yes i believe that it is true what you are saying. I really suspect the glitch is somewhere around the rule that redirects traffic to squid in transparent mode. But where, this is beyond my understanding at this point. I have not issues (either professional or personal) :)with non-transparent proxy mode but it is making life more difficult for just a few users who access some resources that require authentication at their end like some code repositories. Besides, running it transparently liberates you from hastle of configuring all different types of devices. We use quite a lot of smart phones / hand helds / pocket pcs at our office so it becomes a pain some times to set proxy on all of them. Introducing proxy has proved to be so beneficial in terms of speed & bandwidth savings that i don't want to give it up just for the sake of few problems. I'll keep working until i resolve them.
appologies for repeating but just confirm once more that my settings for redirecting traffic were correct. This is the first rule in rules file. After that i have rules for handling other types of traffic. ########################################### # REDIRECTING PORT 80 TRAFFIC TO SQUID ########################################### ACCEPT $FW net tcp 80 REDIRECT loc 4044 tcp 80 ########################################### This is my policy file #SOURCE DEST POLICY LOG LIMIT:BURST # #all all ACCEPT net fw ACCEPT fw net ACCEPT fw loc ACCEPT loc fw ACCEPT loc net REJECT net loc REJECT all all REJECT #LAST LINE -- DO NOT REMOVE Let me know if posting any thing file content will help anybody find any mistake i m making. Regards, -Asim. On Wed, Dec 16, 2009 at 9:10 PM, Tom Eastep <teas...@shorewall.net> wrote: > Asim Ahmed Khan wrote: > > thanks tom for your help. But i would like to mention the fact that i > > tried these rules on a single test computer first. There they worked > > fine or you can say i couldn't test as much as 100 users with all sorts > > of traffic needs can test! All problems started except a few after > > opening it for general users. In transparent proxy i had too many issues > > of net access braeking too often. But on non-transparent atleast for > > general users internet is working fine. > > That's interesting. From the point of view of system resources, > transparent and non-transparent are the same. Each connection which > fetches a non-cached page requires a second connection from the proxy > (squid) to the net. So if you were running out of conntrack entries (for > example) with transparent proxying, you should also run out with manual > proxying. In the absence of any limiting rules or traffic shaping (as in > your case), the Shorewall-configured firewall does exactly the same > thing for each connection of a given type. So issues that arise when > volume is increased are extremely unlikely to be associated with the > firewall configuration. > > I can't speak to any possible volume-related issues with squid because > the volume on my own site is so light. > > > > > I'll try to setup a test computer again and see if i can diagnose > > problem with transparent mode. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and > easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > -- Regards, Asim Ahmed Khan
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
