Re: [squid-users] TOS with ipfw
On Mon, 4 Oct 2010 17:00:05 -0300, Robert Pipca wrote: > Hi, > > Do any of you guys know if I can use zph_mode tos, and have ipfw use > it in order to apply a QoS policy? > > In order words: How can I use ipfw to have a different (higher) speed > based on the TOS value? Yes Squid can set the TOS, it's just a syscall and packets like any other. Configuring the ipfw to use the TOS packet fields is the real Q and something you had best ask of ipfw help people. Amos
Re: [squid-users] Squid + IPFW on Mac OS X
On Oct 4, 2010, at 3:34 PM, Haravikk wrote: > Been bashing my brains out on this one for ages, but I'm going to have to > admit defeat, as network stuff really isn't my thing. > > Basically, I'm installing Squid on my local machine, and want it to handle > outgoing requests to a particular port, unfortunately the app in question > (Second Life) does not support OS defined proxy servers, so I'm forced to try > and redirect it. The only solution really is ipfw I think, I've already > corrected for the weird OS X.6 issue with ipfw forwarding which now works as > it should. > > I've compiled Squid3 with the ipfw transparent support that is required to > use the intercept option. > > Configuration sets up Squid3 to listen on port 3128, and also to intercept on > port 3178. This appears to work correctly. > > So now all I need is to set up an IPFW rule to direct traffic to 3178, and > I've done the following: > > 100 fwd 127.0.0.1,3178 from any to any dst-port 12046 > > However this seems to generate a loop whereby traffic from Second Life is > routed to localhost:3178, but traffic from squid is also routed to the same > address (itself!) > > I'm completely stumped on how I go about telling ipfw to only redirect > messages from Second Life to port 12046, and allow requests from squid so > that it can actually do its thing. > > Any help is greatly appreciated! I've bounced around various articles in > Google to little avail, either I just don't understand what the solutions > have been, or none of them are working for some reason because I'm missing a > step somewhere. > > Thanks! > Haravikk here is a sample of my ipfw script i run. if you would like to see the full blown version i can message off list. #!/bin/sh #Quietly flush out rules /sbin/ipfw -q zero /sbin/ipfw -q -f flush #Set command prefix (add "-q" option after development to turn on quiet mode) cmd="/sbin/ipfw -q add" $cmd 507 fwd 10.0.2.3,3128 tcp from 10.149.0.0/16 to any dst-port 80 in recv en1 $cmd 508 fwd 10.0.2.3,3128 tcp from 10.150.0.0/16 to any dst-port 80 in recv en1 $cmd 509 fwd 10.0.2.3,3128 tcp from 10.151.0.0/16 to any dst-port 80 in recv en1 $cmd 510 fwd 10.0.2.3,3128 tcp from 10.152.0.0/16 to any dst-port 80 in recv en1 $cmd 511 fwd 10.0.2.3,3128 tcp from 10.153.0.0/16 to any dst-port 80 in recv en1 $cmd 512 fwd 10.0.2.3,3128 tcp from 10.142.0.0/16 to any dst-port 80 in recv en1 $cmd 513 fwd 10.0.2.3,3128 tcp from 10.140.0.0/16 to any dst-port 80 in recv en1 $cmd 514 fwd 10.0.2.3,3128 tcp from 10.104.0.0/16 to any dst-port 80 in recv en1 these are just network redirects to squid. -j osx H00t
Re: [squid-users] Re: Can't increase SQUID 3.0.25 File Descriptors
On Mon, 4 Oct 2010 20:25:22 +0300, Sergiu Tatar wrote: >> Hello... i use Squid 3.0.25 and i have a problem: i can't increase >> file descriptors. I have been installed with 'ulimit -HSn 8192' but >> it's starting with 1024 fd. The 'max_filedesc' is not recongnized on >> squid.conf ... in /etc/init.d/squid i have been put the line >> 'ulimit -HSn 8192' ...but it's starting with 8192 fd. 3.0 also needs to be built with the higher FD limit set before ./configure. --with-filedescriptors was supposed to evade that need, but seems not to work on all systems. >> >> I tried to use Squid 3.1.4 but performances are slow comparatively >> with Squid 3.0.25 3.1 is 15-20% faster in basic benchmarking. I'd recommend figuring out what the extra slowness is caused by and fixing that. The newer version will do 2x DNS lookups than before ( as well as A), and attempt to connect to IPv6 first. It's likely your connectivity is poor in one of these two protocols. >> >> OS: Mandriva 2010.0 x86_x64 >> Squid : Version 3.0.STABLE25 >> configure options: '--enable-cache-digests' '--disable-icmp' >> '--disable-delay-pools' '--enable-storeio=ufs,aufs' >> '--enable-async-io' '--enable-poll' '--disable-ident-lookups' >> '--prefix=/squid' '--enable-removal-policies=heap,lru' >> '--with-filedescriptors=8192' '--disable-snmp' >> '--enable-linux-netfilter' '--disable-internal-dns' "--disable-internal-dns" will be part of the slowness problem. It can only receive one DNS lookup at a time, blocking all requests while it waits for a response. Unless you have a very good reason to use the old helper remove this option from your build and use the internal DNS client. Amos
Re: [squid-users] Squid + IPFW on Mac OS X
On Mon, 4 Oct 2010 20:34:52 +0100, Haravikk wrote: > Been bashing my brains out on this one for ages, but I'm going to have to > admit defeat, as network stuff really isn't my thing. > > Basically, I'm installing Squid on my local machine, and want it to handle > outgoing requests to a particular port, unfortunately the app in question > (Second Life) does not support OS defined proxy servers, so I'm forced to > try and redirect it. The only solution really is ipfw I think, I've already > corrected for the weird OS X.6 issue with ipfw forwarding which now works > as it should. > > I've compiled Squid3 with the ipfw transparent support that is required to > use the intercept option. > > Configuration sets up Squid3 to listen on port 3128, and also to intercept > on port 3178. This appears to work correctly. > > So now all I need is to set up an IPFW rule to direct traffic to 3178, and > I've done the following: > > 100 fwd 127.0.0.1,3178 from any to any dst-port 12046 > > However this seems to generate a loop whereby traffic from Second Life is > routed to localhost:3178, but traffic from squid is also routed to the same > address (itself!) > > I'm completely stumped on how I go about telling ipfw to only redirect > messages from Second Life to port 12046, and allow requests from squid so > that it can actually do its thing. The "from any" is your problem. You need a rule that matches Squid by IP first and bypasses the fwd only for it. Amos
Re: [squid-users] Re: when will squid-2.7.STABLE10 be released?
On Mon, 4 Oct 2010 18:12:26 +0300, Odhiambo Washington wrote: > On Sun, Oct 3, 2010 at 11:57 PM, Amos Jeffries > wrote: > >> On Sun, 3 Oct 2010 13:04:36 -0700 (PDT), Paul Khadra >> >> wrote: >> > I will try STABLE9 and will inform you about the result. >> >> You may need the 2.7.STABLE9 snapshot bundle. There was one memory fix >> made on 2.7 since 9 came out. >> >> As for STABLE10. It will happen if Henrik thinks there have been enough >> major fixes since 9. This may or may not happen before 2.7 goes obsolete. >> > > Obsolete? :-) > A year away maybe. Which gives you an indication of how much work is being put into fixing 2.7 nowdays. > > The only reason I am using 2.7 was because of the youtube caching. Can I > get > that functionality on some 3.x version? Which one, please? I need to ditch > 2.7 asap. > It's not ported yet. This is one of the reasons 2.7 is still supported. Amos
[squid-users] TOS with ipfw
Hi, Do any of you guys know if I can use zph_mode tos, and have ipfw use it in order to apply a QoS policy? In order words: How can I use ipfw to have a different (higher) speed based on the TOS value? Thanks, - Robert
[squid-users] Squid + IPFW on Mac OS X
Been bashing my brains out on this one for ages, but I'm going to have to admit defeat, as network stuff really isn't my thing. Basically, I'm installing Squid on my local machine, and want it to handle outgoing requests to a particular port, unfortunately the app in question (Second Life) does not support OS defined proxy servers, so I'm forced to try and redirect it. The only solution really is ipfw I think, I've already corrected for the weird OS X.6 issue with ipfw forwarding which now works as it should. I've compiled Squid3 with the ipfw transparent support that is required to use the intercept option. Configuration sets up Squid3 to listen on port 3128, and also to intercept on port 3178. This appears to work correctly. So now all I need is to set up an IPFW rule to direct traffic to 3178, and I've done the following: 100 fwd 127.0.0.1,3178 from any to any dst-port 12046 However this seems to generate a loop whereby traffic from Second Life is routed to localhost:3178, but traffic from squid is also routed to the same address (itself!) I'm completely stumped on how I go about telling ipfw to only redirect messages from Second Life to port 12046, and allow requests from squid so that it can actually do its thing. Any help is greatly appreciated! I've bounced around various articles in Google to little avail, either I just don't understand what the solutions have been, or none of them are working for some reason because I'm missing a step somewhere. Thanks! Haravikk
[squid-users] Re: Can't increase SQUID 3.0.25 File Descriptors
Hello... i use Squid 3.0.25 and i have a problem: i can't increase file descriptors. I have been installed with 'ulimit -HSn 8192' but it's starting with 1024 fd. The 'max_filedesc' is not recongnized on squid.conf ... in /etc/init.d/squid i have been put the line 'ulimit -HSn 8192' ...but it's starting with 8192 fd. I tried to use Squid 3.1.4 but performances are slow comparatively with Squid 3.0.25 OS: Mandriva 2010.0 x86_x64 Squid : Version 3.0.STABLE25 configure options: '--enable-cache-digests' '--disable-icmp' '--disable-delay-pools' '--enable-storeio=ufs,aufs' '--enable-async-io' '--enable-poll' '--disable-ident-lookups' '--prefix=/squid' '--enable-removal-policies=heap,lru' '--with-filedescriptors=8192' '--disable-snmp' '--enable-linux-netfilter' '--disable-internal-dns' Please help Thanks!
[squid-users] Re: Can't increase SQUID 3.0.25 File Descriptors
> Hello... i use Squid 3.0.25 and i have a problem: i can't increase > file descriptors. I have been installed with 'ulimit -HSn 8192' but > it's starting with 1024 fd. The 'max_filedesc' is not recongnized on > squid.conf ... in /etc/init.d/squid i have been put the line > 'ulimit -HSn 8192' ...but it's starting with 8192 fd. > > I tried to use Squid 3.1.4 but performances are slow comparatively > with Squid 3.0.25 > > OS: Mandriva 2010.0 x86_x64 > Squid : Version 3.0.STABLE25 > configure options: '--enable-cache-digests' '--disable-icmp' > '--disable-delay-pools' '--enable-storeio=ufs,aufs' > '--enable-async-io' '--enable-poll' '--disable-ident-lookups' > '--prefix=/squid' '--enable-removal-policies=heap,lru' > '--with-filedescriptors=8192' '--disable-snmp' > '--enable-linux-netfilter' '--disable-internal-dns' > Please help > Thanks!
Re: [squid-users] Re: cache_dir aufs grows larger than config'ed
The code example that you sent earlier shows it clearly: there is an overflow bug. it is extremely easy to fix too. Marcus Rich Rauenzahn wrote: On Mon, Oct 4, 2010 at 2:56 AM, Matus UHLAR - fantomas wrote: On 29.09.10 17:42, Rich Rauenzahn wrote: This code strikes me as incorrect... Basically for files > 2GB, squid does the accounting wrong! It's apparently just a filesystem overhead, which varies between filesystems but may eat some % of disk space. No, it's a bug. File system overhead doesn't account for taking 2-3 times more space than what squid says it is using. See http://bugs.squid-cache.org/show_bug.cgi?id=3068 Note that sizeof(int) is 4 in both 32bit and 64bit compilation models. I believe that blks * fs.blksize overflows 32bit before it is right shifted by 10 bits. if you want to use filesizes over 2GB on 32bit system, you must make your program to be 64-bit capable, and compile it that way. the same applies about using 64bit numbers. No, "int"s are still 32bit in the 64bit compilation model. And they will still overflow. Rich
Re: [squid-users] Squid Start service & chkconfig error....!
From: M. Asghar Nazir > But when I try to manually start with >>> service squid start > [r...@proxysrv ~]# service squid start > squid: unrecognized service > I also want to configure it for autostart at startup of server. It give me > following error > [r...@proxysrv ~]# chkconfig --add squid > error reading information on service squid: No such file or directory > [r...@proxysrv ~]# This is more of an OS question... service and chkconfig need a squid startup script. Apparently you have no '/etc/init.d/squid' Either there is one in the squid source tree, or just google for one. JD
Re: [squid-users] support
From: Badrul Mohamad > what browser need from user if my network used squid to allow go to >outside/internet ? If you google for "squid supported browsers", the 2nd result is: http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers JD
Re: [squid-users] Re: cache_dir aufs grows larger than config'ed
On Mon, Oct 4, 2010 at 2:56 AM, Matus UHLAR - fantomas wrote: > On 29.09.10 17:42, Rich Rauenzahn wrote: >> This code strikes me as incorrect... Basically for files > 2GB, squid >> does the accounting wrong! > > It's apparently just a filesystem overhead, which varies between filesystems > but may eat some % of disk space. No, it's a bug. File system overhead doesn't account for taking 2-3 times more space than what squid says it is using. See http://bugs.squid-cache.org/show_bug.cgi?id=3068 >> Note that sizeof(int) is 4 in both 32bit and 64bit compilation models. >> I believe that blks * fs.blksize overflows 32bit before it is right >> shifted by 10 bits. > > if you want to use filesizes over 2GB on 32bit system, you must make your > program to be 64-bit capable, and compile it that way. > > the same applies about using 64bit numbers. No, "int"s are still 32bit in the 64bit compilation model. And they will still overflow. Rich
Re: [squid-users] Re: cache_dir aufs grows larger than config'ed
On 29.09.10 17:42, Rich Rauenzahn wrote: > This code strikes me as incorrect... Basically for files > 2GB, squid > does the accounting wrong! It's apparently just a filesystem overhead, which varies between filesystems but may eat some % of disk space. > Note that sizeof(int) is 4 in both 32bit and 64bit compilation models. > I believe that blks * fs.blksize overflows 32bit before it is right > shifted by 10 bits. if you want to use filesizes over 2GB on 32bit system, you must make your program to be 64-bit capable, and compile it that way. the same applies about using 64bit numbers. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question!
Re: [squid-users] reverse proxy
On 04/10/10 22:38, Nick Cairncross wrote: Hi list, A few idle moments on my hands I wanted to investigate getting a Squid box working behind my ADSL router. Squid would be listening on, say, 80 to incoming requests. ADSL router would be port forwarding 80 to it. I have a machine which runs a lot of web browseable add-ons all listening on different ports (nzb, image library, my EPG for XBMC etc). My setup would be similar to: I own foo.com. If I browse to http://nzb.foo.com traffic would be proxied to my linux box nzb handler, the nzb app would be listening on port 8800 but it would all go over 80. Similarly, I browse to http://image.foo.com and I would be directed to the box's image server listen on port 8081 – again traffic would be seen as if over 80. Again if I went to http://epg.foo.com it would be proxied to the EPG listening on 8082. I've not really had any exposure to this sort of thing but I think the concept is possible..? Any pointers or sample confs would be great to get me started… Nick http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers It works best with apps which can be configured with some public domain:port separate from their listening ip:port. Otherwise you get into a bit of trickiness requiring Squid to be listening publicly on the same ports as the app to catch any absolute URLs the apps send out. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2
[squid-users] reverse proxy
Hi list, A few idle moments on my hands I wanted to investigate getting a Squid box working behind my ADSL router. Squid would be listening on, say, 80 to incoming requests. ADSL router would be port forwarding 80 to it. I have a machine which runs a lot of web browseable add-ons all listening on different ports (nzb, image library, my EPG for XBMC etc). My setup would be similar to: I own foo.com. If I browse to http://nzb.foo.com traffic would be proxied to my linux box nzb handler, the nzb app would be listening on port 8800 but it would all go over 80. Similarly, I browse to http://image.foo.com and I would be directed to the box's image server listen on port 8081 – again traffic would be seen as if over 80. Again if I went to http://epg.foo.com it would be proxied to the EPG listening on 8082. I've not really had any exposure to this sort of thing but I think the concept is possible..? Any pointers or sample confs would be great to get me started… Nick The information contained in this e-mail is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise, is not intended to waive privilege or confidentiality. Internet communications are not secure and therefore Conde Nast does not accept legal responsibility for the contents of this message. Any views or opinions expressed are those of the author. The Conde Nast Publications Ltd (No. 226900), Vogue House, Hanover Square, London W1S 1JU
Re: [squid-users] got NTLMSSP command 3, expected 1
>On Mon, Oct 4, 2010 at 9:44 AM, Nick Cairncross > wrote: >> On 04/10/2010 07:48, "guest01" wrote: >> >>>got NTLMSSP command 3, expected 1 >> >> As you say isn't that because a Kerberos client is trying to send auth >>and >> thus not capable of NTLM? Can you track it down to the requesting >> machine(s) and client? It's like my Mac Safaris can only use NTLM and >>not >> Kerberos, only reverse.. I use both helpers. Kerberos auth ordered first >> and then NTLM second in squid conf. >> >> N >> >yes, at least the error messages suggests that a client wants to send >kerberos specific data, but squid expected ntlm. But I don't know why, >because in general everything is working. But sometimes it is not, >then the user will get a browser pop-up asking for credentials (which >should not happen either with kerberos or ntlm). A few seconds later >it is working again (normally pressing escape a couple of times is >enough and then the user is authenticated again by ntlm). > >I tried to figure out which browser caused that problem, in my case it >was FF 3.6.10, but if I remember correctly, then I had the same >problem with IE too. > >But you are right, if I am using both helpers (ntlm, kerberos) it >should not appear, right? So the only working solution is to use >kerberos too? Any other possible fixes? > Is the example you are talking about from within Firefox or IE7+? I see the same thing for my non-domain joined machines in Firefox. FF tries Kerberos first and then changes to NTLM on pressing escape. Since they can't get a ticket for a non domain machine my users need to use NTLM as a backup - your cache.log might show something like: 2010/10/04 10:09:53| authenticateAuthenticate: Unexpected change of authentication scheme from 'negotiate' to 'NTLM TlRMTVNTUAABB4IIogAGAbAdDw==' (client 192.168.1.27) (In Firefox) For me if I press escape I then receive a *slightly* different prompt relating to squid auth. I then enter my ntlm creds (domain\username) and I'm on. Logs show the user account is NTLM auth and not Kerberos. If it WAS a domain joined machine it would be the Kerberos UPN I would see from the start In IE if you disabled 'Integrated Windows Authentication' in the settings then I would be able to use NTLM for my non-domain machines as IE wants to use Kerberos otherwise. As for a 'fix', there isn't one AFAIK. However, some things to think about: is there a delay somewhere relating relating to NTLM auth? Sometimes not enough helpers, latency, locked accounts, bad lookups/DNS. As yet there is no wrapper for both Kerberos and NTLM, so two helpers it is. The information contained in this e-mail is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise, is not intended to waive privilege or confidentiality. Internet communications are not secure and therefore Conde Nast does not accept legal responsibility for the contents of this message. Any views or opinions expressed are those of the author. The Conde Nast Publications Ltd (No. 226900), Vogue House, Hanover Square, London W1S 1JU
Re: [squid-users] X-Cache Header
not sure what you meant by "caching is truned off". you should be able to strip off the X-cache from response headers using "reply_header_access" http://www.squid-cache.org/Versions/v3/3.1/cfgman/reply_header_access.html reply_header_access X-Cache deny all On Mon, Oct 4, 2010 at 10:16 AM, Andreas Müller wrote: > Hello, > > I'm using squid 3 as accel proxy to a web application. Caching is turned off > but in the response header to the client squid inserts 2 lines: > > X-Cache: > X-Cache-Lookup: > > I'm looking for an option to disable this but I can't found anything. I > don't want the client to know that it comes from a proxy. The response > should look like a normal webserver response. > > Kind regards, > Andreas > > > >
[squid-users] X-Cache Header
Hello, I'm using squid 3 as accel proxy to a web application. Caching is turned off but in the response header to the client squid inserts 2 lines: X-Cache: X-Cache-Lookup: I'm looking for an option to disable this but I can't found anything. I don't want the client to know that it comes from a proxy. The response should look like a normal webserver response. Kind regards, Andreas
[squid-users] got NTLMSSP command 3, expected 1
Hi guys, At first I have to appologize for starting a new thread concerning this message: [2010/10/01 12:29:45, 1] libsmb/ntlmssp.c:ntlmssp_update(334) got NTLMSSP command 3, expected 1 I know that it has been discussed previously and I read almost all of the answers but I did not find any solution. Maybe I missed an acceptable answer or maybe there are new infos concerning this topic? Anyway, I am using Squid 3.1.8 on RHEL5.5 with NTLM authentication (Server is joined to AD2003 domain) and this message appears in my cache.log-file multiple times (at arbitrary times). I don't really know why or how to prevent it, a few posts said that it is a client issue or that we could use authenticate_ip_shortcircuit_ttl on Squid (<3.x). My browsers are IE, FF, Chrome on WinXP SP3, unfortunately, I don't know which client causes the problem and neither do I know any possibility to prevent that problem from occur, has anybody any ideas? (I could switch to Kerberos, this may solve the problem. Even if it is a much more secure and better solution, I would prefer a different solution) thanks best regards Peter
[squid-users] SquidClient: "Number of Clients accessing cache" not getting updated
Hi I am using squid 2.7 stable7 and see that even on three TCP_HITS in squid access logs from three different IP addresses one of my running squid process is not updating the "Number of Clients accessing cache" field in the output from following squidclient's command output. ./squidclient -h 192.168.11.35 mgr:info ./squidclient -h 192.168.11.35 mgr:client_list Can someone please suggest what might be wrong? Regards, Saurabh
Re: [squid-users] got NTLMSSP command 3, expected 1
On 04/10/2010 07:48, "guest01" wrote: >got NTLMSSP command 3, expected 1 As you say isn't that because a Kerberos client is trying to send auth and thus not capable of NTLM? Can you track it down to the requesting machine(s) and client? It's like my Mac Safaris can only use NTLM and not Kerberos, only reverse.. I use both helpers. Kerberos auth ordered first and then NTLM second in squid conf. N > The information contained in this e-mail is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise, is not intended to waive privilege or confidentiality. Internet communications are not secure and therefore Conde Nast does not accept legal responsibility for the contents of this message. Any views or opinions expressed are those of the author. The Conde Nast Publications Ltd (No. 226900), Vogue House, Hanover Square, London W1S 1JU
[squid-users] Re: Squid 2.7+SSL on Windows will not proxy SSL requests
Can anyone help me with this?
Am I missing something obvious?
On Thu, Sep 30, 2010 at 11:09 AM, Jake Hawkes wrote:
> Hello,
>
> I am running Squid 2.7.STABLE8 on Windows XP. I am primarily doing
> this for convenience for myself, since I often change from the
> locked-down work environment to home, and having to change the proxy
> config every time is a bother.
>
> The idea is that Squid is configured to be the proxy in all the places
> where this is needed, and then it will contact the parent at work, or
> the internet at home.
>
> This all works great. I have even managed to allow my iPad to access
> the internet while at work, which is great because the iPad can't
> authenticate with the proxy at work.
>
> It all falls down with HTTPS however.
>
> I honestly can't remember if this has ever worked, (I seem to think it
> did) but now I am completely stumped.
> I have checked the windows firewall, and it is off.
> I have downloaded the SSL package from acme, and there is no
> difference in the behaviour.
>
> The SSL connections from the browser timeout. Chome reports "Waiting
> for proxy tunnel" in the status bar, and then fails with this error:
> Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
>
> I've tried to enable SSL debugging, but that seems to result in no
> logging at all. This seems to be a bug seperate to my problem.
>
> Here's hoping someone out there can help =)
>
> Regards,
>
> - Jake
>
> squid.conf
>
> http_port 8082
> # work settings
> acl INTERNAL src 172.28.0.0/255.255.0.0
> cache_peer 172.25.x.y parent 8080 0 no-query default proxy-only
> login=: no-digest
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl all src 0.0.0.0/0.0.0.0
> acl NAUGHTY_STUFF dstdom_regex -i "c:\squid\etc\domain_blacklist"
> acl PollingAPIs dstdom_regex -i "c:\squid\etc\pollingAPIs"
> acl BLOCKED dstdom_regex -i "c:\squid\etc\abg_blocked"
> http_access deny NAUGHTY_STUFF
> http_access allow PollingAPIs
> http_access allow manager localhost
> http_access deny manager
> http_access deny BLOCKED
> http_access allow localhost
> http_access allow INTERNAL
> http_access deny all
> #never_direct allow all
> icp_access deny all
> # debug ACL matching
> # debug_options 28,3
> # debug SSL
> # debug_options 83, 3
> # debug URL parsing
> # debug_options 23,3
> cache_effective_user squid
> cache_effective_group wheel
> httpd_suppress_version_string on
> snmp_access deny all
> visible_hostname a_computer
> cachemgr_passwd 5432 all
> #seconds.ms responsetime clientIP squidReqStat/HTTPStat replySize reqMethod
> # reqUrl username squidHeirarchyStatus/serverOrPeerIP mime
> logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs % # localtime, clientIP, reqURL, squidReqStat/HTTPStat, replySize,
> logformat accessFormat %{%d/%b/%Y:%H:%M:%S}tl,%>a, %ru, %Ss/%03Hs, % #access_log
> stdio:c:/squid/var/logs/localhost.access.log accessFormat localhost
> #access_log stdio:c:/squid/var/logs/internal.access.log accessFormat INTERNAL
> #access_log stdio:c:/squid/var/logs/pollingAPIs.access.log
> accessFormat PollingAPIs
> access_log stdio:c:/squid/var/logs/access.log accessFormat
> cache_log c:/squid/var/logs/cache.log
> cache_store_log none
> log_mime_hdrs none
> useragent_log none
> referer_log none
> pid_filename c:/squid/var/logs/squid.pid
> strip_query_terms off
>
>
>
> cache.log
>
> 2010/09/30 10:44:50| Starting Squid Cache version 2.7.STABLE8 for
> i686-pc-winnt...
> 2010/09/30 10:44:50| Running on Windows XP
> 2010/09/30 10:44:50| Process ID 5072
> 2010/09/30 10:44:50| With 2048 file descriptors available
> 2010/09/30 10:44:50| With 512 CRT stdio descriptors available
> 2010/09/30 10:44:50| Windows sockets initialized
> 2010/09/30 10:44:50| Using select for the IO loop
> 2010/09/30 10:44:50| Performing DNS Tests...
> 2010/09/30 10:44:50| Successful DNS name lookup tests...
> 2010/09/30 10:44:50| DNS Socket created at 0.0.0.0, port 4787, FD 4
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding DHCP nameserver x.x.x.x from Registry
> 2010/09/30 10:44:50| Adding domain x.x.x.x from Registry
> 2010/09/30 10:44:50| User-Agent logging is disabled.
> 2010/09/30 10:44:50| Referer logging is disabled.
> 2010/09/30 10:44:50| logfileOpen: opening log
> stdio:c:/squid/var/logs/access.log
> 2010/09/30 10:44:50| Unlinkd pipe opened on FD 7
> 2010/09/30 10:44:50| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
> 2010/09/30 10:44:50| Target number of buckets: 425
> 2010/09/30 10:44:50| Using 8192 Store buckets
> 2010/09/30 10:44:50| M
Re: [squid-users] Squid 3.1 with MRTG, Not able to get Graphs- squid upgraded to 3.1.8
> It's well worth upgrading to 3.1.8. Many of the 3.1 betas had broken SNMP.
>
> Also check that the squid.mib being loaded came from the 3.1 install.
>
> We now have a full map of what the OID are and what versions they work
> for. You may find this useful:
> http://wiki.squid-cache.org/Features/Snmp#Squid_OIDs
>
>
> Amos
> --
> Please be using
>Current Stable Squid 2.7.STABLE9 or 3.1.8
>Beta testers wanted for 3.2.0.2
>
Hi List,
As suggested by Amos, I have upgraded the squid box to 3.1.8 and
everything is working fine except the graph part with mrtg.
mrtg version :mrtg-2.16.4
My mrtg.cfg is as below
LoadMIBs: /usr/local/etc/mrtg/squid.mib
EnableIPv6: no
WorkDir: /usr/local/www/apache22/data
Options[_]: bits,growright
Target[proxy-hit]: cacheHttpHits&cacheServerRequests:pub...@127.0.0.1:3401
MaxBytes[proxy-hit]: 10
Title[proxy-hit]: HTTP Hits
Suppress[proxy-hit]: y
LegendI[proxy-hit]: HTTP hits
LegendO[proxy-hit]: HTTP requests
Legend1[proxy-hit]: HTTP hits
Legend2[proxy-hit]: HTTP requests
YLegend[proxy-hit]: perminute
ShortLegend[proxy-hit]: req/min
Options[proxy-hit]: nopercent, perminute, dorelpercent, unknaszero,
growright, pngdate
#PNGTitle[proxy-hit]: Proxy Hits
Target[proxy-srvkbinout]: cacheServerInKb&cacheServerOutKb:pub...@127.0.0.1:3401
MaxBytes[proxy-srvkbinout]: 76800
Title[proxy-srvkbinout]: Cache Server Traffic In/Out
Suppress[proxy-srvkbinout]: y
LegendI[proxy-srvkbinout]: Traffic In
LegendO[proxy-srvkbinout]: Traffic Out
Legend1[proxy-srvkbinout]: Traffic In
Legend2[proxy-srvkbinout]: Traffic Out
YLegend[proxy-srvkbinout]: per minute
ShortLegend[proxy-srvkbinout]: b/min
kMG[proxy-srvkbinout]: k,M,G,T
kilo[proxy-srvkbinout]: 1024
Options[proxy-srvkbinout]: nopercent, perminute, unknaszero, growright, pngdate
I have verified that squid snmp is working through the following command
#snmpget -On -m /usr/local/etc/mrtg/squid.mib -v 2c -c public
127.0.0.1:3401 cacheHttpHits cacheServerRequests cacheServerInKb
cacheServerOutKb cacheUptime CacheSoftware cacheVersionId
This gives me results without any errors so snmp part of squid is
working fine I think
Now when I run mrtg I could see the following errors in mrtg.log file
010-10-04 12:37:33 -- Started mrtg with config '/usr/local/etc/mrtg/mrtg.cfg'
2010-10-04 12:37:33 -- Unknown SNMP var cacheHttpHits
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheServerRequests
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheUptime
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheSoftware
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheVersionId
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Use of uninitialized value $ret[-2] in
concatenation (.) or string at /usr/local/bin/mrtg line 2261.
2010-10-04 12:37:33 -- Use of uninitialized value $ret[-1] in
concatenation (.) or string at /usr/local/bin/mrtg line 2261.
2010-10-04 12:37:33 -- Unknown SNMP var cacheServerInKb
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheServerOutKb
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheUptime
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheSoftware
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheVersionId
at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Use of uninitialized value $ret[-2] in
concatenation (.) or string at /usr/local/bin/mrtg line 2261.
2010-10-04 12:37:33 -- Use of uninitialized value $ret[-1] in
concatenation (.) or string at /usr/local/bin/mrtg line 2261.
2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
Target[proxy-hit][_IN_] ' $target->[0]{$mode} ' did not eval into
defined data
2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
Target[proxy-hit][_OUT_] ' $target->[0]{$mode} ' did not eval into
defined data
2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
Target[proxy-srvkbinout][_IN_] ' $target->[1]{$mode} ' did not eval
into defined data
2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
Target[proxy-srvkbinout][_OUT_] ' $target->[1]{$mode} ' did not eval
into defined data
All I could make out from these error was mrtg not reading squid.mib
file. Am I right?
Now I am stuck and I suspect a broken mrtg? or did I go wrong
somewhere? Do kindly let me know what went wrong and how to proceed
further.
Thanx in advance
Babs
Re: [squid-users] Zero Sized Reply when doing POST
On 02.10.10 10:34, Enrique Becerra wrote: > I've setup a firewall (Endian Firewall) in small network. This > firewall uses squid cache > > Users must upload csv files in an extranet website. When they > upload/submit the csv files, they get: "Zero Sized Reply" > > - Proxy is set to Transparent > - Site doesn't work in Firefox/Chrome (decent browser). It works Only on IE! > - Uploading works but one csv file by one. If they upload all > toghether, they get "Zero Sized Reply" > - Cleaned Cookies and temp files from IE config it's quite common for intercepting (incorrectly called transparent) proxies. try configure the proxy manually in the browser if it helps. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer
