2 ipcache_low 95 ipcache_high 97 fqdncache_size 12000 cache_store_log /var/log/squid/store.log pipeline_prefetch on snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic localhost snmp_access deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 0.0.0.0 where could be the mistake? squid version: 3.1.8 centos 6 64 bit kernel: 2.6.32-71.el6.x86_64 while i try to run : snmpwalk -v1 -c public localhost , it is working fine. Regards, Benjamin Fernandis
Re: [squid-users] snmp error
Hi Amos, Thanks for your kind response.I removed (snmp_incoming_address 0.0.0.0 snmp_outgoing_address 0.0.0.0) from squid.conf and try to use version2 in snmpwalk command, but i m getting same output. Does it any specific bug or something related with snmp package version or squid ? Because i have another squid box which having fedora 15 in that i used same configuration and it is working fine.But while using centos6 , i m facing current problems. Regards, Benjamin On Mon, Oct 24, 2011 at 9:07 AM, Amos Jeffries squ...@treenet.co.nz wrote: On 24/10/11 02:32, benjamin fernandis wrote: Hi, I am trying to configure snmp with.When i try to run snmpwalk command for testing , i am getting erros in cache.log. cache.log 2011/10/24 00:30:48| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:49| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:50| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:51| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:52| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 2011/10/24 00:30:53| snmp_core.cc(489) snmpDecodePacket: Failed SNMP agent query from : 210.122.22.30:53441 Strange. Possibly due to -v1 parameter being used. Try with -v2c instead and see if it still occurs. snmpwalk -m /usr/share/snmp/mibs/SQUID-MIB.txt -v1 -c public localhost:3401 .1.3.6.1.4.1.3495.1.1 Timeout: No Response from localhost:3401 my squid.conf snip snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic localhost snmp_access deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 0.0.0.0 where could be the mistake? http://www.squid-cache.org/Doc/config/snmp_outgoing_address/ NOTE, snmp_incoming_address and snmp_outgoing_address can not have the same value since they both use port 3401. leading to Timeout: No Response from localhost:3401 Solve this by removing the lines for both in and out addresses from your config. The defaults are fine. If you have to set the specific outgoing address for any reason, at least make sure it is an IP assigned to the box. Not zero. squid version: 3.1.8 centos 6 64 bit kernel: 2.6.32-71.el6.x86_64 while i try to run : snmpwalk -v1 -c public localhost , it is working fine. That walks the kernel. Not squid AFAIK. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.16 Beta testers wanted for 3.2.0.13
[squid-users] Squid segmentation fault
Hi, In my network, i am using squid with tproxy feature.We are getting Oct 16 12:40:25 SQUID_BOX kernel: [58645.324506] squid[1205]: segfault at b39 ip 7f37cd7d402a sp 7fff5efe98c0 error 6 in squid[7f37cd5fb000+318000]. What does it mean? Is it related with any kernel bug or with squid? Regards, Benjamin
[squid-users] Re: squid + wccp2
Hi All, I successfully resolved this problem. Thanks, Benjamin On Wed, Oct 12, 2011 at 8:01 PM, benjamin fernandis benjo11...@gmail.com wrote: Hi Please guide me to clear my queries. Thanks, Benjamin On Tue, Oct 11, 2011 at 7:22 PM, benjamin fernandis benjo11...@gmail.com wrote: Hi All, We have requirement to configure squid to deploy with cisco wccp2. I have some confusion regarding configuration, kindly clear my queries and guide me to configure it. My current network senario: Wan side cisco 7200 router ( wan ip 84.24.xx.xx ) ( lan ip 149.255.xx.xx) ( lan ip is bgp routed ip pool ) | | switch -squid box ( one interface only ip : 149.255.xx.19) ( gateway ip is router lan ip ) | | End Users Now i need to configure squid to use with wccp. i tried to find reference document from google and squid wiki. But i have some queries, what is remote ip while configuring ip tunnel in squid and local ip ? as per my current configuration i tried : remote ip is router wan ip ( 84.24.xx.xx) and local ip is squd ip ( 149.255.xx.xx ) is it correct one ? and what is the wccp2_router router ip in squid.conf i used 149.255.xx.xx ( router lan ip ) is it correct one ? - test 1 actually i tried to configure router loop back ip on tunnel remote and squid ip as local ip on tunnel but that time i can see traffic on wccp interface and traffic on iptables nat redirection rule but no traffic in squid access.log and surfing is not working. So please guide me , what could be right configuration while going to use squid with wccp2. OS: fedora 15 squid : 3.1.14 Regards, Benjo
[squid-users] Re: squid + wccp2
Hi Please guide me to clear my queries. Thanks, Benjamin On Tue, Oct 11, 2011 at 7:22 PM, benjamin fernandis benjo11...@gmail.com wrote: Hi All, We have requirement to configure squid to deploy with cisco wccp2. I have some confusion regarding configuration, kindly clear my queries and guide me to configure it. My current network senario: Wan side cisco 7200 router ( wan ip 84.24.xx.xx ) ( lan ip 149.255.xx.xx) ( lan ip is bgp routed ip pool ) | | switch -squid box ( one interface only ip : 149.255.xx.19) ( gateway ip is router lan ip ) | | End Users Now i need to configure squid to use with wccp. i tried to find reference document from google and squid wiki. But i have some queries, what is remote ip while configuring ip tunnel in squid and local ip ? as per my current configuration i tried : remote ip is router wan ip ( 84.24.xx.xx) and local ip is squd ip ( 149.255.xx.xx ) is it correct one ? and what is the wccp2_router router ip in squid.conf i used 149.255.xx.xx ( router lan ip ) is it correct one ? - test 1 actually i tried to configure router loop back ip on tunnel remote and squid ip as local ip on tunnel but that time i can see traffic on wccp interface and traffic on iptables nat redirection rule but no traffic in squid access.log and surfing is not working. So please guide me , what could be right configuration while going to use squid with wccp2. OS: fedora 15 squid : 3.1.14 Regards, Benjo
[squid-users] squid + wccp2
Hi All, We have requirement to configure squid to deploy with cisco wccp2. I have some confusion regarding configuration, kindly clear my queries and guide me to configure it. My current network senario: Wan side cisco 7200 router ( wan ip 84.24.xx.xx ) ( lan ip 149.255.xx.xx) ( lan ip is bgp routed ip pool ) | | switch -squid box ( one interface only ip : 149.255.xx.19) ( gateway ip is router lan ip ) | | End Users Now i need to configure squid to use with wccp. i tried to find reference document from google and squid wiki. But i have some queries, what is remote ip while configuring ip tunnel in squid and local ip ? as per my current configuration i tried : remote ip is router wan ip ( 84.24.xx.xx) and local ip is squd ip ( 149.255.xx.xx ) is it correct one ? and what is the wccp2_router router ip in squid.conf i used 149.255.xx.xx ( router lan ip ) is it correct one ? - test 1 actually i tried to configure router loop back ip on tunnel remote and squid ip as local ip on tunnel but that time i can see traffic on wccp interface and traffic on iptables nat redirection rule but no traffic in squid access.log and surfing is not working. So please guide me , what could be right configuration while going to use squid with wccp2. OS: fedora 15 squid : 3.1.14 Regards, Benjo
[squid-users] Re: wccp2 + squid
Hi, I configured squid with wccp. I can see traffic in squid access.log and on wccp interface on squid.But traffic is not coming in proper format in squid access.log so browsing is not working. squid access.log 1318275851.743 0 245.244.12.23 NONE/400 3078 GET /index/u0607g.xml.klz - NONE/- text/html 1318275851.758 0 245.244.12.23 NONE/400 3070 GET /index/u0607g.xml - NONE/- text/html 1318275851.884 0 245.244.12.23 NONE/400 3078 GET /index/u0607g.xml.dif - NONE/- text/html 1318275851.897 0 245.244.12.23 NONE/400 3078 GET /index/u0607g.xml.klz - NONE/- text/html 1318275851.909 0 245.244.12.23 NONE/400 3070 GET /index/u0607g.xml - NONE/- text/html 1318275852.019 0 245.244.12.23 NONE/400 3078 GET /index/u0607g.xml.dif - NONE/- text/html 1318275852.032 0 245.244.12.23 NONE/400 3078 GET /index/u0607g.xml.klz - NONE/- text/html 1318275852.044 0 245.244.12.23 NONE/400 3070 GET /index/u0607g.xml - NONE/- text/html 1318275874.694 0 245.244.12.23 NONE/400 3098 POST /ajax/chat/buddy_list.php?__a=1 - NONE/- text/html 1318275900.971 0 245.244.12.23 NONE/400 3180 POST /gateway/gateway.dll?Version=1Action=openServer=NSIP=none - NONE/- text/html 1318275903.884 0 245.244.12.23 NONE/400 3098 POST /ajax/presence/update.php?__a=1 - NONE/- text/html 1318275908.830 0 245.244.12.23 NONE/400 3342 GET /svc/Social/GetFeed?filter=%7B%22FilterProperties%22%3A31%2C%22FeedType%22%3A1%2C%22TopN%22%3A20%2C%22AuthorFilter%22%3A239%2C%22Last%22%3A%22P365D%22%7D - NONE/- text/html wccp0 interface on squid: wccp0 Link encap:UNSPEC HWaddr 95-FF-10-13-00-00-82-79-00-00-00-00-00-00-00-00 inet addr:245.244.12.2 P-t-P:245.244.12.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1 RX packets:12460 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:781602 (763.2 KiB) TX bytes:0 (0.0 b) squid.conf: http_port 3128 intercept wccp2_router 245.244.12.1 wccp2_forwarding_method gre wccp2_return_method gre wccp2_assignment_method hash wccp2_service standard 0 [root@CACHE_ENGINE ~]# cat /proc/sys/net/ipv4/conf/all/rp_filter 0 [root@CACHE_ENGINE ~]# cat /proc/sys/net/ipv4/conf/default/rp_filter 0 [root@CACHE_ENGINE ~]# cat /proc/sys/net/ipv4/conf/em1/rp_filter 0 [root@CACHE_ENGINE ~]# cat /proc/sys/net/ipv4/conf/lo/rp_filter 0 [root@CACHE_ENGINE ~]# cat /etc/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local #modprobe ip_gre ip tunnel add wccp0 mode gre remote 245.244.12.1 local 245.244.12.2 dev em1 ifconfig wccp0 245.244.12.2 netmask 255.255.255.255 up [root@CACHE_ENGINE ~]# iptables -L -nvx -t nat Chain PREROUTING (policy ACCEPT 2026 packets, 448189 bytes) pkts bytes target prot opt in out source destination 41736936 REDIRECT tcp -- wccp0 * 0.0.0.0/00.0.0.0/0 tcp dpt:80 redir ports 3128 Chain INPUT (policy ACCEPT 582 packets, 52266 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 109 packets, 6545 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 109 packets, 6545 bytes) pkts bytes target prot opt in out source destination Where could be the mistake? please guide me to solve it. OS : FEDORA 15 64 BIT SQUID : 3.1.14 KERNEL : 2.6.40.4-5.fc15.x86_64 Regards, Benjamin
Re: [squid-users] squid tproxy
Hi Amos, Thanks for your kind response.As per your reply ,i set rp_filter value 2 .But no luck. And then i tried for bridge mode in that i can see traffic in tproxy iptables rules, but i m not getting requests in squid access.log my os : fedora 15 64 bit kernel: 2.6.40.4-5.fc15.x86_64 squid : Squid Cache: Version 3.1.15 As per your before suggestions, i used latest kernel and latest squid version.But still same issue i am facing.Please please guide me to solve this problem. Regards, Benjamin On Sat, Sep 24, 2011 at 11:03 AM, Amos Jeffries squ...@treenet.co.nz wrote: On Fri, 23 Sep 2011 16:49:24 +0530, benjamin fernandis wrote: Hi All, I am trying to deploy squid with existing network for cache gain and tproxy feature.I configured squid properly there is no error.I can see traffic in access.log and iptables tproxy rule but at end users end they are getting squid error page with request time out. What could be the mistake behind this problem.? Is there anything remaining in squid? It has recently been brought to my attentino that the rp_filter system underwent a re-designe in kernel 2.6.32 and what we had in the wiki is doing the opposite (strict blocking) of what we wanted (loose checks default, none on the interface). Check your rp_filter values they should be 2 now where previously we were advising 1, and 0 on the interface where TPROXY is happening. reference : http://wiki.squid-cache.org/Features/Tproxy4 squid version: 3.1.15 os : fedora 15 Squid in network: ROUTER PBR CONFIGURATION ( FOR port 80 traffic pass to squid from bandwith shapper , for port 80 traffic pass internet to squid) | | SWITCH | | | | -SQUID BOX | BANDWITH SHAPPER | | END USERS Kindly guide me to solve this abnormal problem. Thanks, Benjamin
Re: [squid-users] squid tproxy
Hi Amos, One input from my side. Current network is ISP network and they having BGP routed public ip pool.So does it has any conflict with them.? Because traffic comes into tproxy iptables rules means marking dones is good but requests are not coming into squid access.log. Best Regards, Benjamin On Sun, Sep 25, 2011 at 6:43 PM, benjamin fernandis benjo11...@gmail.com wrote: Hi Amos, Thanks for your kind response.As per your reply ,i set rp_filter value 2 .But no luck. And then i tried for bridge mode in that i can see traffic in tproxy iptables rules, but i m not getting requests in squid access.log my os : fedora 15 64 bit kernel: 2.6.40.4-5.fc15.x86_64 squid : Squid Cache: Version 3.1.15 As per your before suggestions, i used latest kernel and latest squid version.But still same issue i am facing.Please please guide me to solve this problem. Regards, Benjamin On Sat, Sep 24, 2011 at 11:03 AM, Amos Jeffries squ...@treenet.co.nz wrote: On Fri, 23 Sep 2011 16:49:24 +0530, benjamin fernandis wrote: Hi All, I am trying to deploy squid with existing network for cache gain and tproxy feature.I configured squid properly there is no error.I can see traffic in access.log and iptables tproxy rule but at end users end they are getting squid error page with request time out. What could be the mistake behind this problem.? Is there anything remaining in squid? It has recently been brought to my attentino that the rp_filter system underwent a re-designe in kernel 2.6.32 and what we had in the wiki is doing the opposite (strict blocking) of what we wanted (loose checks default, none on the interface). Check your rp_filter values they should be 2 now where previously we were advising 1, and 0 on the interface where TPROXY is happening. reference : http://wiki.squid-cache.org/Features/Tproxy4 squid version: 3.1.15 os : fedora 15 Squid in network: ROUTER PBR CONFIGURATION ( FOR port 80 traffic pass to squid from bandwith shapper , for port 80 traffic pass internet to squid) | | SWITCH | | | | -SQUID BOX | BANDWITH SHAPPER | | END USERS Kindly guide me to solve this abnormal problem. Thanks, Benjamin
[squid-users] squid tproxy
Hi All, I am trying to deploy squid with existing network for cache gain and tproxy feature.I configured squid properly there is no error.I can see traffic in access.log and iptables tproxy rule but at end users end they are getting squid error page with request time out. What could be the mistake behind this problem.? Is there anything remaining in squid? reference : http://wiki.squid-cache.org/Features/Tproxy4 squid version: 3.1.15 os : fedora 15 Squid in network: ROUTER PBR CONFIGURATION ( FOR port 80 traffic pass to squid from bandwith shapper , for port 80 traffic pass internet to squid) | | | | SWITCH | | | | | | -SQUID BOX | BANDWITH SHAPPER | | | END USERS Kindly guide me to solve this abnormal problem. Thanks, Benjamin
[squid-users] Re: squid tproxy problem
Hi, Any suggestions please. My Current Network Setup: WAN ROUTER(114.30.XX.1 --- public ip) | | | SWITCH | | | SQUID BOX (114.30.XX.19 gw: 114.30.XX.1) ( bridge mode) | | | BANDWITH MGMT. LINUX BOX ( 114.30.XX.10 gw: 114.30.XX.1) | | | END USERS ( mix with private ips and public ips ) at squid box : eth0 -internet( cable from switch) eth1- cable connected to BANDWITH MGMT. LINUX BOX) i am using centos 6 and squid version is 3.1.10 I can see traffic in tproxy iptables rules but i can not get any request to access.log Kindly guide me to solve this problem. Regards, Benjamin On Wed, Aug 17, 2011 at 7:15 PM, benjamin fernandis benjo11...@gmail.com wrote: Hi, I configured squid for tproxy feature in my network with bridge mode. I follow http://wiki.squid-cache.org/Features/Tproxy4 But I m not getting requests in access.log of squid. My configuration: cat /etc/squid/squid.conf # # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 acl localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl to_localhost dst ::1/128 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl mynetwork src '/etc/squid/mynetwork' acl cache_deny dst '/etc/squid/deny1' cache deny cache_deny # cache_mem 1024 MB # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on localhost is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow mynetwork http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 http_port 3129 tproxy # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. cache_dir aufs /cache/squid 25600 32 512 # Leave coredumps in the first cache dir coredump_dir /cache/squid httpd_suppress_version_string on # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 ip rule list 0: from all lookup local 32765: from all fwmark 0x1 lookup 100 32766: from all lookup main 32767: from all lookup default iptables -L -nvx -t mangle Chain PREROUTING (policy ACCEPT 959157 packets, 79545939 bytes) pkts bytes target prot opt in out source destination 10993 689414 DIVERT tcp -- * * 0.0.0.0/0 0.0.0.0/0 socket 16765 1000259 TPROXY tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1 Chain INPUT (policy ACCEPT 15122 packets, 1149717 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 959996 packets, 79295677 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 28272 packets, 10090599 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 988265 packets, 89386044 bytes) pkts bytes target prot opt in out source destination Chain DIVERT (1 references) pkts bytes target prot opt in out source destination 10993 689414 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
[squid-users] squid tproxy problem
Hi, I configured squid for tproxy feature in my network with bridge mode. I follow http://wiki.squid-cache.org/Features/Tproxy4 But I m not getting requests in access.log of squid. My configuration: cat /etc/squid/squid.conf # # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 acl localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl to_localhost dst ::1/128 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl SSL_ports port 443 acl Safe_ports port 80# http acl Safe_ports port 21# ftp acl Safe_ports port 443# https acl Safe_ports port 70# gopher acl Safe_ports port 210# wais acl Safe_ports port 1025-65535# unregistered ports acl Safe_ports port 280# http-mgmt acl Safe_ports port 488# gss-http acl Safe_ports port 591# filemaker acl Safe_ports port 777# multiling http acl CONNECT method CONNECT acl mynetwork src '/etc/squid/mynetwork' acl cache_deny dst '/etc/squid/deny1' cache deny cache_deny # cache_mem 1024 MB # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on localhost is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow mynetwork http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 http_port 3129 tproxy # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. cache_dir aufs /cache/squid 25600 32 512 # Leave coredumps in the first cache dir coredump_dir /cache/squid httpd_suppress_version_string on # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern -i (/cgi-bin/|\?) 00%0 refresh_pattern .020%4320 ip rule list 0:from all lookup local 32765:from all fwmark 0x1 lookup 100 32766:from all lookup main 32767:from all lookup default iptables -L -nvx -t mangle Chain PREROUTING (policy ACCEPT 959157 packets, 79545939 bytes) pkts bytes target prot opt in out source destination 10993 689414 DIVERT tcp -- * * 0.0.0.0/0 0.0.0.0/0 socket 16765 1000259 TPROXY tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1 Chain INPUT (policy ACCEPT 15122 packets, 1149717 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 959996 packets, 79295677 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 28272 packets, 10090599 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 988265 packets, 89386044 bytes) pkts bytes target prot opt in out source destination Chain DIVERT (1 references) pkts bytes target prot opt in out source destination 10993 689414 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x1 10993 689414 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ebtables -t broute --list Bridge table: broute Bridge chain: BROUTING, entries: 2, policy: ACCEPT -p IPv4 -i eth0 --ip-proto tcp --ip-dport 80 -j redirect -p IPv4 -i eth1 --ip-proto tcp --ip-sport 80 -j redirect OS CENTOS 6 64 bit squid : 3.1.4 KERNEL : 2.6.32-71.29.1.el6.x86_64 Please guide me. Thanks, Benjamin
[squid-users] calamaris configuration
Hi, I try to configure calamaris with centos 6.It is working fine with html and other output format.but when i tried to use graph format i got below errors, cat /var/log/squid/access.log | /usr/local/calamaris/calamaris -a --output-file abc.txt -F html,graph --output-path /var/www/html/stats/ Use of uninitialized value in concatenation (.) or string at /usr/local/calamaris/calamaris line 4083, line 9494. Use of uninitialized value in concatenation (.) or string at /usr/local/calamaris/calamaris line 4115, line 9494. Use of uninitialized value in concatenation (.) or string at /usr/local/calamaris/calamaris line 4115, line 9494. Can't call method png on an undefined value at /usr/local/calamaris/calamaris line 4128, line 9494. Please guide me to solve this error.And i want any good document to configure calamaris with different options or is there any examples. SQUID VERSION:3.1.4 CALAMARIS VERSION: 2.99.4.0 PERL VERSION: 5.10.1 PERL-GD: 2.44-3.el6 Thanks, Benjamin
[squid-users] squid tproxy
Hi, I want to configure squid tproxy as external device.So for that what changes do i need to follow in iptables rule and policy routing from OS side? Current Lab setup: WAN ROUTER | | | switch---LINUX MACHINE ( configured as router ) -- end users | | squid Currently i tried to follow squid wiki steps to configure tproxy.And i can see traffic in squid access log but browsing not happening . even i m not seeing any traffic in iptables for tproxy rule. Kindly guide me to solve this problem. I want to deploy squid box as external device for getting cache gain.So for that do i need to change anything in iptables or policy routing? OS : centos 6 32 bit squid : 3.1.4 Thanks, Benjo
[squid-users] configuration of Squid for high cache gain
Hello Friends, We are going to deploy squid for getting high performance caching gain capability.Currently we are going to plan a demo for squid caching at one isp place. isp has 1500-2000 users. H/w specification: Quad Core Xeon 3.06 Ghz Processor 32 GB ram 2 TB sata hdd OS : CENTOS 6 Requirement: We need to deploy full tproxy squid feature and want to gain high cache performance.And we are trying squid for cache gain only. So please guide me that what are the perameters , i must have to look after to gain more caheing performance.And how much RAM i can assign to squid.This box is only for squid cache so there is no other processes occupy memory.And also suggest me other standard squid parameter , which i must need to tune for enhancing more caching. Current Setup : As per ISP: for bandwith mgmt., they are using commercial bandwith management devices as NAS and for AAA they are using radius. So for TPROXY , do i need to deploy squid box at bridge mode ? or do i deploy it as external device ( only forward web traffic from NAS to squid box) ? So please guide me for my above request.And also suggest your suggestions. Regards, Benjamin Fernandis
[squid-users] Re: configuration of Squid for high cache gain
Hi All, Any suggestion for this. Thanks, Benjamin On Tue, Jul 19, 2011 at 8:16 AM, benjamin fernandis benjo11...@gmail.com wrote: Hello Friends, We are going to deploy squid for getting high performance caching gain capability.Currently we are going to plan a demo for squid caching at one isp place. isp has 1500-2000 users. H/w specification: Quad Core Xeon 3.06 Ghz Processor 32 GB ram 2 TB sata hdd OS : CENTOS 6 Requirement: We need to deploy full tproxy squid feature and want to gain high cache performance.And we are trying squid for cache gain only. So please guide me that what are the perameters , i must have to look after to gain more caheing performance.And how much RAM i can assign to squid.This box is only for squid cache so there is no other processes occupy memory.And also suggest me other standard squid parameter , which i must need to tune for enhancing more caching. Current Setup : As per ISP: for bandwith mgmt., they are using commercial bandwith management devices as NAS and for AAA they are using radius. So for TPROXY , do i need to deploy squid box at bridge mode ? or do i deploy it as external device ( only forward web traffic from NAS to squid box) ? So please guide me for my above request.And also suggest your suggestions. Regards, Benjamin Fernandis
[squid-users] suggestions to configure squid for high performance cache
Hello Friends, We are going to deploy squid for getting high performance caching gain capability.Currently we are going to plan a demo for squid caching at one isp place. isp has 1500-2000 users. H/w specification: Quad Core Xeon 3.06 Ghz Processor 32 GB ram 2 TB sata hdd Requirement: We need to deploy full tproxy squid feature and want to gain high cache performance.And we are trying squid for cache gain only. So please guide me that what are the perameters , i must have to look after to gain more caheing performance.And how much RAM i can assign to squid.This box is only for squid cache so there is no other processes occupy memory.And also suggest me other standard squid parameter , which i must need to tune for enhancing more caching. Current Setup : As per ISP: for bandwith mgmt., they are using commercial bandwith management devices as NAS and for AAA they are using radius. So for TPROXY , do i need to deploy squid box at bridge mode ? or do i deploy it as external device ( only forward web traffic from NAS to squid box) ? So please guide me for my above request.And also suggest your suggestions. Regards, Benjamin Fernandis
[squid-users] data transfer restriction
Hi, I am using centos 5.6 with latest version.Now i want to configure bandwith restriction per ip and want to derive restriction for data transfer. Example , per ip want to set 2gb data transfer per month or 200Mb per day. Please guide me for that. Thanks, Benjamin
[squid-users] Your IP Address: INVALID IPV4 ADDRESS Located near: INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS (INVALID IPV4 ADDRESS
Hi, When i try to get http://www.dnsstuff.com/. i got above output on that site page. And when i enable forwarded_for option in squid.conf i can get my customer ip ( local / private ip) at that site.But instead of that i want my squid server public ip. Kindly guide me for that. I want to derive more punch to understand http header request and reply via squid and want to debug http header in good manner.So please guide me for that , is there any plugin / add on or any open source utility , from which i can see what header options are passing to remote server when i try to surf sites.because in some sites which shows ip and other information related it , from those sites i got my squid version and squid information. Currently I m runnig squid on my lan ip. Squid version: 3.1.8 OS : centos 5.5 Regards, Benajmin
Re: [squid-users] bandwith restriction
Hi, Is there any update me?It is urgent for me, please guide me to get idea of delay pool. Thanks, Benjamin Fernanind On Sun, Jun 19, 2011 at 6:55 PM, benjamin fernandis benjo11...@gmail.com wrote: Hi Amos, thanks your your response.Please share me any document for delay pool to understand it in exact manner as it works.I tried to find from internet but it is very confusing to me. As per squid document, there are class object in that they are using terms like aggregate , network and individual terms. What does that mean? What is the restore and max terms which used in delay_pool parameters? Please try to solve my doubts with any good practical example. Thanks, Benjamin
Re: [squid-users] bandwith restriction
Hi Amos, thanks your your response.Please share me any document for delay pool to understand it in exact manner as it works.I tried to find from internet but it is very confusing to me. As per squid document, there are class object in that they are using terms like aggregate , network and individual terms. What does that mean? What is the restore and max terms which used in delay_pool parameters? Please try to solve my doubts with any good practical example. Thanks, Benjamin
[squid-users] bandwith restriction
Hi, I want to use delay pool to limiting per host/ip in my network.We have 200 users in my organization.And i want to restrict them by each host/ip. please guide me for that. How to use delay pool for my requirement? Thanks, Benjo
Re: [squid-users] bandwith restriction
Hi Ragheb, Thanks for your quick response. == Take care banjo that for order for this to work all your client ips must hit the cache directly and not reach the cache through a nat rule otherwise your squid will see that all your web traffic is coming from one single ip and thus it will shape all your inner lan traffic as one ip and thus all your inner will be shaped to just 512kbps. = currently my squid 3.1 is running in transparent mode.and i used iptables rules to transfer port 80 traffic to port 3128(squid port).That is ok. Is there any change required with my existing setup to achieve delay pool facility. And yes i also added iptables postrouting masquerade rules for other traffic. Kindly suggest me with your assumption for the same. Thanks, Benjo
[squid-users] TPROXY
Hi Friends, I setup tproxy on rhel 5.5 with 2.36.2 kernel and iptables 1.4.9 with squid 3.1.8.rpm So please now suggest me how to i test my fully tproxxy setup. Thanks, Benjo
[squid-users] tproxy configuration
Hi, I want to deploy tproxy in my network .I m using rhel 5.5.Please provide me good document or configuration guide for getting good explanation.I m new to tproxy. And please suggest me for the same, means what are the caviates , kept in mind while using tproxy. Thanks, Benjo
[squid-users] Errors
Hi Friends, I m getting errors in cache.log file.. [r...@localhost.localdomain ~]# tail -f /var/log/squid/cache.log 2010/12/24 13:26:21| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 316: (92) Protocol not available 2010/12/24 13:26:21| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 272: (92) Protocol not available 2010/12/24 13:26:21| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 279: (92) Protocol not available 2010/12/24 13:26:22| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 60: (92) Protocol not available 2010/12/24 13:26:23| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 316: (92) Protocol not available 2010/12/24 13:26:23| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 256: (92) Protocol not available 2010/12/24 13:26:23| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 331: (92) Protocol not available 2010/12/24 13:26:23| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 46: (92) Protocol not available 2010/12/24 13:26:23| IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 150: (92) Protocol not available Please advice me for the same. Thanks, Benjo
[squid-users] tproxy
Dear Friends, I m new to squid.Please guide me about tproxy and transparent proxy.I see intercept and tproxy option in squd 3.1.9 version with http_port option in configuration file.Please guide me for the same and what r the difference between them. Both r working for transparent proxy and. As per my understanding , when we use intercept option with http_port then we do not need to configure client browser for proxy settings and squid ip will go to origin server behalf of client's request. And when we use tproxy option with http_port we do not need to configure client browser for proxy settings but client ip will forwarded to origin server as requestor.. please correct me if i m wrong... Because in my network we face issue with rapidshare , when my clients getting some downloading they get message that already downloading is started from this ip and clients face issues wiith rapidshare.. so please guide me for the same... Thanks Benjo
[squid-users] Queries regarding squid
Hi Friends, I setup squid 3.1 on RHEL 5.5.It is working fine.But when i check from client side whatipmyip.com i can get Your IP Address Is: (server public ip) Possible Proxy Detected: 1.1 cache.engine (squid)... Can u suggest me how they catch my squid info and proxy detection... And as per my deployment...i have a server which is working as squid cacheing ang gateway for my clients. Wan router Squid + gateway (server)- Switch--- Client machines And please guide me how to hide my proxy info from others Thanks, Benjo...
[squid-users] Cache performance
Dear Friends, I m going to use squid for cache purpose only.And i heard that for squid cache performance i have to use good RAM and HDD.I have 4gb RAM and 160 GB SATA HDD.And i have 200 users' network.So please suggest me the same.Means can i go with this H/W specification or is there any suggestionPlease friends, suggest me .And in this server i m using only squid for cache gainso also suggest me for RAM also. And one more thing, for better disk performace should i have to go with raid 0 or any other suggestion. And what are the main squid configuration parameter for cache gain? thanks, Benjo j.
[squid-users] Cache gain measurement
Hi Friends, Is there any tool or how to measure cache gain from squid...? Thanks, Benjo
[squid-users] Squid Help
Hi Friends, I installed Squid Cache: Version 3.1.8 on centos 5.5.And i configured basic setup in squid.After that when i do squid -k parse i m getting [r...@localhost ~]# squid -k parse 2010/12/04 15:08:52| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2010/12/04 15:08:52| Initializing https proxy context [r...@localhost ~]# What is the meaning of this message.? I m able to do squid service start and stop. Thanks, Benjo
[squid-users] Cache Gain
Hi Friends, I m going to setup squid for cache purpose only.I have 200 client machine in my network.And i want to use squid for caching purpose only.so please suggest me how much RAM and hard disk is ideal.And please suggest me what factors should i have to keep in mind when my purpose is cache gain...? I m using RHEL 5.5. Thanks, Benjamin
