[squid-users] squid with multiple links
Hi all, I have a problem with having 2 links with different ISP, can you please help me? Premise: Presently I have a proxy with 2 NIC, NIC 0 to internel network and NIC 1 to ISP1. with this setup all is working fine. Problem: Now with the existing setup, I need to add Additional NIC, so the setup will be NIC 0 to internal network, NIC 1 to ISP1 and NIC 2 to ISP 2. Can you please help me on how can I implement this setup with load balancing and fail over via squid proxy? By the way I using Fedora Core 2 64 bit, runing on Dell 2850 dual 3.2 Ghz processor and with 6 GB of memory. both ISP is serving 1Mb of bandwidth. Thanks, wennie
[squid-users] Problem with squid 2.5 S10
trying to resolve some problem I have with nltm Auth and disk access, I decide to upgrade to the lastets (almost) squid 2.5 stable release) I take the version: 2005/07/07 09:14:26| Starting Squid Cache version 2.5.STABLE10-20050706 for sparc-sun-solaris2.8... but know here is my log: 2005/07/07 09:14:39| storeLateRelease: released 0 objects 2005/07/07 09:19:05| storeDiskdSend: msgsnd: (11) Resource temporarily unavailable 2005/07/07 09:19:05| storeDiskdSend OPEN: (11) Resource temporarily unavailable 2005/07/07 09:19:06| ctx: enter level 0: 'http://www.edicom.ch/' 2005/07/07 09:19:06| storeDiskdSend: msgsnd: (11) Resource temporarily unavailable 2005/07/07 09:19:06| storeDiskdSend UNLINK: (11) Resource temporarily unavailable 2005/07/07 09:19:06| ctx: exit level 0 . . . 2005/07/07 09:19:07| storeDiskdSend OPEN: (11) Resource temporarily unavailable 2005/07/07 09:19:07| storeDiskdSend: msgsnd: (11) Resource temporarily unavailable 2005/07/07 09:19:07| storeDiskdSend OPEN: (11) Resource temporarily unavailable 2005/07/07 09:19:07| storeDiskdSend: msgsnd: (11) Resource temporarily unavailable 2005/07/07 09:19:07| storeDiskdSend OPEN: (11) Resource temporarily unavailable 2005/07/07 09:19:07| storeDiskdSend: msgsnd: (11) Resource temporarily unavailable 2005/07/07 09:19:07| storeDiskdSend OPEN: (11) Resource temporarily unavailable 2005/07/07 09:19:07| ctx: enter level 0: 'http://ad.ch.doubleclick.net/viewad/817-grey.gif' 2005/07/07 09:19:07| storeDiskdSend: msgsnd: (11) Resource temporarily unavailable 2005/07/07 09:19:07| storeDiskdSend UNLINK: (11) Resource temporarily unavailable 2005/07/07 09:19:07| ctx: exit level 0 Any clue why how to fix it ? (the last time I had that the server crash after a while) thanks for any input. Arno Streuli ** DISCLAIMER - E-MAIL --- The information contained in this E-Mail is intended for the named recipient(s). It may contain certain privileged and confidential information, or information which is otherwise protected from disclosure. If you are not the intended recipient, you must not copy,distribute or take any action in reliance on this information **
Re: [squid-users] squid with multiple links
* Wennie V. Lagmay <[EMAIL PROTECTED]> [20050707 10:17]: wrote: > Hi all, > > I have a problem with having 2 links with different ISP, can you please help > me? > > Premise: > Presently I have a proxy with 2 NIC, NIC 0 to internel network and NIC 1 > to ISP1. with this setup all is working fine. > > Problem: > Now with the existing setup, I need to add Additional NIC, so the setup > will be NIC 0 to internal network, NIC 1 to ISP1 and NIC 2 to ISP 2. > > Can you please help me on how can I implement this setup with load balancing > and fail over via squid proxy? By the way I using Fedora Core 2 64 bit, > runing on Dell 2850 dual 3.2 Ghz processor and with 6 GB of memory. both ISP > is serving 1Mb of bandwidth. This, apparently, is not a squid question. It's a question for another list that deals with networking and load balancing. Squid will be happy to hum along as long as your network layer is up and running. -Wash http://www.netmeister.org/news/learn2quote.html -- +==+ |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ In Seattle, Washington, it is illegal to carry a concealed weapon that is over six feet in length.
Re: [squid-users] Problem with squid 2.5 S10
Are you not the one who was being addressed in the following thread? http://www.squid-cache.org/mail-archive/squid-users/200408/0465.html * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [20050707 10:25]: wrote: > trying to resolve some problem I have with nltm Auth and disk access, I > decide to upgrade to the lastets (almost) squid 2.5 stable release) I take > the version: > 2005/07/07 09:14:26| Starting Squid Cache version 2.5.STABLE10-20050706 for > sparc-sun-solaris2.8... > > but know here is my log: > > 2005/07/07 09:14:39| storeLateRelease: released 0 objects > 2005/07/07 09:19:05| storeDiskdSend: msgsnd: (11) Resource temporarily > unavailable > 2005/07/07 09:19:05| storeDiskdSend OPEN: (11) Resource temporarily > unavailable > 2005/07/07 09:19:06| ctx: enter level 0: 'http://www.edicom.ch/' > 2005/07/07 09:19:06| storeDiskdSend: msgsnd: (11) Resource temporarily > unavailable > 2005/07/07 09:19:06| storeDiskdSend UNLINK: (11) Resource temporarily > unavailable > 2005/07/07 09:19:06| ctx: exit level 0 > .. > .. > .. > 2005/07/07 09:19:07| storeDiskdSend OPEN: (11) Resource temporarily > unavailable > 2005/07/07 09:19:07| storeDiskdSend: msgsnd: (11) Resource temporarily > unavailable > 2005/07/07 09:19:07| storeDiskdSend OPEN: (11) Resource temporarily > unavailable > 2005/07/07 09:19:07| storeDiskdSend: msgsnd: (11) Resource temporarily > unavailable > 2005/07/07 09:19:07| storeDiskdSend OPEN: (11) Resource temporarily > unavailable > 2005/07/07 09:19:07| storeDiskdSend: msgsnd: (11) Resource temporarily > unavailable > 2005/07/07 09:19:07| storeDiskdSend OPEN: (11) Resource temporarily > unavailable > 2005/07/07 09:19:07| ctx: enter level 0: > 'http://ad.ch.doubleclick.net/viewad/817-grey.gif' > 2005/07/07 09:19:07| storeDiskdSend: msgsnd: (11) Resource temporarily > unavailable > 2005/07/07 09:19:07| storeDiskdSend UNLINK: (11) Resource temporarily > unavailable > 2005/07/07 09:19:07| ctx: exit level 0 > > > Any clue why how to fix it ? (the last time I had that the server crash > after a while) > > thanks for any input. > > Arno Streuli > > > ** > DISCLAIMER - E-MAIL > --- > The information contained in this E-Mail is intended for the named > recipient(s). It may contain certain privileged and confidential > information, or information which is otherwise protected from > disclosure. If you are not the intended recipient, you must not > copy,distribute or take any action in reliance on this information > ** -Wash http://www.netmeister.org/news/learn2quote.html -- +==+ |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ In any formula, constants (especially those obtained from handbooks) are to be treated as variables.
Re: [squid-users] Problem with squid 2.5 S10
hmm can be. I'm gona check that option ! Arno Streuli ** DISCLAIMER - E-MAIL --- The information contained in this E-Mail is intended for the named recipient(s). It may contain certain privileged and confidential information, or information which is otherwise protected from disclosure. If you are not the intended recipient, you must not copy,distribute or take any action in reliance on this information **
Re: [squid-users] squid with multiple links
> This, apparently, is not a squid question. It's a question for another > list that deals with networking and load balancing. Squid will be happy > to hum along as long as your network layer is up and running If for example I was able to create a routing to ISP's simoultaneously, (with advance routing) do I need to configure squid to take advantage of the two links? Thanks, Wennie
[squid-users] Load balancing between 3 squid
Hi guys I'm using squid as cache server , How i can load balance the http traffic between this 3 cache server with round robin algorithm, Supposing that i,ve route http request from cisco router to these cache server,any solution please , I've implement some solution ,such as load balancer on linux,using some software from surceforge,but is not very stable, Can you give some solution, Regards Abbas Salehi
Re: [squid-users] Regarding Squid+Ldap
On Thu, 7 Jul 2005, D & E Radel wrote: The easiest way to solve is to run the squid_ldap_auth program from commandline and see the results. Various things can cause it to fail, such as passwords with an ! in it, etc. Passwords with an ! should work fine. Even usernames with an ! shold work since 2.5.STABLE6 (squid-2.5.STABLE5-ldap.patch). Regards Henrik
[squid-users] Problem with "no_cache"-option
Hallo, this is my first posting, so "hi @ all". System is a SuSE8.1 with squid-2.4.STABLE7-288. I don' t want pdf-Documents to be cached, so i put ### acl pdf urlpath_regex .pdf$ no_cache deny pdf ### in squid.conf. As that didn' t work, i used ### acl Morning time 08:00-11:00 no_cache deny Morning ### for testing-purposes, which is copied from the Squid-FAQ (http://www.squid-cache.org/Doc/FAQ/FAQ-7.html#ss7.8). But still i get "TCP_HIT"' s in the access.log. Any hints would be appreciated. Have a nice day.. Sören Anderson
Re: [squid-users] squid with multiple links
* Wennie V. Lagmay <[EMAIL PROTECTED]> [20050707 10:50]: wrote: > > This, apparently, is not a squid question. It's a question for another > > list that deals with networking and load balancing. Squid will be happy > > to hum along as long as your network layer is up and running > > If for example I was able to create a routing to ISP's simoultaneously, > (with advance routing) do I need to configure squid to take advantage of the > two links? To take advantage of the two links as in?? Squid runs on top of tcp, so it will really not know anything to do with the network layer setup. As long as your routers do what they are meant to do, I am sure squid will work. You cannot do the 'multiplexing' within the Squid itself. That's what I think. Best regards, Odhiambo Washington Systems Admin, Wananchi Online Ltd. Are you hosting your domain name with the leaders??: See http://webhosting.info/webhosts/tophosts/Country/KE DISCLAIMER : http://ns2.wananchi.com/~wash/Email/disclaimer.txt --+- Odhiambo WASHINGTON. WANANCHI ONLINE LTD (Nairobi, KE) http://www.wananchi.com/email/ . 1ere Etage, Loita Hse, Loita St., Mobile: (+254) 722 743 223 . # 10286, 00100 NAIROBI --+- Junk mail is war. RFCs do not apply. --Wietse Venema
Re: [squid-users] Re: Hide squid cache server IP
Yup.. thanks a lot Abu And one more thing i only use single interface in the squid box, and using public ip. All the clients are using public ip address too. But is there any other way beside mapping the ip address one by one in the nat configuration ? What I need is the destination web server only know the real public ip of the client rather than squid's ip. Which maybe this is the reverse than other people need by anonymyzing their ip address through squid proxy. regards' -rd- Abu Khaled wrote: > On 7/6/05, Joost de Heer <[EMAIL PROTECTED]> wrote: > >>>I just wondering if it is possible to hide ip address >>>from my squid box to destination server. Because I see >>>that some sites are limiting their traffic for certain ip address. >> >>How do you expect the destination server to send back TCP packages if you >>hide the IP address? >> >>Joost >> >> > > > I think what he wants to do is to masquerade the requests from the > squid proxy server IP to the client's IPs. > There is a patch for the Linux Kernel (tproxy) but I do not use Linux. > Following advise form Henrik Nordström, I used tcp_outgoing_address > and NAT to masquerade the requests. > > client IP -> squid -> squid sets tcp_outgoing_address to private IP > NAT masquerades private IP to client IP -> internet > > here is how it worked for a friend of mine. > > NAT must use bidirectional mapping (1:1 mapping) > eg: client 1 public IP 1.2.3.1 bimaped to private IP 10.0.0.1 > NAT must be done on the external interface (the one connecting squid > to the gateway/router) > > We used FreeBSD and tested IPFILTER/IPNAT > example ipnat.conf > bimap $ext_if from 10.0.0.1/32 to 0.0.0.0/0 port = 80 -> 1.2.3.1/32 > bimap $ext_if from 10.0.0.2/32 to 0.0.0.0/0 port = 80 -> 1.2.3.2/32 > bimap $ext_if from 10.0.0.3/32 to 0.0.0.0/0 port = 80 -> 1.2.3.3/32 > - > Used the loopback interface to create the aliases for private IPs. > The alias netmask must be set to 255.255.255.255 to avoid conflicts > exampe: > ifconfig lo0 inet 10.0.0.1 netmask 0x alias > ifconfig lo0 inet 10.0.0.2 netmask 0x alias > ifconfig lo0 inet 10.0.0.3 netmask 0x alias > - > edit squid.conf and > # to hide the proxy connection > header_access Via deny all > header_access X-Forwarded-For deny all > > # insert acl for each client > acl Client1 src 1.2.3.1 > acl Client2 src 1.2.3.2 > acl Client3 src 1.2.3.3 > > # set tcp_outgoing_address to private IP for each Client > tcp_outgoing_address 10.0.0.1 Cleint1 > tcp_outgoing_address 10.0.0.2 Cleint2 > tcp_outgoing_address 10.0.0.3 Cleint3 > - > > I hope this helps !!! >
[squid-users] blocking bad( Arabic) words
I tried blocking bad( Arabic) words using Url_regex command , but it seeams that it doesnt support unicode letters. please tel me how to solve this problem. best regards __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[squid-users] I want NO login dialog when a user is unauthenticated (if its possible..)
Hello! I run a squid/2.5.STABLE10 in a 1000 user enviroment on a SUSE SLES9 server with Samba 3.0.9 configured for MS AD. Everything works just fine with the group authenication against MS AD. But my problem is that when users without Internet Access Try to access the internet the login dialog appears, and its like a closed door to a cat - they are trying other peoples accounts, and lock them out. So my question is.. Are there any way to disable the login dialog for users with no internet access?? Here is my squid.conf: http_port 10.52.5.201:8080 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY log_fqdn on client_netmask 255.255.255.255 dns_nameservers 10.52.17.201 10.52.17.202 auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=S-1-5-21-1187005629-1892371507-1230779191-4288 auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=S-1-5-21-1187005629-1892371507-1230779191-4288 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 #* acl InternetAccess proxy_auth REQUIRED #* acl special_url url_regex -i "/usr/local/squid/etc/open_sites.txt" #* http_access allow special_url http_access allow InternetAccess #* acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object HTTP acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 acl Safe_ports port 2001 acl Safe_ports port 3001 acl Safe_ports port 21 acl Safe_ports port 443 563 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
[squid-users] By pass an secondary proxy
I have a squid proxy and this proxy communicate with another squid proxy. But I don't want to use this second proxy for an URL but only the primary proxy. Is It possible ? Thank you. -- --- Arnaud Duhamel - SOLINUX [EMAIL PROTECTED] http://www.solinux.fr 44, rue Saint Fursy 80200 Péronne Tél : 03.22.84.04.07 GSM : 06.67.52.60.02 Fax : 03.22.84.00.73
[squid-users] WARNING: Disk space over limit:
Hi, I have a squid 2.5/STABLE 9 installed and I am getting the following messages in the cache.log: WARNING: Disk space over limit: 1536004 KB > 1536000 KB The cache_dir in squid.conf is configured like the line below: cache_dir ufs /usr/local/squid/var/spool 1500 128 512 The filesystem where the cache dir is located have 519M free. What can be the cause of this problem ? Thanks, Fabio Baptista - Esta mensagem pode conter informação confidencial e/ou privilegiada. Caso não seja o destinatário pedimos a gentileza que apague-a imediatamente. A leitura, exame, retransmissão, divulgação, distribuição, cópia ou outro uso desta mensagem por pessoas ou entidades que não sejam o destinatário, constitui obtenção de informação por meio ilícito e configura crime previsto na legislação brasileira. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, please delete the message immediately. The reading, examination, forwarding, disclosuring, distribution, copy or another use of this message for people or entities that are not the addressee, constitute information attainment of illicit way and configure crime foresen in the Brazilian legislation. --
RE: [squid-users] By pass an secondary proxy
you want something like this? acl bypassupstream url_regex -i "/usr/local/squid/etc/acls/bypass" cache_peer_access 1.2.3.4 deny bypassupstream obviously, 1.2.3.4 should be the ip of your upstream proxy. and the file 'bypass' contains entries you want to not upstream, e.g. .yahoo.com hth john --- On Thu 07/07, Arnaud DUHAMEL - SOLINUX < [EMAIL PROTECTED] > wrote: From: Arnaud DUHAMEL - SOLINUX [mailto: [EMAIL PROTECTED] To: squid-users@squid-cache.org Date: Thu, 07 Jul 2005 16:04:08 +0200 Subject: [squid-users] By pass an secondary proxy I have a squid proxy and this proxy communicate with another squid proxy.But I don't want to use this second proxy for an URL but only the primary proxy.Is It possible ?Thank you.-- ---Arnaud Duhamel - SOLINUX[EMAIL PROTECTED]http://www.solinux.fr44, rue Saint Fursy80200 PéronneTél : 03.22.84.04.07GSM : 06.67.52.60.02Fax : 03.22.84.00.73 ___ Join Excite! - http://www.excite.com The most personalized portal on the Web!
Re: [squid-users] access list
Hi abu, The idea is that the teams alone " pmaticos " can consent to some internal places, belonging to the domain aza.cl, without damage that all the other ones scheme they can continue usually navigating, > > acl pmaticos src 120.1.1.54/255.255.255.255 > > acl aza dstdomain aza.cl > > acl all src 0.0.0.0/0.0.0.0 > > http_access allow pmaticos aza > > http_access deny all the rules that i had were bad because they refused everything, I proved this configuration but it doesn't provide effect, since it doesn't link the 2 rules but rather it evaluates them individually > > acl pmaticos src 120.1.1.54/255.255.255.255 > > acl aza dstdomain aza.cl > > http_access allow pmaticos aza do I have a list of blocked places, another list of blocked teams, does some configuration exist to have associations team-place? 1.1.1.1/30 www.aza.cl 1.1.1.2/28 www.google.cl etc. thanks --- Abu Khaled <[EMAIL PROTECTED]> escribió: > On 7/7/05, Eganya Alfredo <[EMAIL PROTECTED]> > wrote: > > Hello, > > it´s my first post :D > > > > i´m trying to allow access from a machine to a > > specific destination, without block all another > > trafic, here is my configuration > > > > acl pmaticos src 120.1.1.54/255.255.255.255 > > acl aza dstdomain aza.cl > > acl all src 0.0.0.0/0.0.0.0 > > http_access allow pmaticos aza > > http_access deny all > > > > I am not sure what you want to do but let me try !!! > according to you ACLs > 1. user pmaticos can only access the domain aza.cl > 2. all other requests are denied. > > The Question now is what do you want to do ? > > * user pmaticos can access the domain aza.cl > * all other denied access to aza.cl > * allow access for remaining requests > > acl pmaticos src 120.1.1.54/255.255.255.255 > acl aza dstdomain aza.cl > acl all src 0.0.0.0/0.0.0.0 > http_access allow pmaticos > http_access allow all !aza > http_access deny all > > Can you provide more information? > Like who should access what ! > > -- > Regards. > Abu Khaled > by Eganyaeganya arroba asertiva punto cl __ Renovamos el Correo Yahoo! 1GB de capacidad, nuevos servicios y más seguridad http://correo.yahoo.es
Re: [squid-users] Load balancing between 3 squid
On 07.07 00:41, Abbas Salehi wrote: > I'm using squid as cache server , > How i can load balance the http traffic between this 3 cache server with > round robin algorithm, do you use 1 or 3 cache servers? > Supposing that i,ve route http request from cisco router to these cache > server,any solution please , just as normal, unless you want to use SLB... then you can look at this thread: http://www.squid-cache.org/mail-archive/squid-users/200506/0662.html > I've implement some solution ,such as load balancer on linux,using some > software from surceforge,but is not very stable, -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.
[squid-users] squid on openbsd
Hi, i'm just wondering anyone running production cache server on openbsd, before going for openbsd I just want to hear recommendations from you gurus. Does it perform cool on loaded servers "# of users" , better then linux 2.6.x ? Openbsd is the most secure OS, and I want to kick ass it for squid. regards Askar
[squid-users] Re-reding /etc/hosts file with -k
Hi Squid-users, my question is more to the dev list but I'm not a Squid
developer so its better not disturb then.
In my setup I need to be able to send a signal to Squid to force it to
read /etc/hosts again. I need it because I have a PPPoE concentrator and
the hosts file is updated each time a new user connects or disconnects.
I couldn't find a way to enable this behavior so I decided to mess with
the code a little and this is where I need a helping hand.
Looking arround I found the function idnsInit() that looks promissing. I
added something like this to src/main.c
static void mainResetDNS(void);
...
static void
mainResetDNS(void)
{
idnsInit();
}
...
At mainInitialize()
...
squid_signal(SIGRTMIN, mainResetDNS, SA_NODEFER);
...
and to get a command line option to send the signal I made something
like this:
...
case 'k':
if ((int) strlen(optarg) < 1)
usage();
if (!strncmp(optarg, "dns", strlen(optarg)))
opt_send_signal = SIGRTMIN;
else if (!strncmp(optarg, "reconfigure", strlen(optarg)))
opt_send_signal = SIGHUP;
...
Compilation happens with no probs and when I run "squid -k dns" it
re-reads the hosts file but it kills childs too. Killing child
proccesess stop all active transfers and this is something that cannot
happen.
Can anybody help me find the right function(s) to call so it re-reads
the hosts file?
Thanks for the attetion...
--
Andre D. Correa, CISSP
andre.correa (at) pobox.com
http://andre.hiperlinks.com.br
Sao Paulo / SP / Brazil
--
RE: [squid-users] Peer Caches between Squid 2.5.STABLE9 and 2.4STABLE7 giving trouble
> -Original Message- > From: Babs [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 05, 2005 9:41 PM > To: squid-users@squid-cache.org > Subject: [squid-users] Peer Caches between Squid 2.5.STABLE9 and > 2.4STABLE7 giving trouble > > > Hi all, > I got a parent cache running 2.4STABLE7 on RH8.0. I am > making a sibling cache for it on FC4 with Squid > 2.5.STABLE9. I have used the cache_peer directive in > the sibling squid.conf to access the net through > parent proxy, but I am getting request timeouts when I > browse through the sibling proxy. This is puzzling me > bcoz I got another sibling running FC3 with squid > 2.5.STABLE8 and it is working without any problem.(btw > this FC3 box is going to be replaced with a better > hardware).I have checked everything to make sure I > didnt configured anything wrong. > > the cache_peer directive on the working FC3 sibling as > follows > > cache_peer 172.16.5.2 parent 3128 0 no_query > default Are you sure that's what is actually there (no_query)? See below. > > This is working perfectly fine > > my cache_peer directive on the new FC4 sibling as > follows > cache_peer 172.16.5.2 parent 3128 0 default > > and this is giving me timeouts > The FC4 box is trying to use ICP queries on port 0, not getting a response and returning time out errors. > Btw when I configured the new FC4 box with the > "cache_peer 172.16.5.2 parent 3128 0 no_query > default" statement this gave me error and squid > refused to start until I removed the "no_query" > statement out of it. That is likely because the directive you want is no-query (notice the hyphen instead of the underscore). > > Someone pls tell me what may be went wrong , why this > problem is happening > > Thanx a lot Hope that helps, Chris
RE: [squid-users] 9001 port
> - Original Message - > From: "Marcello Farias" <[EMAIL PROTECTED]> > To: "Squid users" > Sent: Wednesday, July 06, 2005 5:47 PM > Subject: [squid-users] 9001 port > > > Mail IMPASAHi there > Excuse my english, > I need help with my squid.conf configuration > I´m using squid Version 2.4.STABLE6 > I want to know how to allow users to use 9001 port . > Everything is fine all is working with proxy_auth authenticating to an > active directory domain, except trought 9001 > Can someone advise me about any other way to do this without use IPTABLE. > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl SSL_ports port 443 563 > acl Safe_ports port 9001 # what´s up ? > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > Anyway, can I submit spanish post here ? > > thanks a lot > > Marcelo > Are you trying to use squid to connect to a service on port 9001, or are you trying to get squid to listen for proxy connections on port 9001? What kind of error is occurring (browser timeout, squid error, etc)? Chris
RE: [squid-users] What is decent/good squid performance and architecture
> -Original Message- > From: Jos Houtman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 06, 2005 8:09 AM > To: Robert Borkowski > Cc: squid-users@squid-cache.org > Subject: Re: [squid-users] What is decent/good squid performance and > architecture > > >> That's better, though with such a large growth rate you will need to >> anticipate network bottlenecks far ahead, and be ready to switch to >> gigabit on the squids or grow the number of squids, whichever one is >> cheaper. Set up MRTG or something equivalent to keep an eye on this. >> Squid has a built in SNMP server that can produce some useful graphs >> though MRTG. > > i was just trying to produce graphs using squidclient. but i will try > snmp tomorrow :). > >>> i think that loadbalancing is based on source ip, instead of url. >>> so carp wouldnt be an option. >>> Is that the same CARP I was looking at? >>> http://squid-docs.sourceforge.net/latest/html/x2398.html >> > obviously not, i googled from carp load balacing and it came up with a > loadbalancer solutions for BSD. Using ICP queries will likely work fine in your current situation, but if you can put CARP in use (I'm not sure if LVS supports it), it might give better results (less overlap between caches). A bit of poking for LVS and CARP turns up http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.L7_switch.html#id2949641, which suggests using multicast ICP on separate NICs. *shrug* > >>> > If you have a load balancer with packet inspection capabilities you > can also direct traffic that way. On F5 BigIPs the facility is > called iRules. I'm pretty sure NetScaler can do that too. > That is the kinda solution iam looking for, but then without the cost we are pretty new company without the money to buy expensive solutions. so we prefer open source solutions. another point: what is your experience with ext2/3 reiserfs? our ext3 partitions tend to get corrupted, when used for squid caches or simular purposes. i tend to change things to reiserfs entirely, but its just a guess. does anyone have the same experience? >>> >>> >>> Read the flames on the LKML about ReiserFS and decide if it's stable >>> for production use ;-) >>> >>> I've got six squids handling a similar traffic load to what you >>> describe (though on a smaller working set) on ext3 with no corruption >>> issues. >>> No corruption issues on any other server using ext3 either. Looks >>> like you have a serious issue to fix there. >> > LKLM? i havent been around for long, so please forgive my lack of > vocabulair :P > hmm, its strange it only happens on partitions with large directory's > with alot of small files in it. > strange, worth a closer look in the future LKML = Linux Kernel Mailing List. Some say Reiser is unreliable, and ext3 is the only sane choice. Others blame their troubles on ext3 and claim that Reiser is the best. I only have experience with ext3, so I can't take sides. OTOH, none of my experience has been bad. Chris
Re: [squid-users] 9001 port
Are you trying to use squid to connect to a service on port 9001, or are you trying to get squid to listen for proxy connections on port 9001? What kind of error is occurring (browser timeout, squid error, etc)? Chris I am trying to connect to a secure Web service on port 9001 throught squid, but when i get the site i have errors in the page Maybe is something that should not be cached securely transmited documents ? Marcello
RE: [squid-users] 9001 port
> -Original Message- > From: Marcelo Farias [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 07, 2005 1:54 PM > To: Squid users > Subject: Re: [squid-users] 9001 port > > > >> Are you trying to use squid to connect to a service on port 9001, or are you >> trying to get squid to listen for proxy connections on port 9001? What kind >> of error is occurring (browser timeout, squid error, etc)? >> >> Chris > > I am trying to connect to a secure Web service on port 9001 throught squid, > but when i get the site i have errors in the page > Maybe is something that should not be cached > securely transmited documents ? > > > Marcello # Adjust and add this to your squid.conf acl port9001 port 9001 acl SomeSite dst secure.site.example http_access allow CONNECT port9001 SomeSite # Addition ends here That setup will allow CONNECT requests (which SSL uses) to port 9001 of secure.site.example. Less secure, but more flexible would be to add port 9001 to the list of SSL ports in the squid.conf. Chris
RE: [squid-users] How ti confirm if cache_peering is working between siblings?
> -Original Message- > From: Zia-ul-Hassan Zia [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 06, 2005 8:52 PM > To: squid-users@squid-cache.org > Cc: Chris Robertson > Subject: [squid-users] How ti confirm if cache_peering is working > between siblings? > > > Hi Guys, > How can I test if cache peering is working between three sdquid proxies.The > configuration for peering on three sibling squid proxies is as follows > > on sproxy1 > - > cache_peer sproxy2.example.com sibling 8080 3130 proxy-only > cache_peer sproxy3.example.com sibling 8080 3130 proxy-only > icp_access allow sproxy2.example.com > icp_access allow sproxy3.example.com > icp_access deny all > > on sproxy2 > - > cache_peer sproxy1.example.com sibling 8080 3130 proxy-only > cache_peer sproxy3.example.com sibling 8080 3130 proxy-only > icp_access allow sproxy1.example.com > icp_access allow sproxy3.example.com > icp_access deny all > > on sproxy3 > - > cache_peer sproxy1.example.com sibling 8080 3130 proxy-only > cache_peer sproxy2.example.com sibling 8080 3130 proxy-only > icp_access allow sproxy1.example.com > icp_access allow sproxy2.example.com > icp_access deny all > > > Note that these are RedHat Linux boxes running Squid-2.5-STABLE5.Can some > please advise what is the best way to confirm if peering is working between > siblings?I tried to run > tcpdump src 3130 > on either of three proxies, but got no output. > > TIA, > > Zia-ul-Hassan Zia > RMIT Infrastructure Services > UNIX Systems > Tel: 992 51964 Try "tcpdump src port 3130". Chris
RE: [squid-users] I want NO login dialog when a user is unauthenticated (if its possible..)
> -Original Message- > From: Matte Nilsson [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 07, 2005 5:30 AM > To: squid-users@squid-cache.org > Cc: [EMAIL PROTECTED] > Subject: [squid-users] I want NO login dialog when a user is > unauthenticated (if its possible..) > > > Hello! > > I run a squid/2.5.STABLE10 in a 1000 user enviroment on a SUSE SLES9 server > with Samba 3.0.9 configured for MS AD. > > Everything works just fine with the group authenication against MS AD. But > my problem is that when users without Internet Access Try to access the > internet the login dialog appears, and its like a closed door to a cat - > they are trying other peoples accounts, and lock them out. > > So my question is.. Are there any way to disable the login dialog for users > with no internet access?? > Here is my squid.conf: > > > http_port 10.52.5.201:8080 > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > log_fqdn on > client_netmask 255.255.255.255 > dns_nameservers 10.52.17.201 10.52.17.202 > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > --require-membership-of=S-1-5-21-1187005629-1892371507-1230779191-4288 > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > --require-membership-of=S-1-5-21-1187005629-1892371507-1230779191-4288 > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > > #* > acl InternetAccess proxy_auth REQUIRED > #* > acl special_url url_regex -i "/usr/local/squid/etc/open_sites.txt" > #* > http_access allow special_url > http_access allow InternetAccess > #* > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object HTTP > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 > acl Safe_ports port 2001 > acl Safe_ports port 3001 > acl Safe_ports port 21 > acl Safe_ports port 443 563 > acl Safe_ports port 70 > acl Safe_ports port 210 > acl Safe_ports port 1025-65535 > acl Safe_ports port 280 > acl Safe_ports port 488 > acl Safe_ports port 591 > acl Safe_ports port 777 > acl CONNECT method CONNECT Remove the "auth_param basic" lines. No more authentication pop-up. Otherwise, prevent the workstations that people without internet access use from accessing the proxy at all. Third option, use wbinfo_group.pl to separate those that have internet access from those that don't. A setup guide of unknown accuracy is available at http://www.flatmtn.com/computer/Linux-SquidNT.html#Squid-4 Chris
RE: [squid-users] WARNING: Disk space over limit:
> -Original Message- > From: Fabio Gomes Baptista [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 07, 2005 6:41 AM > To: Squid Mailing List (squid-users@squid-cache.org) > Subject: [squid-users] WARNING: Disk space over limit: > > > Hi, > > I have a squid 2.5/STABLE 9 installed and I am getting the following > messages in the cache.log: > > WARNING: Disk space over limit: 1536004 KB > 1536000 KB > > The cache_dir in squid.conf is configured like the line below: > > cache_dir ufs /usr/local/squid/var/spool 1500 128 512 > > The filesystem where the cache dir is located have 519M free. > > What can be the cause of this problem ? > > Thanks, > > Fabio Baptista Two possibilities I can think of: 1) http://www.squid-cache.org/mail-archive/squid-users/200306/0334.html 2) You've changed the default for caceh_swap_high. Something big was downloaded (and cached) that put the cache over limit. Objects should be purged to clear space. Chris
RE: [squid-users] Re-reding /etc/hosts file with -k
> -Original Message-
> From: Andre D. Correa [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 07, 2005 11:21 AM
> To: squid-users@squid-cache.org; [EMAIL PROTECTED]
> Subject: [squid-users] Re-reding /etc/hosts file with -k
>
>
>
> Hi Squid-users, my question is more to the dev list but I'm not a Squid
> developer so its better not disturb then.
>
> In my setup I need to be able to send a signal to Squid to force it to
> read /etc/hosts again. I need it because I have a PPPoE concentrator and
> the hosts file is updated each time a new user connects or disconnects.
>
> I couldn't find a way to enable this behavior so I decided to mess with
> the code a little and this is where I need a helping hand.
To the best of my knowledge, squid re-reads the host file on a "-k
reconfigure". Looking at mainReconfigure(void) confirms this.
>
> Looking arround I found the function idnsInit() that looks promissing. I
> added something like this to src/main.c
>
The function you would want to use is parseEtcHosts()...
> static void mainResetDNS(void);
>
> ...
>
> static void
> mainResetDNS(void)
> {
> idnsInit();
> }
>
> ...
>
> At mainInitialize()
>
> ...
> squid_signal(SIGRTMIN, mainResetDNS, SA_NODEFER);
> ...
>
> and to get a command line option to send the signal I made something
> like this:
>
> ...
> case 'k':
> if ((int) strlen(optarg) < 1)
> usage();
> if (!strncmp(optarg, "dns", strlen(optarg)))
> opt_send_signal = SIGRTMIN;
> else if (!strncmp(optarg, "reconfigure", strlen(optarg)))
> opt_send_signal = SIGHUP;
> ...
>
>
> Compilation happens with no probs and when I run "squid -k dns" it
> re-reads the hosts file but it kills childs too. Killing child
> proccesess stop all active transfers and this is something that cannot
> happen.
>
> Can anybody help me find the right function(s) to call so it re-reads
> the hosts file?
>
> Thanks for the attetion...
>
> --
> Andre D. Correa, CISSP
> andre.correa (at) pobox.com
> http://andre.hiperlinks.com.br
> Sao Paulo / SP / Brazil
> --
Hope this helps,
Chris
RE: [squid-users] Problem with "no_cache"-option
> -Original Message- > From: Anderson, Soeren [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 07, 2005 12:57 AM > To: squid-users@squid-cache.org > Subject: [squid-users] Problem with "no_cache"-option > > > Hallo, > > this is my first posting, so "hi @ all". > > > System is a SuSE8.1 with squid-2.4.STABLE7-288. > > I don' t want pdf-Documents to be cached, so i put > > ### > acl pdf urlpath_regex .pdf$ > no_cache deny pdf > ### > > in squid.conf. > As that didn' t work, i used > > ### > acl Morning time 08:00-11:00 > no_cache deny Morning > ### > > for testing-purposes, which is copied from the Squid-FAQ > (http://www.squid-cache.org/Doc/FAQ/FAQ-7.html#ss7.8). > But still i get "TCP_HIT"' s in the access.log. > > Any hints would be appreciated. > > Have a nice day.. > > > Sören Anderson Perhaps it's a dumb question, but are you restarting or reconfiguring squid between conf changes? Is there a reason that you are using such an old version of Squid? The 2.4 branch has not seen any official updates in over 2 years. Chris
RE: [squid-users] proxy_auth authentication exemption problem
> -Original Message- > From: Kenneth Oncinian [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 06, 2005 6:57 PM > To: squid-users@squid-cache.org > Subject: [squid-users] proxy_auth authentication exemption problem > > > Hi list, > > I have a simple user based authentication using ncsa_auth, and the same > time excluding authentication for some users using src IP address. > This works fine. until i have a requirement which needs to ban some > websites but not from some authenticated users. > > so my previous squid.conf is like this, and this works on the exemption > of the user1, user2, and user3 from authenticating while prompting for > others: > - > acl banned dstdomain "/usr/local/etc/squid/banned.txt" > > auth_param basic program /usr/local/libexec/ncsa_auth > /usr/local/etc/squid/htpasswd > auth_param basic children 50 > auth_param basic realm my domain > auth_param basic credentialsttl 2 hours > > #acl of excempted IPs from authenticating using ncsa_auth > acl user1 src 192.168.1.1/255.255.255.255 > acl user2 src 192.168.1.2/255.255.255.255 > acl user3 src 192.168.1.3/255.255.255.255 > acl password proxy_auth REQUIRED > > http_access allow user1 > http_access allow user2 > http_access allow user3 > > http_access deny banned > never_direct allow all > never_direct allow password > > > > But when I tried to change the squid.conf to: > > acl banned dstdomain "/usr/local/etc/squid/banned.txt" > > auth_param basic program /usr/local/libexec/ncsa_auth > /usr/local/etc/squid/htpasswd > auth_param basic children 50 > auth_param basic realm my domain > auth_param basic credentialsttl 2 hours > > #acl of excempted IPs from authenticating using ncsa_auth > acl user1 src 192.168.1.1/255.255.255.255 > acl user2 src 192.168.1.2/255.255.255.255 > acl user3 src 192.168.1.3/255.255.255.255 > acl user4 proxy_auth username4 <-- > acl user5 proxy_auth username5 <-- > acl password proxy_auth REQUIRED > > http_access allow user1 > http_access allow user2 > http_access allow user3 > > http_access allow user4 banned <-- > http_access allow user5 banned <-- Why are these two different? Shouldn't they read: http_access allow user4 http_access allow user5 (without specifying "banned" on the end)? > http_access deny banned > never_direct allow all > never_direct allow password What's the point of specifically stating "never_direct allow password" AFTER "never_direct allow all"? Besides, never_direct only has an effect when using a parent proxy. It has nothing to do with sending traffic directly from the browser to the internet. > - > > > All users are then prompted for authentication including user1, user2 > and user3, there's no more exclusion in the ncsa_auth authentication. > Where did I go wrong? any hints or tip is greatly appreciated. > >From the squid.conf.default: # The browser will be challenged for authentication on the first # [proxy_auth] acl encountered in http_access processing and will also be #rechallenged for new login credentials if the request is being denied #by a proxy_auth type acl. While I don't see anything that would cause what you are describing, the whole picture is not shown. You imply that all users are required to authenticate, but (unless you are using the "never_direct allow password" to force this) I don't see where that requirement is made. If it turns out that you are using the never_direct (blah, blah) to force authentication, you shouldn't do it that way. Use an http_access rule instead (like "http_access allow password" after the "http_access deny banned"). > > regards, > Kenneth Chris
Re: [squid-users] WARNING: Disk space over limit:
On Fri, 8 Jul 2005 12:41 am, Fabio Gomes Baptista wrote: > Hi, > > I have a squid 2.5/STABLE 9 installed and I am getting the following > messages in the cache.log: > > WARNING: Disk space over limit: 1536004 KB > 1536000 KB > > The cache_dir in squid.conf is configured like the line below: > > cache_dir ufs /usr/local/squid/var/spool 1500 128 512 > > The filesystem where the cache dir is located have 519M free. > > What can be the cause of this problem ? The "1500" in the cache_dir config refers to "1500 megabytes". Now 1500*1024=1536000 KB (notice the same number in the warning?) but your cache has 4KB worth of extra objects, hence the warning telling you that 1536004 is bigger than the configured cache size 1536000. It's only a warning, not an error, squid will still run and will trim some objects from the cache to bring it back to its configured size. You can increase your cache_dir if you like to fill the 519MB remaining: 1500+519=2019. So simply replace the 1500 with 2019 in the cache_dir configuration and the cache will fill the remaining disk space. I have no idea how your system is configured so it's up to you to make sure filling the volume the cache is on wont adversely affect your machine. Cheers, James
Re: [squid-users] passport.com url error with Squid
- Original Message - From: "D & E Radel" <[EMAIL PROTECTED]> To: Sent: Tuesday, July 05, 2005 4:27 PM Subject: [squid-users] passport.com url error with Squid Hi there, There following url spits causes an error in Squid: https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033 We get the following error message: ERROR The requested URL could not be retrieved While trying to retrieve the URL: /ppsecure/md5auth.srf?lc=1033 The following error was encountered: Invalid URL Some aspect of the requested URL is incorrect. Possible problems: Missing or incorrect access protocol (should be `http://'' or similar) Missing hostname Illegal double-escape in the URL-Path Illegal character in hostname; underscores are not allowed The url works when I do not use the proxy. The REALLY weird thing is that if I hit refresh, the page loads First attempt always fails with "invalid url" squid error. Any ideas why it would fail, yet refreshing or hitting GO a second time works? All other https sites seem to work. The url is what pops up when we click the button to check our Hotmail in MSN/Windows Messenger. But the url also fails when manually typing it in. Thanks in advance. Regards, Dietrich Any takers? Does the url https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033 fail on anyones Squid using IE? Dietrich
Re: [squid-users] passport.com url error with Squid
Any takers? Does the url https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033 fail on anyones Squid using IE? Dietrich The url is passed to IE from clicking the check email link in MSN/Windows Messenger. Gets message invalid URL message from Squid. Typing it in, the site complains about bad username creditials, so MSN but be passing this info through to IE. Works fine when by-passing the Squid proxy. D.Radel
Re: [squid-users] Re: Hide squid cache server IP
On 7/7/05, kodel <[EMAIL PROTECTED]> wrote: > Yup.. > > thanks a lot Abu > > > And one more thing i only use single interface in the squid box, > and using public ip. All the clients are using public ip address too. > > But is there any other way beside mapping the ip address > one by one in the nat configuration ? > > What I need is the destination web server only know the real public ip > of the client rather than squid's ip. Which maybe this is the reverse > than other people need by anonymyzing their ip address through squid proxy. > tproxy patch for linux kernel or (tcp_outgoing_address and nat) are the only methods I heard of so far. -- Regards. Abu Khaled
Re: [squid-users] access list
On 7/7/05, Eganya Alfredo <[EMAIL PROTECTED]> wrote: > Hi abu, > > The idea is that the teams alone " pmaticos " can > consent to some internal places, belonging to the > domain aza.cl, without damage that all the other ones > scheme they can continue usually navigating, > > > > > acl pmaticos src 120.1.1.54/255.255.255.255 > > > acl aza dstdomain aza.cl > > > acl all src 0.0.0.0/0.0.0.0 > > > http_access allow pmaticos aza > > > http_access deny all > > the rules that i had were bad because they refused > everything, I proved this configuration but it doesn't > provide effect, since it doesn't link the 2 rules but > rather it evaluates them individually > > > > acl pmaticos src 120.1.1.54/255.255.255.255 > > > acl aza dstdomain aza.cl > > > http_access allow pmaticos aza > > do I have a list of blocked places, another list of > blocked teams, does some configuration exist to have > associations team-place? > > 1.1.1.1/30 www.aza.cl > 1.1.1.2/28 www.google.cl > > etc. > > thanks Sorry I still do not understand what you are trying to do. Try to explain like this: internalsite: blah.com foo.net ... team one: IP 10.0.0.1 to 10.0.0.20 allow access web allow access intenalsite team two: IP 10.0.0.21 to 10.0.0.30 allow access web deny access intenalsite Provide Information like this so we can figure out what to put in the access lists -- Regards. Abu Khaled
Re: [squid-users] Re-reding /etc/hosts file with -k
On 07.07 16:21, Andre D. Correa wrote: > Hi Squid-users, my question is more to the dev list but I'm not a Squid > developer so its better not disturb then. > > In my setup I need to be able to send a signal to Squid to force it to > read /etc/hosts again. I need it because I have a PPPoE concentrator and > the hosts file is updated each time a new user connects or disconnects. in such case, you probably should look at the alternative way - installing local DNS server (e.g. dnsmasq) that will read /etc/hosts and provide stored hosts via DNS lookups. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
