Re: [squid-users] This list generates a forward loop ...

[Amos Jeffries]

On 19/07/17 01:42, Walter H. wrote:


 (expanded from
 ): mail forwarding loop for
 squid-us...@squid-cache.org


Why?



You sent a mail to the address squid-users@squid-cache.*

The mailing list address is squid-users@lists.*


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] HDD/RAM Capacity vs store_avg_object_size

[bugreporter]

Hi,

FYI I had the same object (an image) duplicated x1000, x1, x3,
x6, x10, x13, x16 and finally x20. The real size of my
object was ~ 45 KB (48 KB for squid as in counts headers + fs structure I
guess).

The growth was almost linear and values I posted here is an average.

Kind Regards,  



-
Bug Reporter Contributor
OpenSource = Open-Minded
--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/HDD-RAM-Capacity-vs-store-avg-object-size-tp4683072p4683140.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...

[Amos Jeffries]

On 19/07/17 01:37, Walter H. wrote:

On Tue, July 18, 2017 15:28, Matus UHLAR - fantomas wrote:

On 18.07.17 14:29, Walter H. wrote:

-A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT



-A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j ACCEPT



-A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7



[17-Jul-2017; 19:49:13.590130] IP[IN]: IN=br0 OUT=
MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10
DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0


it's a RST packet, apparently for connection that was already closed and
thus is not ESTABLISHED,RELATED nor NEW

logging state INVALID could explain


how would I do this?



Add this line in your iptables config above the generic log ones:

 -A INPUT -i br0 -m state --state INVALID -j LOG --log-prefix "IP[IN] 
INVALID]: " --log-level 7


(If you are newbie with iptables or not having a major 'Doh!' moment 
reading the above config line, then I suggest you find some tutorials 
and read up about using netfilter / iptables some starters can be found 
at . You are likely to 
find out a lot of little tips and tricks that are useful way beyond this 
specific question and answers).



PS. This thread seems to have nothing to do with Squid. 
 would be a more 
appropriate place to seek this type of help in future.


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

[Amos Jeffries]

On 19/07/17 00:28, Antony Stone wrote:


Maybe you could also answer my questions:



In addition to those answers, please also post at least the http_port 
and https_port lines from your squid.conf.


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] HDD/RAM Capacity vs store_avg_object_size

[Alex Rousskov]

On 07/18/2017 12:32 PM, bugreporter wrote:
> Hi Alex & Amos. Below results:
> 
> On a x64 machine:
> v ~ 207 Bytes

For the record, sizeof(StoreEntry) + sizeof(LruNode) = 104 + 24 = 128
bytes (for Squid v5 on an x64 host).

If your results are correct, we cannot account for ~80 bytes, which is
~50 bytes too many to attribute to various index storage overheads IMO.
This is not important for you (you should use the numbers you got as
long as you trust them), but a developer should investigate where that
memory goes.


>> According to http://wiki.squid-cache.org/SquidFaq/SquidMemory:
>> We need 14 MB of memory per 1 GB on disk for 64-bit Squid


Assuming 13KB mean object size would give us another x64 data point:
v ~ 182


> On a x86 machine:
> v ~ 116


Alex.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] HDD/RAM Capacity vs store_avg_object_size

[bugreporter]

Hi Alex & Amos. Below results:

On a x64 machine:
v ~ 207 Bytes

On a x86 machine:
v ~ 116

Warm Regards,



-
Bug Reporter Contributor
OpenSource = Open-Minded
--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/HDD-RAM-Capacity-vs-store-avg-object-size-tp4683072p4683136.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] debugging ssl-bump

[Marcus Kool]

I am trying to debug ssl-bump and am looking specifically for decisions that 
Squid takes with regard to bumping, splicing and unsupported protocol.

The config file for Squid 4.0.21 has

debug_options ALL,1 33,9 83,9

http_port 10.10.10.1:3230ssl-bump ...

acl tls_is_skype ssl::server_name "/var/ufdbguard/blacklists/chat/skype/iplist"
acl tls_is_skype ssl::server_name .skype.com
acl tls_allowed_hsts ssl::server_name www.google.com
acl tls_urlfilterdb ssl::server_name www.urlfilterdb.com
acl tls_server_is_bank ssl::server_name .abnamro.nl
acl tls_server_is_bank ssl::server_name .abnamro.com
acl tls_to_splice any-of tls_allowed_hsts tls_urlfilterdb tls_server_is_bank 
tls_is_skype

ssl_bump splice tls_to_splice
ssl_bump stare  all
ssl_bump bump   all

on_unsupported_protocol tunnel all

But I fail to see in cache.log anything that gives a clue about
- squid decided to splice
- squid decided to bump
- squid decided to treat a connection as "unsupported protocol".

Are there other debug sections than 33 and 83 that need an increased debug 
level ?
what strings do I have to look for in cache.log to understand the above 
decisions that Squid takes ?

Thanks
Marcus
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] This list generates a forward loop ...

[Antony Stone]

On Tuesday 18 July 2017 at 14:42:21, Walter H. wrote:

> Hello,
> 
> On every post I get an error mail back

What's the difference between the posts which generate an error, and this one 
which got through?

Are you sending all from the same address, through the same mail server?


Antony.

-- 
"Once you have a panic, things tend to become rather undefined."

 - murble

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] This list generates a forward loop ...

[Walter H.]

Hello,

On every post I get an error mail back:


Subject:Undelivered Mail Returned to Sender
From:   "Mail Delivery System" 
Date:   Tue, July 18, 2017 15:36
To: ...
Priority:   Normal

This is the mail system at host lists.squid-cache.org.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

   The mail system

 (expanded from
): mail forwarding loop for
squid-us...@squid-cache.org


Why?

Thanks,
Walter

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...

[Walter H.]

On Tue, July 18, 2017 15:28, Matus UHLAR - fantomas wrote:
> On 18.07.17 14:29, Walter H. wrote:
>>-A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>
>>-A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j ACCEPT
>
>>-A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7
>
>>[17-Jul-2017; 19:49:13.590130] IP[IN]: IN=br0 OUT=
>>MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10
>>DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
>>SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0
>
> it's a RST packet, apparently for connection that was already closed and
> thus is not ESTABLISHED,RELATED nor NEW
>
> logging state INVALID could explain

how would I do this?

Thanks,
Walter


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...

[Matus UHLAR - fantomas]

On 18.07.17 14:29, Walter H. wrote:

-A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT



-A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j ACCEPT



-A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7



[17-Jul-2017; 19:49:13.590130] IP[IN]: IN=br0 OUT=
MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10
DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0


it's a RST packet, apparently for connection that was already closed and
thus is not ESTABLISHED,RELATED nor NEW

logging state INVALID could explain


by the way the router box has of course more interfaces
a br0 (LAN) and eth1 (WAN), where can I ensure that squid only listens to
the LAN IP?


here:

# Squid normally listens to port 3128
http_port 3128


see http://www.squid-cache.org/Doc/config/http_port/

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Problem with login to website by Squid web proxy 3.5.20 on Centos 7

[WP.PL]

Hi,
I have a problem to login to one website (http://intouch.techdata.com)
using Squid 3.5.20 on Centos 7 with default Squid configuration, which
is acting as web proxy (non-transparent) on 3128 port in my network:

--
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7   # RFC 4193 local private network range
acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged)
machines

acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320
--


In a FF browser with my Squid server settings I put correct password on
techdata website, but webpage redirect me to the same web form and
doesn't allow to login. The password is correct, because when I put
wrong password I got JavaScript alert from this website that password is
incorrect.

When I disable using Squid proxy in FF and use normal PAT connection via
my Juniper firewall everything works perfect on the same machine and I
can login to TechData website.
I Squid access.log I can see only this:

-
1500364995.497140 10.48.22.33 TCP_MISS/302 735 GET
http://intouch.techdata.com/intouch/Home.aspx? -
HIER_DIRECT/192.230.78.204 text/html
-

I suspect some problems with redirection on TechData website, but spend
hours in Internet to find solution, unfortunately without success
Maybe you can help me?

Regards,
iziz1

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...

[Antony Stone]

On Tuesday 18 July 2017 at 13:29:04, Walter H. wrote:

> Hello,
> 
> my Router Box runs a CentOS 6, with the EPEL squid34 RPM package
> 
> this the iptables
> 

Does the output of "iptables -L -nvx" match the ruleset you've quoted here?

I'm just wondering whether the rules have got loaded properly.


Antony.

-- 
Anyone that's normal doesn't really achieve much.

 - Mark Blair, Australian rocket engineer

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...

[Walter H.]

Hello,

my Router Box runs a CentOS 6, with the EPEL squid34 RPM package

this the iptables

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

# Allow multicast
-A INPUT -d 224.0.0.0/4 -j ACCEPT
-A OUTPUT -d 224.0.0.0/4 -j ACCEPT

# Allow anything on the local link
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

# Allow anything out on LAN
-A OUTPUT -o br0 -j ACCEPT
# Allow established, related packets back in
-A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Enable DHCP for LAN
-A INPUT -i br0 -m udp -p udp --sport 67:68 --dport 67:68 -j ACCEPT

# Enable DNS-Cache for LAN
-A INPUT -i br0 -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m udp -p udp --dport 53 -j ACCEPT

# Enable SSH from LAN
-A INPUT -i br0 -m tcp -p tcp --dport 22 -m state --state NEW -j ACCEPT

# Enable HTTP/HTTPS from LAN (some gui interface)
-A INPUT -i br0 -m tcp -p tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m tcp -p tcp --dport 443 -m state --state NEW -j ACCEPT

# Enable Squid-Proxy from LAN
-A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j ACCEPT

# Block STUN
-A FORWARD -i br0 -o eth1 -m udp -p udp --dport 3478 -j REJECT
# Block TEREDO
-A FORWARD -i br0 -o eth1 -m udp -p udp --dport 3544 -j REJECT

# Allow Forwarding to WAN interface
-A FORWARD -i br0 -o eth1 -j ACCEPT
# Allow established, related packets back through
-A FORWARD -i eth1 -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Only the lan is allowed to ping me without restriction
-A INPUT -i br0 -p icmp -j ACCEPT
# Else only pings with restricted icmp are allowed
-A INPUT -i eth1 -p icmp -m limit --limit 2/sec --limit-burst 4 -j ACCEPT

# Enable TRACEroute to me from LAN
-A INPUT -i br0 -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT
# Enable TRACEroute to me from internet
-A INPUT -i eth1 -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT

# Log all other
-A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7
-A FORWARD -j LOG  --log-prefix "IP[FWD]: " --log-level 7
-A OUTPUT -j LOG  --log-prefix "IP[OUT]: " --log-level 7

COMMIT


and these are logged entries:
(only partial, as they are many)


[17-Jul-2017; 19:49:13.590130] IP[IN]: IN=br0 OUT=
MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10
DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0
[17-Jul-2017; 19:49:13.590236] IP[IN]: IN=br0 OUT=
MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10
DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0
[18-Jul-2017; 13:02:19.162684] IP[IN]: IN=br0 OUT=
MAC=24:01:00:00:01:24:24:ff:ff:ff:ff:24:08:00 SRC=192.168.0.2
DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=28792 DF PROTO=TCP
SPT=1219 DPT=3128 WINDOW=65125 RES=0x00 ACK FIN URGP=0
[18-Jul-2017; 13:02:19.593099] IP[IN]: IN=br0 OUT=
MAC=24:01:00:00:01:24:24:ff:ff:ff:ff:24:08:00 SRC=192.168.0.2
DST=192.168.0.1 LEN=109 TOS=0x00 PREC=0x00 TTL=128 ID=28797 DF PROTO=TCP
SPT=1219 DPT=3128 WINDOW=65125 RES=0x00 ACK PSH FIN URGP=0


192.168.0.1  is the router itself
192.168.0.10  is a VM running another squid, using the router box as
parent proxy
192.168.0.2   is my windows box

why are these packets blocked?

by the way the router box has of course more interfaces
a br0 (LAN) and eth1 (WAN), where can I ensure that squid only listens to
the LAN IP?


acl localnet src 192.168.0.0/24

acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443# https
acl Safe_ports port 70# gopher
acl Safe_ports port 1025-65535# unregistered ports
acl CONNECT method CONNECT

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

http_access deny to_localhost

http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# and finally allow by default
http_reply_access allow all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 16400 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

acl crl-mime rep_mime_type application/x-pkcs7-crl
no_cache deny crl-mime

icon_directory /usr/share/squid/icons
error_directory /etc/squid/errors

logformat combined %>A %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined

refresh_pattern ^ftp:144020%10080
refresh_pattern ^gopher:14400%1440
refresh_pattern -i (/cgi-bin/|\?) 00%0
refresh_pattern .020%4320


Thanks,
Walter

___
squid-users mailing list
squid-users@lists.squid-cach

Re: [squid-users] Squid box for two networks

[Antony Stone]

On Tuesday 18 July 2017 at 13:09:31, Pablo Ruben Maldonado wrote:

> The iptables only follow configuration:
> 
> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129

Oh, you didn't say this was an intercepting proxy - that sort of thing does 
make a difference...

Maybe you could also answer my questions:

On Monday 17 July 2017 at 22:57:13, Antony Stone wrote:

> How is that new subnet connected to the Squid box?
> 
> Is it connected on a second network card in the Squid machine, or is it
> routed via a separate gateway connecting the two networks?

Given what you've now told us, that this machine is an intercepting proxy, 
please give us a network map - how are the following interconnected with each 
other:

 - the subnet 192.168.110.0/24
 - the subnet 192.168.115.0/24
 - the Squid server
 - the Internet-facing router

On Tuesday 18 July 2017 at 12:15:32, Antony Stone wrote:

> Can you SSH from a machine on 192.168.115.0/24 to the Squid server?
> 
> For that matter, can you ping it?
> 
> Does the Squid server have an appropriate route to get back to machines on
> 192.168.115.0/24?

If you can give us more information about your network and your Squid 
configuration, this may well make it easier for us to guess what is going on.


Antony.

-- 
Numerous psychological studies over the years have demonstrated that the 
majority of people genuinely believe they are not like the majority of people.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

[Pablo Ruben Maldonado]

The iptables only follow configuration:

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129

On Tue, Jul 18, 2017 at 8:11 AM, Matus UHLAR - fantomas 
wrote:

> On 17.07.17 17:31, Pablo Ruben Maldonado wrote:
>
>> Hello, I have a squid box 3.5 working without problems for the lan
>> 192.168.110.0/24 for several months. Now I want setup to another lan
>> 192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come
>> to
>> squid box. But in Squid's log I do not see anything. Can they give me some
>> tip?
>>
>
> local firewall on the squid box probably?
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Linux is like a teepee: no Windows, no Gates and an apache inside...
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

[Antony Stone]

On Tuesday 18 July 2017 at 12:11:58, Matus UHLAR - fantomas wrote:

> On 17.07.17 17:31, Pablo Ruben Maldonado wrote:
> >Hello, I have a squid box 3.5 working without problems for the lan
> >192.168.110.0/24 for several months. Now I want setup to another lan
> >192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come to
> >squid box. But in Squid's log I do not see anything. Can they give me some
> >tip?
> 
> local firewall on the squid box probably?

Can you SSH from a machine on 192.168.115.0/24 to the Squid server?

For that matter, can you ping it?

Does the Squid server have an appropriate route to get back to machines on 
192.168.115.0/24?


Antony.

-- 
This is not a rehearsal.
This is Real Life.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

[Matus UHLAR - fantomas]

On 17.07.17 17:31, Pablo Ruben Maldonado wrote:

Hello, I have a squid box 3.5 working without problems for the lan
192.168.110.0/24 for several months. Now I want setup to another lan
192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come to
squid box. But in Squid's log I do not see anything. Can they give me some
tip?


local firewall on the squid box probably?


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] HDD/RAM Capacity vs store_avg_object_size

[Amos Jeffries]

On 18/07/17 02:56, bugreporter wrote:

Thank you Amos,

OK so how can I accurately measure the memory usage?



I don't have an answer to that one sorry.

I personally just use the top values.

Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users