[squid-users] Squid capacity for hardware
Hello All, How many concurrent users and request rate can squid handle on a box 3 Ghz processor and 2 Gb memory? . How much the same configuration can handle if the caching is not used? Thanks in advance, Sekar.D
Re: [squid-users] status codes meanings..
Linda W wrote: I was trying to track down a problem and got distracted on squid status codes. I was curious on how to interpret these. I extracted the status codes from each line, sorted, counted and got: 1 TCP_CLIENT_REFRESH_MISS/000 955 TCP_CLIENT_REFRESH_MISS/200 *TCP_CLIENT_REFRESH_MISS -* The client issued a no-cache pragma, or some analogous cache control command along with the request. Thus, the cache has to refetch the object. 6 TCP_MISS/000 *TCP_MISS* -The requested object was not in the cache 1 TCP_NEGATIVE_HIT/404 *TCP_NEGATIVE_HIT* - Request for a negatively cached object, e.g. 404 not found, for which the cache believes to know that it is inaccessible. Also refer to the explainations for /negative_ttl/ in your /squid.conf/ file. 2 TCP_SWAPFAIL_MISS/200 --- *TCP_SWAPFAIL_MISS* - The object was believed to be in the cache, but could not be accessed. For more details of squid status codes in: http://wiki.squid-cache.org/SquidFaq/SquidLogs#head-2914f3a846d41673d4ae34018142e672b8f258ce -- Thanks, Visolve Squid Team, http://squid.visolve.com
[squid-users] Squid Config from LDAP
Hi Did anyone else ever thought of bringing parts or the whole Squid-Config into LDAP? The only thing I found right now was authentification via LDAP. I have several squid-running with mostly the same configuration. What I would like to do is to have just one configuration and generate the productiv configuration which just differs in ip-addr and which neighbours to contact out of this central configuration? Has anyone ever done something similar? Regards Christian
Re: [squid-users] Squid Config from LDAP
Hi Christian, On Wednesday 19 July 2006 13:19, Christian Bode wrote: Hi Did anyone else ever thought of bringing parts or the whole Squid-Config into LDAP? The only thing I found right now was authentification via LDAP. I have several squid-running with mostly the same configuration. What I would like to do is to have just one configuration and generate the productiv configuration which just differs in ip-addr and which neighbours to contact out of this central configuration? Has anyone ever done something similar? I didn't have the need for such a setup. But what about a shell script using a configuration template and just modifying what needs to be different? Should be fairly easy to develop. Regards, Peter -- Peter Albrecht, Novell Training Services, [EMAIL PROTECTED]
Re: [squid-users] Squid Config from LDAP
On Wed, Jul 19, 2006 at 01:29:27PM +0200, Peter Albrecht wrote: Hi Christian, On Wednesday 19 July 2006 13:19, Christian Bode wrote: Hi Did anyone else ever thought of bringing parts or the whole Squid-Config into LDAP? The only thing I found right now was authentification via LDAP. I have several squid-running with mostly the same configuration. What I would like to do is to have just one configuration and generate the productiv configuration which just differs in ip-addr and which neighbours to contact out of this central configuration? Has anyone ever done something similar? I didn't have the need for such a setup. But what about a shell script using a configuration template and just modifying what needs to be different? Should be fairly easy to develop. Regards, Peter -- Peter Albrecht, Novell Training Services, [EMAIL PROTECTED] Sure, it would. On the other side of the configration there are not highly skilled admins which have to change for examples the ACLs for website which are allowed or not. When the configuration is in LDAP I can just give them a webinterface for managing that stuff in the LDAP-Directory :-) Regards Christian
Re: [squid-users] Download always get disconnected through proxy
Yong Bong Fong wrote: Dear friends, Wondering if anyone else face smilar issue to me with downloading problems through proxy. Many users complained to me that when they download through proxy, they often get corrupted file or download disconnected half way. Only if using download manager can the download be more reliable. I have come to the conclusion that it is my proxy problem because on the same link of download, if I use other direct connections internet, the download is perfect, but when go through proxy there is the problem with download disconnected... any idea what went wrong? thanks for taking time reading my mail... Regards Yong Hello Yong, Check and send the cache.log messages while you are downloading through proxy. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Help me !. Problem whit Squid 2.5 - commBind: Cannot bind socket FD 11
* On 18/07/06 15:23 -0500, Raul Lapitzondo wrote: | Hi all. | | I have a problem with Squid version 2.5.STABLE in SuSE 9.1. Since 3 | years run squid without problems, but now i have error. When run | rcsquid appear the next message: | | linux squid[15990]: Starting Squid Cache version 2.5.STABLE5 for | i686-pc-linux-gnu... | linux squid[15990]: Process ID 15990 | linux squid[15990]: With 4096 file descriptors available | linux squid[15990]: DNS Socket created at 0.0.0.0 , port 4635, FD 5 | linux squid[15990]: Adding nameserver 192.168.1.1 from /etc/resolv.conf | linux squid[15990]: Adding nameserver 200.32.3.129 from /etc/resolv.conf | linux squid[15990]: Adding nameserver 200.42.0.109 from /etc/resolv.conf | linux squid[15990]: User-Agent logging is disabled. | linux squid[15990]: Referer logging is disabled. | linux squid[15990]: Unlinkd pipe opened on FD 10 | linux squid[15990]: Swap maxSize 102400 KB, estimated 0 objects | linux squid[15990]: Target number of buckets: 0 | linux squid[15990]: Using 8192 Store buckets | linux squid[15990]: Max Mem size: 32768 KB | linux squid[15990]: Max Swap size: 102400 KB | linux squid[15990]: Local cache digest enabled; rebuild/rewrite every | 3600/3600 sec | linux squid[15990]: Rebuilding storage in /var/cache/squid (DIRTY) | linux squid[15990]: Using Least Load store dir selection | linux squid[15990]: Current Directory is / | linux squid[15990]: Loaded Icons. | linux squid[15990]: commBind: Cannot bind socket FD 11 to | 192.168.0.1:3128: (99) Cannot assign requested address This IP address 192.168.0.1, is it configured on your ethernet interface? Once you resolve that, you are done, but I don't know how! -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +==+ |\ _,,,---,,_ | Odhiambo Washington[EMAIL PROTECTED] Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ I don't believe there really IS a GAS SHORTAGE.. I think it's all just a BIG HOAX on the part of the plastic sign salesmen -- to sell more numbers!!
Re: [squid-users] 2.6S1 WCCP2 problems
ons 2006-07-19 klockan 07:25 +0700 skrev tino: RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent vhost vport=80 why vhost and vport=80? These are for accelerator/reverse proxy mode, not Internet proxies.. The transparent keyword takes care of all which is needed in transparent interception. #-at squid: insmod ip_gre ifconfig gre0 up ip addr add 172.0.0.2 255.255.255.252 dev gre0 I would say it's better to create a new GRE tunnel for the router. ip tunnel add wccp mode gre remote ip.of.router ip addr add proxy.server.ip/32 dev wccp ip link set wccp up and intercepted packets redirected by the router should be coming in on the virtual wccp interface, where they can easily be redirected to Squid iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128 You quite likely also need to disable reverse-path lookups on the wccp interface echo 0 /proc/sys/net/ipv4/conf/wccp/rp_filter IP forwarding does not need to be enabled. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Squid Config from LDAP
ons 2006-07-19 klockan 13:19 +0200 skrev Christian Bode: Hi Did anyone else ever thought of bringing parts or the whole Squid-Config into LDAP? LDAP doesn't fit very well for storing whole configs. The only thing I found right now was authentification via LDAP. You also have authorization via squid_ldap_group, and despite it's name it can actually be used for a wide range of authorization lookups, not just group lookups.. I have several squid-running with mostly the same configuration. What I would like to do is to have just one configuration and generate the productiv configuration which just differs in ip-addr and which neighbours to contact out of this central configuration? Many do this with simple preprocessing of the config, using cpp, m4 or another simple macro processor, and distributing the config file data to the proxies with rsync or similar. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] How to rotate logs in Squid
Hi We have just installed Squid and I would like to know how rotate the logs files. Please can some explain on how this can be done automatically without admin interference. We are running Squid Suse 10.1 Thanks Levent Mehmet Network Analyst Server and Network Team [EMAIL PROTECTED] Operate Unit Market Towers, 20th Floor 1 Nine Elms Lane London SW8 5NQ E-mail: [EMAIL PROTECTED] Phone: +44 20 7084 3517 Fax: +44 20 7084 2536 This email and any files transmitted with it are confidential. If you are not the intended recipient, any reading, printing, storage, disclosure, copying or any other action taken in respect of this email is prohibited and may be unlawful. If you are not the intended recipient, please notify the sender immediately by using the reply function and then permanently delete what you have received.Incoming and outgoing email messages are routinely monitored for compliance with the Department of Healths policy on the use of electronic communications. For more information on the Department of Healths email policy, click http;//www.doh.gov.uk/emaildisclaimer.htm The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable Wireless in partnership with MessageLabs. On leaving the GSI this email was certified virus free. The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk
[squid-users] dnrd
hi everyone some basic questions i can't understand... squid always uses dnrd for resolving names? from where in the configuration files dnrd is called from squid?
RE: [squid-users] How to rotate logs in Squid
Hi Sorry to be a pain I don't understand not a strong user in squid -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: 19 July 2006 17:08 To: Mehmet, Levent (Accenture) Cc: squid-users@squid-cache.org Subject: Re: [squid-users] How to rotate logs in Squid ons 2006-07-19 klockan 16:46 +0100 skrev Mehmet, Levent (Accenture): We have just installed Squid and I would like to know how rotate the logs files. Please can some explain on how this can be done automatically without admin interference. Add a cron job running squid -k rotate at selected interval. Regards Henrik This email and any files transmitted with it are confidential. If you are not the intended recipient, any reading, printing, storage, disclosure, copying or any other action taken in respect of this email is prohibited and may be unlawful. If you are not the intended recipient, please notify the sender immediately by using the reply function and then permanently delete what you have received.Incoming and outgoing email messages are routinely monitored for compliance with the Department of Healths policy on the use of electronic communications. For more information on the Department of Healths email policy, click http;//www.doh.gov.uk/emaildisclaimer.htm The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable Wireless in partnership with MessageLabs. On leaving the GSI this email was certified virus free. The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk
Re: [squid-users] dnrd
ons 2006-07-19 klockan 17:56 +0200 skrev Fabio: hi everyone some basic questions i can't understand... squid always uses dnrd for resolving names? dnrd? Squid uses DNS calls to your configured DNS server/resolver, configured either from /etc/resolv.conf or squid.conf. It also uses /etc/hosts or equivalent static file specified in squid.conf to resolve names. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] How to rotate logs in Squid
ons 2006-07-19 klockan 17:13 +0100 skrev Mehmet, Levent (Accenture): Hi Sorry to be a pain I don't understand not a strong user in squid man crontab has nothing to do with Squid really.. cron is the automatic job scheduler in UNIX. You tell Squid to rotate it's log files by running squid -k rotate. cron can be set up to call squid -k rotate at any interval you prefer. A common choice is once per day. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] How to rotate logs in Squid
* On 19/07/06 17:13 +0100, Mehmet, Levent (Accenture) wrote: | Hi | | Sorry to be a pain I don't understand not a strong user in squid | | -Original Message- | From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] | Sent: 19 July 2006 17:08 | To: Mehmet, Levent (Accenture) | Cc: squid-users@squid-cache.org | Subject: Re: [squid-users] How to rotate logs in Squid | | ons 2006-07-19 klockan 16:46 +0100 skrev Mehmet, Levent (Accenture): | | We have just installed Squid and I would like to know how rotate the | logs files. | | Please can some explain on how this can be done automatically without | admin interference. | | Add a cron job running squid -k rotate at selected interval. Edit /etc/crontab and add one like like this; 59 23 * * 6 root/usr/local/sbin/squid -k rotate Use the correct path for squid binary. -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +==+ |\ _,,,---,,_ | Odhiambo Washington[EMAIL PROTECTED] Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ Those who educate children well are more to be honored than parents, for these only gave life, those the art of living well. -- Aristotle
[squid-users] Re: dnrd
At 06:17 PM 7/19/2006, you wrote: ons 2006-07-19 klockan 17:56 +0200 skrev Fabio: hi everyone some basic questions i can't understand... squid always uses dnrd for resolving names? dnrd? Squid uses DNS calls to your configured DNS server/resolver, configured either from /etc/resolv.conf or squid.conf. It also uses /etc/hosts or equivalent static file specified in squid.conf to resolve names. Regards Henrik ok...that's right.. the problem is this.. my squid calls localhost dns served from dnrd (a dns proxy) dnrd calls an internal dns to resolve names... sometimes (randomly) some addresses are not solved. sometimes google (acc!) sometimes microsoft (LOL) sometimes something else...without any apparent reasons... what to do? how to debug?? help
Re: [squid-users] Squid/SquidGuard: info of user and category
On Mon, Jul 17, 2006 at 12:24:47PM -0800, Chris Robertson wrote: As per http://wiki.squid-cache.org/SquidFaq/SquidAcl... ...Squid does not wait for the lookup to complete unless the ACL rules require it. So unless you have a rule requiring the ident information, it may or may not be provided. See that section of the Wiki, and look for the bit about How do I block specific users or groups from accessing my cache?. That should help with reliably getting the ident information. It seems it is enough to put acl idents ident REQUIRED ... http_access allow idents into the squid.conf. I will still go a little deeper. Thank you for your help. Karsten -- Karsten Rothemund [EMAIL PROTECTED] /\ PGP-Key: 0x7019CAA5 \ / Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign 50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News pgptcIpnc2HnU.pgp Description: PGP signature
Re: [squid-users] Help me !. Problem whit Squid 2.5 - commBind: Cannot bind socket FD 11
Hi Odhiambo , The actual configuration squid.conf not was modified. In any moment it began to give error. The scheme of my network is: 192.168.0.1 -- 192.168.1.1 -- 192.168.1.2 gateway -- adsl modem eth0-- eth1 Regards Raul 2006/7/19, Odhiambo WASHINGTON [EMAIL PROTECTED]: * On 18/07/06 15:23 -0500, Raul Lapitzondo wrote: | Hi all. | | I have a problem with Squid version 2.5.STABLE in SuSE 9.1. Since 3 | years run squid without problems, but now i have error. When run | rcsquid appear the next message: | | linux squid[15990]: Starting Squid Cache version 2.5.STABLE5 for | i686-pc-linux-gnu... | linux squid[15990]: Process ID 15990 | linux squid[15990]: With 4096 file descriptors available | linux squid[15990]: DNS Socket created at 0.0.0.0 , port 4635, FD 5 | linux squid[15990]: Adding nameserver 192.168.1.1 from /etc/resolv.conf | linux squid[15990]: Adding nameserver 200.32.3.129 from /etc/resolv.conf | linux squid[15990]: Adding nameserver 200.42.0.109 from /etc/resolv.conf | linux squid[15990]: User-Agent logging is disabled. | linux squid[15990]: Referer logging is disabled. | linux squid[15990]: Unlinkd pipe opened on FD 10 | linux squid[15990]: Swap maxSize 102400 KB, estimated 0 objects | linux squid[15990]: Target number of buckets: 0 | linux squid[15990]: Using 8192 Store buckets | linux squid[15990]: Max Mem size: 32768 KB | linux squid[15990]: Max Swap size: 102400 KB | linux squid[15990]: Local cache digest enabled; rebuild/rewrite every | 3600/3600 sec | linux squid[15990]: Rebuilding storage in /var/cache/squid (DIRTY) | linux squid[15990]: Using Least Load store dir selection | linux squid[15990]: Current Directory is / | linux squid[15990]: Loaded Icons. | linux squid[15990]: commBind: Cannot bind socket FD 11 to | 192.168.0.1:3128: (99) Cannot assign requested address This IP address 192.168.0.1, is it configured on your ethernet interface? Once you resolve that, you are done, but I don't know how! -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +==+ |\ _,,,---,,_ | Odhiambo Washington[EMAIL PROTECTED] Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ I don't believe there really IS a GAS SHORTAGE.. I think it's all just a BIG HOAX on the part of the plastic sign salesmen -- to sell more numbers!! -- Saludos Raúl H. Lapitzondo
Re: [squid-users] 2.6S1 WCCP2 problems
Tino, Thanks for your config, i added the vhost and vport=80 options to my config, but i am still having the same problems. As for lo0 on the router, i have never had to setup this up in the past but i tried it anyway and it made no difference. When i have talked to the Cisco guys before they stated that WCCP simply needs an IP and will grab any configured IP on the router, it doesn't matter. I think i am going to submit a bug, i don't know why squid is sending back a bad id. Thanks, Bryan On Tue, 2006-07-18 at 20:25 -0400, tino wrote: RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent vhost vport=80 tcp_outgoing address 10.10.10.1 wccp2_router 10.10.10.2 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_service standard 0 As far I know, kernel 2.6.9 up , you do need bringing up loopback0 at cisco router (this is because wccp will use it as router identifier) #at router : interface lo0 ip address 172.0.0.1 255.255.255.252 no shut #-at squid: insmod ip_gre ifconfig gre0 up ip addr add 172.0.0.2 255.255.255.252 dev gre0 If you shut loopback0, wccp mechanism still alive at router, but no traffic being redirected ( gre_tunnel is established between lo0--gre0 via this tunnel where web-traffic redirected) Also put ip wccp web-cache exclude in in the router interface where squid attached make sure it is not same vlan where traffic redirected regards Tino - Original Message - From: Shoebottom, Bryan To: tino ; squid-users@squid-cache.org Sent: Tuesday, July 18, 2006 7:06 PM Subject: RE: [squid-users] 2.6S1 WCCP2 problems Tino, Our lookback interface is not configured and never has been in the past for caches to work. You do bring up an interesting point of the IP address of the gre interface. In the past i have simply used an IP that is not on our network, maybe i can't do that anymore. What wccp directives do you have configured in your squid.conf? Thanks, Bryan -Original Message- From: tino [mailto:[EMAIL PROTECTED] Sent: Mon 7/17/2006 8:17 PM To: Shoebottom, Bryan; squid-users@squid-cache.org Subject: Re: [squid-users] 2.6S1 WCCP2 problems Hi, Bryan what is your interface loopback0 status ip address at L3 6500 ? It should be in the same subnet with your gre0 ip address. I'm running 6500 earlier version than yours (supervisor engine-1a msfc1), ip cef enable, wccpv2 work ok with squid-2.6S1, I'm using kernel 2.6.15.7 with ip_gre loaded from kernel module. It also work when I put squid-2.6.S1 with 3620 router, ios 12.2(t) as5300, ios 12.0.7(t) also, make sure iptables loaded first before running squid rgds, Tino - Original Message - From: Shoebottom, Bryan mailto:[EMAIL PROTECTED] To: tino mailto:[EMAIL PROTECTED] ; squid-users@squid-cache.org Sent: Monday, July 17, 2006 7:29 PM Subject: RE: [squid-users] 2.6S1 WCCP2 problems -6500 running code 12.1(26)E -ip wccp we redirect in configured on vlans ip wccp web-cache -2.6.17 -/sbin/iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 eth0 Link encap:Ethernet HWaddr 00:14:C2:C3:3B:1D inet addr:10.10.101.3 Bcast:10.10.101.7 Mask:255.255.255.248 inet6 addr: fe80::214:c2ff:fec3:3b1d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:53302 errors:0 dropped:0 overruns:0 frame:0 TX packets:41745 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7311146 (6.9 MiB) TX bytes:6586185 (6.2 MiB) Interrupt:185 gre0 Link encap:UNSPEC HWaddr 00-00-00-00-BD-BF-A8-4C-00-00-00-00-00-00-00-00 inet addr:10.2.1.1 Mask:255.255.255.252 UP RUNNING NOARP MTU:1476 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:104 errors:0 dropped:0 overruns:0 frame:0 TX packets:104 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:19992 (19.5 KiB) TX bytes:19992 (19.5 KiB) I have enabled wccp2 when configuring squid. Thanks, Bryan -Original Message- From: tino [mailto:[EMAIL
Re: [squid-users] 2.6S1 WCCP2 problems
Henrik, I will give that a shot. Is there any reason why this isn't in the FAQ? This is the first place i checked when my config didn't work. Thanks, Bryan On Wed, 2006-07-19 at 10:04 -0400, Henrik Nordstrom wrote: ons 2006-07-19 klockan 07:25 +0700 skrev tino: RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent vhost vport=80 why vhost and vport=80? These are for accelerator/reverse proxy mode, not Internet proxies.. The transparent keyword takes care of all which is needed in transparent interception. #-at squid: insmod ip_gre ifconfig gre0 up ip addr add 172.0.0.2 255.255.255.252 dev gre0 I would say it's better to create a new GRE tunnel for the router. ip tunnel add wccp mode gre remote ip.of.router ip addr add proxy.server.ip/32 dev wccp ip link set wccp up and intercepted packets redirected by the router should be coming in on the virtual wccp interface, where they can easily be redirected to Squid iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128 You quite likely also need to disable reverse-path lookups on the wccp interface echo 0 /proc/sys/net/ipv4/conf/wccp/rp_filter IP forwarding does not need to be enabled. Regards Henrik
[squid-users] sslReadServer: FD 342: read failure: (104) Connection reset by peer
Hi Henrik, I am running a squid-2.5 server with two seperate cache servers. In both the cache server's cache.log file I am getting the entry from yesterday and still on 2006/07/20 01:09:54| sslReadServer: FD 396: read failure: (104) Connection reset by peer 2006/07/20 01:12:42| sslReadServer: FD 228: read failure: (104) Connection reset by peer 2006/07/20 01:16:02| sslReadServer: FD 187: read failure: (104) Connection reset by peer 2006/07/20 01:16:50| sslReadServer: FD 137: read failure: (104) Connection reset by peer 2006/07/20 01:17:13| sslReadServer: FD 335: read failure: (104) Connection reset by peer 2006/07/20 01:17:29| sslReadServer: FD 342: read failure: (104) Connection reset by peer 2006/07/20 01:18:13| sslReadServer: FD 172: read failure: (104) Connection reset by peer I have gone through the squid FAQ and mailing list archives as well but I could find topics related to sslReadClient only. Could you please do let me know the reasons behind these entries and the way to come out of such messages. Thanks in advance. With Regards, -- Sushil.
Re: [squid-users] Help me !. Problem whit Squid 2.5 - commBind: Cannot bind socket FD 11
* On 19/07/06 12:56 -0500, Raul Lapitzondo wrote: | Hi Odhiambo , | The actual configuration squid.conf not was modified. In any moment | it began to give error. | The scheme of my network is: | 192.168.0.1 -- 192.168.1.1 -- 192.168.1.2 | gateway -- adsl modem | eth0-- eth1 | | Regards | Raul | | 2006/7/19, Odhiambo WASHINGTON [EMAIL PROTECTED]: | * On 18/07/06 15:23 -0500, Raul Lapitzondo wrote: | | Hi all. | | | | I have a problem with Squid version 2.5.STABLE in SuSE 9.1. Since 3 | | years run squid without problems, but now i have error. When run | | rcsquid appear the next message: | | | | linux squid[15990]: Starting Squid Cache version 2.5.STABLE5 for | | i686-pc-linux-gnu... | | linux squid[15990]: Process ID 15990 | | linux squid[15990]: With 4096 file descriptors available | | linux squid[15990]: DNS Socket created at 0.0.0.0 , port 4635, FD 5 | | linux squid[15990]: Adding nameserver 192.168.1.1 from /etc/resolv.conf | | linux squid[15990]: Adding nameserver 200.32.3.129 from /etc/resolv.conf | | linux squid[15990]: Adding nameserver 200.42.0.109 from /etc/resolv.conf | | linux squid[15990]: User-Agent logging is disabled. | | linux squid[15990]: Referer logging is disabled. | | linux squid[15990]: Unlinkd pipe opened on FD 10 | | linux squid[15990]: Swap maxSize 102400 KB, estimated 0 objects | | linux squid[15990]: Target number of buckets: 0 | | linux squid[15990]: Using 8192 Store buckets | | linux squid[15990]: Max Mem size: 32768 KB | | linux squid[15990]: Max Swap size: 102400 KB | | linux squid[15990]: Local cache digest enabled; rebuild/rewrite every | | 3600/3600 sec | | linux squid[15990]: Rebuilding storage in /var/cache/squid (DIRTY) | | linux squid[15990]: Using Least Load store dir selection | | linux squid[15990]: Current Directory is / | | linux squid[15990]: Loaded Icons. | | linux squid[15990]: commBind: Cannot bind socket FD 11 to | | 192.168.0.1:3128: (99) Cannot assign requested address | | This IP address 192.168.0.1, is it configured on your ethernet | interface? | Once you resolve that, you are done, but I don't know how! Can you give more details, please? What is your Operating System? Can you please put your squid.conf somewhere on the web where we can see it? Use egrep -v '^[[:space:]]*(#|$)' squid.conf squid.conf.txt and put the .txt on the web somewhere. Can you also show the output of `ifconfig` from the machine? PS: Don't top-post! Best regards, Odhiambo Washington Systems Admin, Wananchi Online Ltd. Are you hosting your domain name with the leaders??: See http://webhosting.info/webhosts/tophosts/Country/KE DISCLAIMER: See http://www.wananchi.com/bms/terms.php --+- Odhiambo WASHINGTON. WANANCHI ONLINE LTD (Nairobi, KE) http://www.wananchi.com/email/ . 1ere Etage, Laptrust Plaza, Loita St., Mobile: (+254) 722 743 223 . # 10286, 00100 NAIROBI --+- I love the way Microsoft follows standards. In much the same manner that fish follow migrating caribou. -- Paul Tomblin
Re: [squid-users] 2.6S1 WCCP2 problems
Yes, check your rp_filter=0 Be sure to try your squid in non-transparent (fill the proxy in client browser) is work well You also had to search topics in web http://www.squid-cache.org/mail-archive/squid-users/200502/0909.html rgds, Tino - Original Message - From: Bryan Shoebottom [EMAIL PROTECTED] To: Henrik Nordstrom [EMAIL PROTECTED] Cc: tino [EMAIL PROTECTED]; squid-users@squid-cache.org Sent: Thursday, July 20, 2006 2:54 AM Subject: Re: [squid-users] 2.6S1 WCCP2 problems Henrik, I will give that a shot. Is there any reason why this isn't in the FAQ? This is the first place i checked when my config didn't work. Thanks, Bryan On Wed, 2006-07-19 at 10:04 -0400, Henrik Nordstrom wrote: ons 2006-07-19 klockan 07:25 +0700 skrev tino: RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent vhost vport=80 why vhost and vport=80? These are for accelerator/reverse proxy mode, not Internet proxies.. The transparent keyword takes care of all which is needed in transparent interception. #-at squid: insmod ip_gre ifconfig gre0 up ip addr add 172.0.0.2 255.255.255.252 dev gre0 I would say it's better to create a new GRE tunnel for the router. ip tunnel add wccp mode gre remote ip.of.router ip addr add proxy.server.ip/32 dev wccp ip link set wccp up and intercepted packets redirected by the router should be coming in on the virtual wccp interface, where they can easily be redirected to Squid iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128 You quite likely also need to disable reverse-path lookups on the wccp interface echo 0 /proc/sys/net/ipv4/conf/wccp/rp_filter IP forwarding does not need to be enabled. Regards Henrik