[squid-users] How to setup two ADSL line on a single linux box?
Dear Sir, I want to setup a linux box that has 3 network cards in it...one of the network cards would be assigned a private ip address and the other two network cards would be assigned a dynamic public ip address by my upstream adsl provider. What I want to do is load balance between the two adsl links..is this possible? By Load balancing I want to be able download items from the internet from a workstation in my private network using these two load balanced adsl lines. As I am new to squid, please provide clear and complete setup guide if possible. Thank you in advance, kkoi
Re: [squid-users] Re: Trying to use TOS field to route authenticated users.. not working all the time
tis 2007-09-11 klockan 17:37 -0400 skrev java cocoon: tos is now appearing as I expect it to be. let me know if my theory isnt right or you have comments. It's all right, and why that comment exists in squid.conf.default.. patches fixing this is welcome. Involves extending the pconn key to include tos and outgoing IP. It's not a difficult task, something anyone with basic C knowledge can accomplish, just look for pconnPush/pconnPop (2.6) or PconnPool::push/pop (3.0) Regards Henrik
Re: [squid-users] upload images via squid
On 11.09.07 13:13, Techwww wrote: I used Squid as reverse proxy before Apache web server. I want to let users upload images via squid to real server. Can squid handle this case?thanks. it should - I don't know about any problem which would disallow that (except configuration, of course) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
Re: [squid-users] accel-mode with round-robin and parent proxy
ons 2007-09-12 klockan 01:28 +0200 skrev Stefan S.: Hallo, I use Squid pre3 (on SuSE 9.3) in accel mode with the config: http_port EXTERNAL_IP:80 accel defaultsite=MY_DOMAIN.TLD cache_peer IP-ADRESS1 parent 80 0 no-query originserver round-robin cache_peer IP-ADRESS2 parent 80 0 no-query originserver round-robin which works really good. Now I added a parent proxy through which squid should connect to the backend servers. I did this by adding: cache_peerlocalhost parent8118 0 default no-query no-digest I don't quite get what you want to accomplish. How do you want your Squid to use the now three peers? address1, address2, localhost The proxy works, but seems to disable the round-robin, because only the cache_peer IP-ADRESS1 parent 80 0 no-query originserver round-robin server works with the parent proxy. What peering relations do your parent have? When a request is forwarded it's up to the next hop to decide what happens next.. Regards Henrik
Re: [squid-users] How to setup two ADSL line on a single linux box?
ons 2007-09-12 klockan 14:06 +0630 skrev kyaw min: I want to setup a linux box that has 3 network cards in it...one of the network cards would be assigned a private ip address and the other two network cards would be assigned a dynamic public ip address by my upstream adsl provider. What I want to do is load balance between the two adsl links..is this possible? Yes, just set up a load-balanced default route in your OS, and policy routing to route already connected traffic out via the correct ISP. This is not really a Squid question but an advanced routing question. By Load balancing I want to be able download items from the internet from a workstation in my private network using these two load balanced adsl lines. You can only balance connections. It's not possible to split a single request across the two links. Regards Henrik
[squid-users] problem with win2k
I use the Win port of squid in Windows 2000. When I start the service it works perfectly for 10 urls but later the service quit, I use Windows 2000 and a 7Gb Cache file its too much?? This is the win log: Thanks a lot, 2007/09/11 16:48:32| storeDirWriteCleanLogs: Starting... 2007/09/11 16:48:32| WARNING: Closing open FD 14 2007/09/11 16:48:32| Finished. Wrote 914 entries. 2007/09/11 16:48:32| Took 0.0 seconds ( 914.0 entries/sec). 2007/09/11 16:53:15| Starting Squid Cache version 2.6.STABLE16 for i686-pc-winnt... 2007/09/11 16:53:15| Running as Squid Windows System Service on Windows 2000 2007/09/11 16:53:15| Service command line is: 2007/09/11 16:53:15| Process ID 344 2007/09/11 16:53:15| With 2048 file descriptors available 2007/09/11 16:53:15| With 2048 CRT stdio descriptors available 2007/09/11 16:53:15| Windows sockets initialized 2007/09/11 16:53:15| Using select for the IO loop 2007/09/11 16:53:15| Performing DNS Tests... 2007/09/11 16:53:15| Successful DNS name lookup tests... 2007/09/11 16:53:15| DNS Socket created at 0.0.0.0, port 1665, FD 5 2007/09/11 16:53:15| Adding nameserver 172.26.0.102 from Registry 2007/09/11 16:53:15| Adding nameserver 80.58.0.33 from Registry 2007/09/11 16:53:15| Adding nameserver 80.58.32.33 from Registry 2007/09/11 16:53:15| User-Agent logging is disabled. 2007/09/11 16:53:15| Referer logging is disabled. 2007/09/11 16:53:15| Unlinkd pipe opened on FD 8 2007/09/11 16:53:15| Swap maxSize 7168000 KB, estimated 551384 objects 2007/09/11 16:53:15| Target number of buckets: 27569 2007/09/11 16:53:15| Using 32768 Store buckets 2007/09/11 16:53:15| Max Mem size: 8192 KB 2007/09/11 16:53:15| Max Swap size: 7168000 KB 2007/09/11 16:53:15| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2007/09/11 16:53:15| Rebuilding storage in c:/squid/var/cache (CLEAN) 2007/09/11 16:53:15| Using Least Load store dir selection 2007/09/11 16:53:15| Current Directory is c:\squid\sbin 2007/09/11 16:53:15| Loaded Icons. 2007/09/11 16:53:15| Accepting proxy HTTP connections at 0.0.0.0, port 8080, FD 14. 2007/09/11 16:53:15| Accepting HTCP messages on port 4827, FD 15. 2007/09/11 16:53:15| Accepting SNMP messages on port 3401, FD 16. 2007/09/11 16:53:15| Ready to serve requests. 2007/09/11 16:53:15| Done reading c:/squid/var/cache swaplog (914 entries) 2007/09/11 16:53:15| Finished rebuilding storage from disk. 2007/09/11 16:53:15| 914 Entries scanned 2007/09/11 16:53:15| 0 Invalid entries. 2007/09/11 16:53:15| 0 With invalid flags. 2007/09/11 16:53:15| 914 Objects loaded. 2007/09/11 16:53:15| 0 Objects expired. 2007/09/11 16:53:15| 0 Objects cancelled. 2007/09/11 16:53:15| 0 Duplicate URLs purged. 2007/09/11 16:53:15| 0 Swapfile clashes avoided. 2007/09/11 16:53:15| Took 0.3 seconds (3087.8 objects/sec). 2007/09/11 16:53:15| Beginning Validation Procedure 2007/09/11 16:53:15| Completed Validation Procedure 2007/09/11 16:53:15| Validated 914 Entries 2007/09/11 16:53:15| store_swap_size = 8668k 2007/09/11 16:53:16| storeLateRelease: released 0 objects 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 1 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 2 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 3 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 4 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 5 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 6 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 7 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 8 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 9 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 10 FATAL: Select Loop failed! Squid Cache (Version 2.6.STABLE16): Terminated abnormally. CPU Usage: 4.063 seconds = 1.609 user + 2.453 sys Maximum Resident Size: 14328 KB Page faults with physical i/o: 9142 2007/09/11 17:05:08| storeDirWriteCleanLogs: Starting... 2007/09/11 17:05:08| WARNING: Closing open FD 14 2007/09/11 17:05:08| Finished. Wrote 1838
Re: [squid-users] How to setup two ADSL line on a single linux box?
Yes, just set up a load-balanced default route in your OS, and policy routing to route already connected traffic out via the correct ISP. This is not really a Squid question but an advanced routing question. HEY, henrik is right. Pls see below URL http://www.linuxquestions.org/linux/answers/Networking/Spanning_Multiple_DSLs -- Thank you Indunil Jayasooriya
[squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
ons 2007-09-12 klockan 14:06 +0630 skrev kyaw min: I want to setup a linux box that has 3 network cards in it...one of the network cards would be assigned a private ip address and the other two network cards would be assigned a dynamic public ip address by my upstream adsl provider. What I want to do is load balance between the two adsl links..is this possible? Yes, just set up a load-balanced default route in your OS, and policy routing to route already connected traffic out via the correct ISP. This is not really a Squid question but an advanced routing question. By Load balancing I want to be able download items from the internet from a workstation in my private network using these two load balanced adsl lines. You can only balance connections. It's not possible to split a single request across the two links. Regards Henrik Correct. At the moment state it's not possible to load balance two ADSL Lines (normally for endusers there is only one DSLAM Port reserved by the telefony carrier)but in germany there is a big discussion about this. (reat in the CT Magazine) They plan to implement (as it was possible by ISDN) channel bundled ADSL Lines. But this require special hardware on the enduser and and at the telephony carrier (here in Switzerland: Swisscom)...side of course. in near future it shoud be available for moderate prices (and therefore endcustomers can profit from this), let's wait and drink thea :-) _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum
Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
Yes, it is possible to load balance two ADSL connections. You need a software called shorewall installed on your squid box. For more info please visit http://www.shorewall.net/MultiISP.html -- Javed - Original Message From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Wednesday, September 12, 2007 1:54:21 PM Subject: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box? ons 2007-09-12 klockan 14:06 +0630 skrev kyaw min: I want to setup a linux box that has 3 network cards in it...one of the network cards would be assigned a private ip address and the other two network cards would be assigned a dynamic public ip address by my upstream adsl provider. What I want to do is load balance between the two adsl links..is this possible? Yes, just set up a load-balanced default route in your OS, and policy routing to route already connected traffic out via the correct ISP. This is not really a Squid question but an advanced routing question. By Load balancing I want to be able download items from the internet from a workstation in my private network using these two load balanced adsl lines. You can only balance connections. It's not possible to split a single request across the two links. Regards Henrik Correct. At the moment state it's not possible to load balance two ADSL Lines (normally for endusers there is only one DSLAM Port reserved by the telefony carrier)but in germany there is a big discussion about this. (reat in the CT Magazine) They plan to implement (as it was possible by ISDN) channel bundled ADSL Lines. But this require special hardware on the enduser and and at the telephony carrier (here in Switzerland: Swisscom)...side of course. in near future it shoud be available for moderate prices (and therefore endcustomers can profit from this), let's wait and drink thea :-) Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
[squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
Hi Indunil ok, but (not shure) you have only one ADSL Line right? I think the solution is ment for backup porpouses, which means: if the main ADSL Line fails all traffic will be routed to the ISDN Backup Line In Switzerland the ADSL System is normally built like this: ENDUSER has a ADSL Router/Modem -- calls via DSLAM Port on the POP of the telefony carrier (Swisscom) -- and if all is ok, the traffic will be routed to the Endpoint Normally (as far as i know) swisscom uses Concentrators after the DSLAM Ports on the telefone centrals, to put some groups of users (Districts) together to one paket and then routes the hole stuff to the Internet. And also an ADSL Line (Signal) will be bound to one telefon number, which means, you can have only one signal on one telefone wire (dosen't matter if you have analogue oder ISDN Connection) regards E.Altherr Yes, just set up a load-balanced default route in your OS, and policy routing to route already connected traffic out via the correct ISP. This is not really a Squid question but an advanced routing question. HEY, henrik is right. Pls see below URL http://www.linuxquestions.org/linux/answers/Networking/Spanning_Multiple_DSLs -- Thank you Indunil Jayasooriya _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum
[squid-users] Re:Re:Re How to setup two ADSL line on a single linux box?
Hi Indunil ok, but (not shure) you have only one ADSL Line right? I think the solution is ment for backup porpouses, which means: if the main ADSL Line fails all traffic will be routed to the ISDN Backup Line In Switzerland the ADSL System is normally built like this: ENDUSER has a ADSL Router/Modem -- calls via DSLAM Port on the POP of the telefony carrier (Swisscom) -- and if all is ok, the traffic will be routed to the Endpoint Normally (as far as i know) swisscom uses Concentrators after the DSLAM Ports on the telefone centrals, to put some groups of users (Districts) together to one paket and then routes the hole stuff to the Internet. And also an ADSL Line (Signal) will be bound to one telefon number, which means, you can have only one signal on one telefone wire (dosen't matter if you have analogue oder ISDN Connection) regards E.Altherr Yes, just set up a load-balanced default route in your OS, and policy routing to route already connected traffic out via the correct ISP. This is not really a Squid question but an advanced routing question. HEY, henrik is right. Pls see below URL http://www.linuxquestions.org/linux/answers/Networking/Spanning_Mu ltiple_DSLs -- Thank you Indunil Jayasooriya _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum
[squid-users] Re:[squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
Note this remark What this will not do: This type of spanning will not aggregate bandwidth for a single user. By this I mean that if you have two 5 meg DSLs you won't magically have a single 10 meg connection. This is because it routes destination IPs via one of the two ISP connections, so if you're downloading a single file from freshmeat.com all requests for freshmeat.com will go in and out one of the two interfaces (until the kernel's routing cache expires). It will not try to open two connections to the IP using both lines at the same time. as i described below: it's not possible (at the moment) to open 2 ADSL Ports on the same telefony wire... so if you have 2 5 MB Lines you will have still 2 5MB Lines after implementing this solution more not) If the Line is open (on the DSLAM which is managed by the telefony carrier, you have normally one port configured for ADSL) So its a illusion to think, that you can do this regards E.Altherr Hi Indunil ok, but (not shure) you have only one ADSL Line right? I think the solution is ment for backup porpouses, which means: if the main ADSL Line fails all traffic will be routed to the ISDN Backup Line In Switzerland the ADSL System is normally built like this: ENDUSER has a ADSL Router/Modem -- calls via DSLAM Port on the POP of the telefony carrier (Swisscom) -- and if all is ok, the traffic will be routed to the Endpoint Normally (as far as i know) swisscom uses Concentrators after the DSLAM Ports on the telefone centrals, to put some groups of users (Districts) together to one paket and then routes the hole stuff to the Internet. And also an ADSL Line (Signal) will be bound to one telefon number, which means, you can have only one signal on one telefone wire (dosen't matter if you have analogue oder ISDN Connection) regards E.Altherr Yes, just set up a load-balanced default route in your OS, and policy routing to route already connected traffic out via the correct ISP. This is not really a Squid question but an advanced routing question. HEY, henrik is right. Pls see below URL http://www.linuxquestions.org/linux/answers/Networking/Spanning_Multiple_DSLs -- Thank you Indunil Jayasooriya _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum
Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
ok, but (not shure) you have only one ADSL Line right? YES I did loadbalance when one connection was Leasedline and the other was ADSL. -- Thank you Indunil Jayasooriya
[squid-users] Stable Status for squid 2.6 (Windows Version)
Hi all, I saw in a heise newsticker the note, that the windows version of squid is not for production use Is this for suid Windows-Version 2.6 actually correct?
Re: [squid-users] accel-mode with round-robin and parent proxy
Oh, my problem is solved because there were no. It worked fine all the time. I didn´t think at the cache of the parent proxy, so I saw always the same site because it came out of this cache. Sorry for the time-stealing. Greetings. Henrik Nordström schrieb: ons 2007-09-12 klockan 01:28 +0200 skrev Stefan S.: Hallo, I use Squid pre3 (on SuSE 9.3) in accel mode with the config: http_port EXTERNAL_IP:80 accel defaultsite=MY_DOMAIN.TLD cache_peer IP-ADRESS1 parent 80 0 no-query originserver round-robin cache_peer IP-ADRESS2 parent 80 0 no-query originserver round-robin which works really good. Now I added a parent proxy through which squid should connect to the backend servers. I did this by adding: cache_peerlocalhost parent8118 0 default no-query no-digest I don't quite get what you want to accomplish. How do you want your Squid to use the now three peers? address1, address2, localhost The proxy works, but seems to disable the round-robin, because only the cache_peer IP-ADRESS1 parent 80 0 no-query originserver round-robin server works with the parent proxy. What peering relations do your parent have? When a request is forwarded it's up to the next hop to decide what happens next.. Regards Henrik
Re: [squid-users] Stable Status for squid 2.6 (Windows Version)
ons 2007-09-12 klockan 13:56 +0200 skrev Thomas Batzill: Hi all, I saw in a heise newsticker the note, that the windows version of squid is not for production use Is this for suid Windows-Version 2.6 actually correct? No idea where they found that.. http://www.acmeconsulting.it/SquidNT/ Production release: Squid 2.6 for Windows but maybe they got confused by the SSL builds found on the download page next to the normal release (SSL means https_port support). Those are still experimental on Windows, but only those... Regards Henrik
[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
Hm, but with my method described it won't work so... If you have 2 ADSL Lines (let's say 5 MBit each ) ) after load balacing the bandwidth woud be the same. the only goal is failover for the lines more not. Much ADSL Carriers (like Swisscom in Switzerland) limit the bandwith so you can't go over the limit, or ADSL won't work For this case VDSL is (on my oppion) the better solution, the only requirement for VDSL is a new Router/Modem on the client side, which can handle the higher speed level and of course for VDSL the wires must be excellent quality with no distortion, or otherwise VDSL won't work On Wed, 12 Sep 2007 11:34:52 +0200 (MEST) [EMAIL PROTECTED] wrote: as i described below: it's not possible (at the moment) to open 2 ADSL Ports on the same telefony wire... so if you have 2 5 MB Lines you will have still 2 5MB Lines after implementing this solution more not) If the Line is open (on the DSLAM which is managed by the telefony carrier, you have normally one port configured for ADSL) So its a illusion to think, that you can do this The OP did refer to two adsl lines. However there is not all that much redundancy in this scheme, since a lot of faults will takeout both lines . You can increase it if there are multiple companies with their own dsl equipment in the exchange. Some people use cable+adsl for this kind of thing. I guess the idea here though is just to improve bandwidth. _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum
[squid-users] Re:[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
Sorry wrong, you're right, but works only with two different lines (ADSL and Cable p.a) but not with ADSL,cause this tecnology is a sinlge line solution in my earlier posts there was a statement about channel bundeling for ADSL (linke ISDN) and this woud increase the bandwith disscused in germany http://www.gatworks.de/ADSL_Kanalbuendelung.191.0.html (sorry only german) regards E.Altherr Not shure, if it works so, will say: if you have two lines and do alternate routing on both lines (any experinces by other users??) Hm, but with my method described it won't work so... If you have 2 ADSL Lines (let's say 5 MBit each ) ) after load balacing the bandwidth woud be the same. the only goal is failover for the lines more not. Much ADSL Carriers (like Swisscom in Switzerland) limit the bandwith so you can't go over the limit, or ADSL won't work For this case VDSL is (on my oppion) the better solution, the only requirement for VDSL is a new Router/Modem on the client side, which can handle the higher speed level and of course for VDSL the wires must be excellent quality with no distortion, or otherwise VDSL won't work On Wed, 12 Sep 2007 11:34:52 +0200 (MEST) [EMAIL PROTECTED] wrote: as i described below: it's not possible (at the moment) to open 2 ADSL Ports on the same telefony wire... so if you have 2 5 MB Lines you will have still 2 5MB Lines after implementing this solution more not) If the Line is open (on the DSLAM which is managed by the telefony carrier, you have normally one port configured for ADSL) So its a illusion to think, that you can do this The OP did refer to two adsl lines. However there is not all that much redundancy in this scheme, since a lot of faults will takeout both lines . You can increase it if there are multiple companies with their own dsl equipment in the exchange. Some people use cable+adsl for this kind of thing. I guess the idea here though is just to improve bandwidth. _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum
[squid-users] Re:[squid-users] Re:[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
Something to remeber: Most Providers do traffic shaping, which means, more than the limit isn't possible and the rest will be cutted! in the past i had a ADSL and Cable Line and for testing porpouses i tried load balancing, but the speed was'nt doubled (5 MB + 5MB), i reached a maximum of 7 MBits instead of 10MBits Reason: Cable is a star topology network and therefore if much users are online there on the same headend the speed will be dramatically reduced, while this doesn't affect ADSL (which is normally separated) However: after changing completely to Cable 10Mbit everything worked fine and my ADSL was obsolete. regards E.Altherr Sorry wrong, you're right, but works only with two different lines (ADSL and Cable p.a) but not with ADSL,cause this tecnology is a sinlge line solution in my earlier posts there was a statement about channel bundeling for ADSL (linke ISDN) and this woud increase the bandwith disscused in germany http://www.gatworks.de/ADSL_Kanalbuendelung.191.0.html (sorry only german) regards E.Altherr Not shure, if it works so, will say: if you have two lines and do alternate routing on both lines (any experinces by other users??) Hm, but with my method described it won't work so... If you have 2 ADSL Lines (let's say 5 MBit each ) ) after load balacing the bandwidth woud be the same. the only goal is failover for the lines more not. Much ADSL Carriers (like Swisscom in Switzerland) limit the bandwith so you can't go over the limit, or ADSL won't work For this case VDSL is (on my oppion) the better solution, the only requirement for VDSL is a new Router/Modem on the client side, which can handle the higher speed level and of course for VDSL the wires must be excellent quality with no distortion, or otherwise VDSL won't work On Wed, 12 Sep 2007 11:34:52 +0200 (MEST) [EMAIL PROTECTED] wrote: as i described below: it's not possible (at the moment) to open 2 ADSL Ports on the same telefony wire... so if you have 2 5 MB Lines you will have still 2 5MB Lines after implementing this solution more not) If the Line is open (on the DSLAM which is managed by the telefony carrier, you have normally one port configured for ADSL) So its a illusion to think, that you can do this The OP did refer to two adsl lines. However there is not all that much redundancy in this scheme, since a lot of faults will takeout both lines . You can increase it if there are multiple companies with their own dsl equipment in the exchange. Some people use cable+adsl for this kind of thing. I guess the idea here though is just to improve bandwidth. _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum
RE: [squid-users] Re:[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
QSC (German provider) is offering channel bundeling for ADSL too. We're using 2*2MBit SDSL (QSC can not offer more than 2MBit for one line at our Location). The Customer does not notice the two separate lines. QSC provides us with a Cisco Router which manages the channel bundeling. With best regards, ITSM - Gesellschaft für Informationstechnologie und Services Meiß mbH Marco Hahnen [EMAIL PROTECTED] +49 (0) 2173 / 10 64 8-79 (Phone) +49 (0) 2173 / 10 64 8-48 (Fax) 0800 / 800 4357 (Hotline) Postanschrift: ITSM GmbH Heinrich-von-Stephan-Str. 9 40764 Langenfeld http://www.itsm.de http://www.profree.de Eingetragen beim Amtsgericht Düsseldorf (HRB 46382) - Geschäftsführer Norbert Meiß und Beate Meiß __ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 12. September 2007 15:07 To: squid-users@squid-cache.org Subject: [squid-users] Re:[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box? Sorry wrong, you're right, but works only with two different lines (ADSL and Cable p.a) but not with ADSL,cause this tecnology is a sinlge line solution in my earlier posts there was a statement about channel bundeling for ADSL (linke ISDN) and this woud increase the bandwith disscused in germany http://www.gatworks.de/ADSL_Kanalbuendelung.191.0.html (sorry only german) regards E.Altherr Not shure, if it works so, will say: if you have two lines and do alternate routing on both lines (any experinces by other users??) Hm, but with my method described it won't work so... If you have 2 ADSL Lines (let's say 5 MBit each ) ) after load balacing the bandwidth woud be the same. the only goal is failover for the lines more not. Much ADSL Carriers (like Swisscom in Switzerland) limit the bandwith so you can't go over the limit, or ADSL won't work For this case VDSL is (on my oppion) the better solution, the only requirement for VDSL is a new Router/Modem on the client side, which can handle the higher speed level and of course for VDSL the wires must be excellent quality with no distortion, or otherwise VDSL won't work On Wed, 12 Sep 2007 11:34:52 +0200 (MEST) [EMAIL PROTECTED] wrote: as i described below: it's not possible (at the moment) to open 2 ADSL Ports on the same telefony wire... so if you have 2 5 MB Lines you will have still 2 5MB Lines after implementing this solution more not) If the Line is open (on the DSLAM which is managed by the telefony carrier, you have normally one port configured for ADSL) So its a illusion to think, that you can do this The OP did refer to two adsl lines. However there is not all that much redundancy in this scheme, since a lot of faults will takeout both lines . You can increase it if there are multiple companies with their own dsl equipment in the exchange. Some people use cable+adsl for this kind of thing. I guess the idea here though is just to improve bandwidth. _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum
RE: [squid-users] Re:[squid-users] Re:[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
Again, in Germany most (probably all) Cable Providers build up their networks so that those bottlenecks are not occurring. At home I am using ISH (UnityMedia) 6MBit and I never noticed that the speed dramatically reduced. Even in peak hours the speed was always great. I know many other people which are using cable too and they never noticed those bottlenecks. Mit freundlichen Grüßen ITSM - Gesellschaft für Informationstechnologie und Services Meiß mbH Marco Hahnen [EMAIL PROTECTED] +49 (0) 2173 / 10 64 8-79 (Phone) +49 (0) 2173 / 10 64 8-48 (Fax) 0800 / 800 4357 (Hotline) Postanschrift: ITSM GmbH Heinrich-von-Stephan-Str. 9 40764 Langenfeld http://www.itsm.de http://www.profree.de Eingetragen beim Amtsgericht Düsseldorf (HRB 46382) - Geschäftsführer Norbert Meiß und Beate Meiß __ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 12. September 2007 15:20 To: squid-users@squid-cache.org Subject: [squid-users] Re:[squid-users] Re:[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box? Something to remeber: Most Providers do traffic shaping, which means, more than the limit isn't possible and the rest will be cutted! in the past i had a ADSL and Cable Line and for testing porpouses i tried load balancing, but the speed was'nt doubled (5 MB + 5MB), i reached a maximum of 7 MBits instead of 10MBits Reason: Cable is a star topology network and therefore if much users are online there on the same headend the speed will be dramatically reduced, while this doesn't affect ADSL (which is normally separated) However: after changing completely to Cable 10Mbit everything worked fine and my ADSL was obsolete. regards E.Altherr Sorry wrong, you're right, but works only with two different lines (ADSL and Cable p.a) but not with ADSL,cause this tecnology is a sinlge line solution in my earlier posts there was a statement about channel bundeling for ADSL (linke ISDN) and this woud increase the bandwith disscused in germany http://www.gatworks.de/ADSL_Kanalbuendelung.191.0.html (sorry only german) regards E.Altherr Not shure, if it works so, will say: if you have two lines and do alternate routing on both lines (any experinces by other users??) Hm, but with my method described it won't work so... If you have 2 ADSL Lines (let's say 5 MBit each ) ) after load balacing the bandwidth woud be the same. the only goal is failover for the lines more not. Much ADSL Carriers (like Swisscom in Switzerland) limit the bandwith so you can't go over the limit, or ADSL won't work For this case VDSL is (on my oppion) the better solution, the only requirement for VDSL is a new Router/Modem on the client side, which can handle the higher speed level and of course for VDSL the wires must be excellent quality with no distortion, or otherwise VDSL won't work On Wed, 12 Sep 2007 11:34:52 +0200 (MEST) [EMAIL PROTECTED] wrote: as i described below: it's not possible (at the moment) to open 2 ADSL Ports on the same telefony wire... so if you have 2 5 MB Lines you will have still 2 5MB Lines after implementing this solution more not) If the Line is open (on the DSLAM which is managed by the telefony carrier, you have normally one port configured for ADSL) So its a illusion to think, that you can do this The OP did refer to two adsl lines. However there is not all that much redundancy in this scheme, since a lot of faults will takeout both lines . You can increase it if there are multiple companies with their own dsl equipment in the exchange. Some people use cable+adsl for this kind of thing. I guess the idea here though is just to improve bandwidth. _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum _ NEU: Ihre Photos online verwalten, mit anderen teilen und die besten Bilder gleich entwickeln lassen - GRATIS für den 1. Monat (exkl. Entwicklung) www.sunrise.ch/photoalbum _ NEU: Ihre
Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
On Wed, 12 Sep 2007 14:50:17 +0200 (MEST) [EMAIL PROTECTED] wrote: Hm, but with my method described it won't work so... If you have 2 ADSL Lines (let's say 5 MBit each ) ) after load balacing the bandwidth woud be the same. the only goal is failover for the lines more not. Much ADSL Carriers (like Swisscom in Switzerland) limit the bandwith so you can't go over the limit, or ADSL won't work That a special case where the a single dsl line can saturate its backhaul, I wouldn't have thought that was very common.
[squid-users] Logging of full urls possible?
Hi squiddies, I sat up a test installation with a Squid as reverse proxy to speed up one of our servers. The Squid works fine so far with very fast response times. (We needed it to ignore cache/expire infos from the origin server as we know exactly when data changes on it. So in the squid delivers documents without checking for if-modified-since.) The one thing I haven't yet figured is to have the Squid log the entire URL processed, not only the part left to the question mark. There's the log entries (additional linewrap at the backslash inserted by the mail client): [12/Sep/2007:16:37:50 +0200] TCP_MISS:FIRST_UP_PARENT \ GET http://192.168.35.167/search? 1.1 200 10928 [12/Sep/2007:16:37:50 +0200] TCP_MEM_HIT:NONE \ GET http://192.168.35.167/search? 1.1 200 8578 After the question mark are some GET arguments in the actual URL that squid doesn't log. I need the fulll URL for statistical reasons. Yet I didn't find any config directive to achieve this. Did I oversee something? Squid Version is 2.6.STABLE13, compiled from source, running on a Dual Xeon (Mac Pro) under OpenSuSE 1.2 64Bit. Here is my squid.conf: cache_effective_user squid cache_effective_group nogroup acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 80 http_access deny !Safe_ports http_access allow localhost http_reply_access allow all http_port 800 accel defaultsite=192.168.35.167 cache_peer 192.168.35.167 parent 8000 0 no-query originserver http_access allow all cache_mem 1024 MB cache_dir ufs /usr/local/squid/var/cache/ 10240 16 256 maximum_object_size_in_memory 1024 KB refresh_pattern ^http: 600 80% 900 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private minimum_expiry_time 600 seconds logformat mine [%tl] %Ss:%Sh %rm %ru %rv %Hs %st access_log /usr/local/squid/var/logs/access.log mine cache_log /usr/local/squid/var/logs/cache.log cache_store_log /usr/local/squid/var/logs/store.log Any hints greatly appreciated.
Re: [squid-users] Logging of full urls possible?
Hi Dirk, You should be able to add the following line into your configuration file to stop Squid from removing everything after the question mark: strip_query_terms off Regards, John Treen Dirk Taggesell wrote: Hi squiddies, I sat up a test installation with a Squid as reverse proxy to speed up one of our servers. The Squid works fine so far with very fast response times. (We needed it to ignore cache/expire infos from the origin server as we know exactly when data changes on it. So in the squid delivers documents without checking for if-modified-since.) The one thing I haven't yet figured is to have the Squid log the entire URL processed, not only the part left to the question mark. There's the log entries (additional linewrap at the backslash inserted by the mail client): [12/Sep/2007:16:37:50 +0200] TCP_MISS:FIRST_UP_PARENT \ GET http://192.168.35.167/search? 1.1 200 10928 [12/Sep/2007:16:37:50 +0200] TCP_MEM_HIT:NONE \ GET http://192.168.35.167/search? 1.1 200 8578 After the question mark are some GET arguments in the actual URL that squid doesn't log. I need the fulll URL for statistical reasons. Yet I didn't find any config directive to achieve this. Did I oversee something? Squid Version is 2.6.STABLE13, compiled from source, running on a Dual Xeon (Mac Pro) under OpenSuSE 1.2 64Bit. Here is my squid.conf: cache_effective_user squid cache_effective_group nogroup acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 80 http_access deny !Safe_ports http_access allow localhost http_reply_access allow all http_port 800 accel defaultsite=192.168.35.167 cache_peer 192.168.35.167 parent 8000 0 no-query originserver http_access allow all cache_mem 1024 MB cache_dir ufs /usr/local/squid/var/cache/ 10240 16 256 maximum_object_size_in_memory 1024 KB refresh_pattern ^http: 600 80% 900 override-expire override-lastmod ignore-reload ignore-no-cache ignore-private minimum_expiry_time 600 seconds logformat mine [%tl] %Ss:%Sh %rm %ru %rv %Hs %st access_log /usr/local/squid/var/logs/access.log mine cache_log /usr/local/squid/var/logs/cache.log cache_store_log /usr/local/squid/var/logs/store.log Any hints greatly appreciated.
[squid-users] ntlm_auth prompts for username when accessing blocked sites.
Hi all, I've searched through the archives and the internet but as of yet I have been unable to find a solution. One or two topics that refer to the problem but no solution as of yet. So if it has been posted before I do apologise. I am running ubuntu 6.06 LAMP server and have installed squid 2.5 stable12 with winbind and samba 3.0.22 authenticating against AD. I am not sure which version of winbind I am using but it must be one of the latest stable releases available in the repositories. Authentication works fine without any problems, the problem I have is that when an user accesses a site we've blocked it prompts them for a username and password. As far as I know it is ntlm_auth because there is no prompt for domain just username and password. The cache.log doesn't quite tell me anything nor do any of the other logs. I have a very busy syslog so I need to grep the info I need, but don't know what to search for. If I grep winbind I do get the following: Sep 12 09:39:01 helsinki winbindd[4013]: [2007/09/12 09:39:01, 0] lib/util_sid.c:string_to_sid(285) Sep 12 09:39:01 helsinki winbindd[4013]: string_to_sid: Sid S-0-0 is not in a valid format. I can use wbinfo to querry the domain for just about everything the trust succeeds, I can get the gids for a user. I can lookup domain users and domain groups. Wbinfo_group.pl when queried returns with OK as does ntlm_auth -protocol-helper=squid-2.5-basic. I googled it but it seems that samba used to in the past ignore these messages but now it forwards it through to syslog. I do not really know what to look for in the logs for this problem permissions on winbindd_privileged are set (and I think correctly because otherwise it would just not authenticate) The users are still denied from accessing the website but it prompts them each time. And whenever they are on google's image website it creates massive complaints when there are some images referenced to a denied site and then the prompt just keeps appearing. This probably shouldn't have any bearing on the problem, but I'll mention it anyway. I have also installed nagios 3.0b along with apache2. Though I think they should work nicely together. Any help is greatly appreciated. Here are my squid.conf details auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp #auth_param ntlm children 5 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes #auth_param ntlm children 80 auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 1 auth_param ntlm max_challenge_lifetime 5 minutes auth_param ntlm use_ntlm_negotiate on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 50 auth_param basic realm DAV-webcache proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off ### exampl #auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp #auth_param ntlm children 5 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 20 minutes #auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic #auth_param basic children 5 #auth_param basic realm Squid proxy-caching web server #auth_param basic credentialsttl 2 hours ## ACL for ADS user #external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group ##external_acl_type NT_global_group children=10 ttl=900 %LOGIN /usr/lib/squid/wbinfo_group.pl external_acl_type NT_global_group children=30 ttl=2700 %LOGIN /usr/lib/squid/wbinfo_group.pl acl ProxyUsers external NT_global_group WebAccessAllowed acl AuthorizedUsers proxy_auth REQUIRED acl TrustedUsers proxy_auth REQUIRED acl UnrestrictedUsers external NT_global_group WebAll acl RestrictedUsers external NT_global_group WebMoreAccess acl NewUsers external NT_global_group BlockedCareerSites ##Access control lists must be entered here http_access deny blocked_sites_1 RestrictedUsers http_access deny blocked_sites ProxyUsers http_access deny blocked_career_sites NewUsers http_access allow AuthorizedUsers ProxyUsers http_access allow TrustedUsers RestrictedUsers http_access allow UnrestrictedUsers http_access allow NewUsers #http_access allow dav_net #miss_access allow all #always_direct deny all #never_direct allow all # And finally deny all other access to this proxy http_access deny all Thanks Marcel
Re: [squid-users] ntlm_auth prompts for username when accessing blocked sites.
ons 2007-09-12 klockan 17:21 +0200 skrev Marcel Young: Authentication works fine without any problems, the problem I have is that when an user accesses a site we've blocked it prompts them for a username and password. As far as I know it is ntlm_auth because there is no prompt for domain just username and password. This depends on the last acl on the http_access line denying access http_access deny someacl authenticationrelatedacl will ask for new credentials, allowing the user to retry with another account, while http_access deny authenticatedacl otheracl will not, immediately denying access. In both cases the Access denied message text is sent to the user, shown if the user cancels the authentication request. Regards Henrik
Re: [squid-users] Re:[squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
On 9/12/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: it's not possible (at the moment) to open 2 ADSL Ports on the same telefony wire... Agreed. However, with two dry loops or live lines (or more) it is possible to bond the circuits together for aggregate bandwidth. That being said, the sum is not simply the bandwidth of each link * number of links. There is some bandwidth lost to the overhead of the bonding. FWIW, here is an isp in UK which does just this: http://www.upstreaminter.net/ But this is really straying from the topic of squid ;-) Chris
Re: [squid-users] Logging of full urls possible?
John Treen wrote: Hi Dirk, You should be able to add the following line into your configuration file to stop Squid from removing everything after the question mark: strip_query_terms off Many thanks, that did it :)
Re: [squid-users] problem with win2k
Hi, At 10.19 12/09/2007, Israel Torres wrote: I use the Win port of squid in Windows 2000. When I start the service it works perfectly for 10 url's but later the service quit, I use Windows 2000 and a 7Gb Cache file it's too much?? This is the win log: Thanks a lot, 2007/09/11 17:05:08| comm_select: select failure: (10055) WSAENOBUFS, No buffer space available. 2007/09/11 17:05:08| Select loop Error. Retry 1 This seems to be a memory problem. How much RAM on your system, and how many used Kernel Memory ? (See Task manager counters) Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] Trying to make upload control possible...
Hi folks... we are working to bring this idea to the reality... but for the moment don´t work... We compile TUN/TAP and now we can create full virtual interfaces in brazilfw... (a little distro for Mini-ISP) But we cant join the same tap to 2 differents bridge... so we cant join virtual bridges... Our objetive is control upload of squid making another instance of control, with another virtual ethernet device Actually we can do the job with 4 or 6 nics cards... but they are too many... We need virtualization, tap is the first step... the we need to simulate a crossover cable... here is the graph: http://www.brazilfw.com.br/users/nachazo/imagenes/virtual%20bridge.jpg we have tap and 2 nics and bridge suport but we dont find nothing that can simulate a croos cable between tap interfaces... any ideas? I know, this is not a squid soluttion, but this can be an idea to make squid upload control possible!! Thanks in advance and best regards. Emiliano Vazquez. If you don´t understand my point or if you think this is crazy or and old question let me know!
AW: [squid-users] Re:[squid-users] Re:[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
Lucky you are Well here in Switzerland the Cable Network is built by Cablecom, and there network is often very lousy quality and slow -- especially while the rush hours sometimes the effective rate (i have a 10MBit Abo) is going to 5 MBit or even less and downloads and gameservers p.a. will be timed out *** very angry *** -- in my oppion the main problem with the cablecom network resulted in Takeovers of other Telco's in the past. Traceroute are going directly to aorta.net(the main firm which holds Cablecom) and so they are spreded around the Inet over transits outside switzerland and the other stuff is, that CC packed all other medias, like Digital TV and Digital Phone on the same backbone which clearly results in a bottleneck But Cablecom has promised to upgrade their network as soon as possible (only god knows, when exactly) anyway: -Ursprüngliche Nachricht- Von: Marco Hahnen - ITSM [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. September 2007 15:37 An: squid-users@squid-cache.org Betreff: RE: [squid-users] Re:[squid-users] Re:[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box? Again, in Germany most (probably all) Cable Providers build up their networks so that those bottlenecks are not occurring. At home I am using ISH (UnityMedia) 6MBit and I never noticed that the speed dramatically reduced. Even in peak hours the speed was always great. I know many other people which are using cable too and they never noticed those bottlenecks. Mit freundlichen Grüßen ITSM - Gesellschaft für Informationstechnologie und Services Meiß mbH Marco Hahnen [EMAIL PROTECTED] +49 (0) 2173 / 10 64 8-79 (Phone) +49 (0) 2173 / 10 64 8-48 (Fax) 0800 / 800 4357 (Hotline) Postanschrift: ITSM GmbH Heinrich-von-Stephan-Str. 9 40764 Langenfeld http://www.itsm.de http://www.profree.de Eingetragen beim Amtsgericht Düsseldorf (HRB 46382) - Geschäftsführer Norbert Meiß und Beate Meiß __ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 12. September 2007 15:20 To: squid-users@squid-cache.org Subject: [squid-users] Re:[squid-users] Re:[squid-users] Re:Re: [squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box? Something to remeber: Most Providers do traffic shaping, which means, more than the limit isn't possible and the rest will be cutted! in the past i had a ADSL and Cable Line and for testing porpouses i tried load balancing, but the speed was'nt doubled (5 MB + 5MB), i reached a maximum of 7 MBits instead of 10MBits Reason: Cable is a star topology network and therefore if much users are online there on the same headend the speed will be dramatically reduced, while this doesn't affect ADSL (which is normally separated) However: after changing completely to Cable 10Mbit everything worked fine and my ADSL was obsolete. regards E.Altherr Sorry wrong, you're right, but works only with two different lines (ADSL and Cable p.a) but not with ADSL,cause this tecnology is a sinlge line solution in my earlier posts there was a statement about channel bundeling for ADSL (linke ISDN) and this woud increase the bandwith disscused in germany http://www.gatworks.de/ADSL_Kanalbuendelung.191.0.html (sorry only german) regards E.Altherr Not shure, if it works so, will say: if you have two lines and do alternate routing on both lines (any experinces by other users??) Hm, but with my method described it won't work so... If you have 2 ADSL Lines (let's say 5 MBit each ) ) after load balacing the bandwidth woud be the same. the only goal is failover for the lines more not. Much ADSL Carriers (like Swisscom in Switzerland) limit the bandwith so you can't go over the limit, or ADSL won't work For this case VDSL is (on my oppion) the better solution, the only requirement for VDSL is a new Router/Modem on the client side, which can handle the higher speed level and of course for VDSL the wires must be excellent quality with no distortion, or otherwise VDSL won't work On Wed, 12 Sep 2007 11:34:52 +0200 (MEST) [EMAIL PROTECTED] wrote: as i described below: it's not possible (at the moment) to open 2 ADSL Ports on the same telefony wire... so if you have 2 5 MB Lines you will have still 2
AW: [squid-users] Re:[squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box?
Ok, for now i don't paste any answers, but i think it was very useful even it's posted in the squid list isn't? regards E.Altherr -Ursprüngliche Nachricht- Von: Chris Nighswonger [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. September 2007 17:52 An: [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Betreff: Re: [squid-users] Re:[squid-users] Re:Re: [squid-users] How to setup two ADSL line on a single linux box? On 9/12/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: it's not possible (at the moment) to open 2 ADSL Ports on the same telefony wire... Agreed. However, with two dry loops or live lines (or more) it is possible to bond the circuits together for aggregate bandwidth. That being said, the sum is not simply the bandwidth of each link * number of links. There is some bandwidth lost to the overhead of the bonding. FWIW, here is an isp in UK which does just this: http://www.upstreaminter.net/ But this is really straying from the topic of squid ;-) Chris
Re: [squid-users] Client-Side Certificates at the Directory Level?
I am utilizing Squid 2.6-13 in a reverse-proxy configuration. I have an application on a web server that requires client side certificates that is fronted by the Squid proxy. One of the properties of a client-side certificate is the serial number. Question #1 Even if I installed the client-certificate's CA on the Squid proxy for it to validate the certificate, there is no way for Squid to then pass on the request to the back-end web server with the client-side certificate. In essence, the certificate presented by the client to Squid is lost in translation as the back-end web server never sees it because Squid makes its own connection on behalf of the initial request but WITHOUT the client-certificate. Correct? Question #2 In a reverse-proxy set-up, the requests sent to the back-end web server fronted by the Squid proxy will ALWAYS appear with the source IP of the Squid proxy server, NOT the client IP. Correct? Is there no way to change this so it appears to come from the client's IP rather than Squid. I appreciate the assistance. Thanks! --- Henrik Nordström [EMAIL PROTECTED] wrote: mån 2007-09-10 klockan 10:13 -0700 skrev [EMAIL PROTECTED]: In a Squid reverse proxy configurations, in order to use client certificates, the respective CA signer of the client-side certificates must be installed on the Squid server (not the web server) level so the end-user get challenged to present a client-side certificate by Squid instead of by the web server. Correct? Correct. Can Squid be configured to define client-side certificate requirements at the DIRECTORY level (like the aforementioned /ClientCertRequred/) or does the requirements have to be set based on the web site as a whole (i.e. www.whatever.com)? Currently it's per https_port only. Renegotiation of the SSL connection by ACL requirements is not yet supported. Regards Henrik
[squid-users] squid, NTLM and dansguardian
At the moment I have squid setup to use NTLM authentication transparently, and control access to the internet based on active directory group membership. What I'd like to do now is have all traffic that doesn't originate from the localhost to go parent cache which is dansguardian on same machine. DG then of course redirects traffic back to squid which allows the traffic coming from localhost through to the net. So: Squid (NTLM auth) - DG - Squid - Internet. What I don't understand is how to mix the http_access rules I'm currently wanting to use, with DG, since from what I can understand, the http_access is ignored as the traffic isn't actually going through, but rather be redirected to the parent proxy? Can I simply replace my http_access rules with cache_peer_access? Squid.conf snippets. http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 5 hours external_acl_type wb_group ttl=60 %LOGIN /usr/lib/squid/wbinfo_group.pl acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 cache_peer 127.0.0.1 parent 8080 3130 cache_peer_access 127.0.0.1 deny localhost always_direct allow localhost acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 443 563 # https acl FTP_ports port 21 # ftp acl Java_ports port 1026 acl Mail_ports port 25 110 # pop3, smtp acl adminpcs src /etc/squid/adminpcs.txt acl staff external wb_group Staff acl nonet external wb_group NoInternet acl students external wb_group wcstudents acl alllabs src /etc/squid/alllabs.txt acl firewall dst 192.168.0.9 acl enabledlabs src /etc/squid/enabledlabs.txt acl purge method PURGE acl CONNECT method CONNECT acl auth proxy_auth REQUIRED http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny nonet http_access allow admins FTP_ports http_access allow adminpcs all http_access allow Java_ports http_access allow staff Mail_ports http_access allow students Safe_ports enabledlabs !firewall http_access allow staff Safe_ports http_access deny all http_reply_access allow all icp_access allow all