Re: [squid-users] FTP firewall
Hameed, If don't know about squid, I will refer you too visit www.squid-cache.org. Squid is http based cache and proxy server. Squid have http based ftp support but did not support native ftp. For this you will have to redirect yoru traffic via firewall to direct internet instead using squid. I will suggest better to use squid on UNIX flavoure OS instead using Windows OS. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) Hameed said: > Hi there friends, > > I need your kind advice to help me solve my problem with firewalls. > We are a small company developing database solutions using a program > called FileMaker Pro (http://www.filemaker.com/) > We have bought a plugin for our system which is called FTPit. It is > used to transfer files from the computer where the Filemaker Pro system is > running, to a remote ftp server. > > The solution works perfectly for computers connected to the internet > directly. Recently we got a new client who has got an array of computers > which connects to the internet through the server where the Squid firewall > is running. > > We have a Windows 2000 server OS running on our server computer. > I want to install the Squid in the server here to test my client's > scenario > here. > I have the following questions to ask: > > Is that possible the Squid can run in this windows server? > > How to install the Squid in the server. Do we have a normal setup program? > > In my filemaker plugin FTPit, they have not > provided any special functions to connect to the FTP firewall servers. > Instead > they have got a single function. Using that function we can send core FTP > commands to the server. But I do not have knowledge of these FTP commands > specifically for Squid FTP firewall prgram. If you have samples of these > FTP commands, please share with me that will of great help me. > > Your help in this will be highly appreciated. > > Thanks a lot. > > Best Regards, > Hameed > > Pilot simple.software > tel: 852 2810 1110 > fax: 852 2869 1622 > > - This email was sent using Fibre Net (Internet Services Provider) "Webmail !" http://www.fibre.net.pk/
Re: [squid-users] Large squid cache configuration
Ken, If you talk about aufs setup simple is that study FAQ now move to more than 1024 file descriptors for this you will have to tell us which OS and Kernel version you are using... then we can help you.. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Ken Thomson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 30, 2003 12:03 PM Subject: [squid-users] Large squid cache configuration A long time ago I found a website that went through the process of setting up squid in a high usage environment with many concurrent users, large disk cache, etc. I've been trying to find the webpage again but to no avail. Does it still exist? I used the information from the website to setup a squid proxy. I now want to revisit the config decisions I made and compile 2.5STABLE3 on the same machine. Previously I used p-threads, aufs, and aio-threads=24. I have no idea now how I chose those settings (obviously I am good at keeping documentation ;-). Also need to recap on how to compile with more than 1024 file descriptors (I think it is a ulimit thing). Regards, Ken. PS. I tried going through the mailing list archive - but without a full text search it just takes too long trying to guess subjects.
Re: [squid-users] Large squid cache configuration
Ken, If you talk about aufs, this is what it's called in Squid storage scheme.. you can use ufs, diskd and aufs. You are on right way I will suggest better to you aufs. If you want to compile squid with aufs support use minimum 120 child process. run ./configure --help|grep aufs 1 >for increasing file descriptor size use file /proc/sys/fs/file-max 2> before running configure script use ulimie -HSn 4096 etcc and blah balhb alh -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Ken Thomson" <[EMAIL PROTECTED]> To: "Masood Ahmad Shah" <[EMAIL PROTECTED]> Sent: Monday, June 30, 2003 12:23 PM Subject: RE: [squid-users] Large squid cache configuration Hi Masood, I have looked through all 25 sections on the FAQ. The only reference I found to aufs was in the Troubleshooting section (relating to core dumps). Which FAQ are you talking about? I will be compiling on Linux (Redhat 7.3). TIA. Cheers, Ken. -Original Message- From: Masood Ahmad Shah [mailto:[EMAIL PROTECTED] Sent: Monday, 30 June 2003 17:09 To: Ken Thomson; [EMAIL PROTECTED] Subject: Re: [squid-users] Large squid cache configuration Ken, If you talk about aufs setup simple is that study FAQ now move to more than 1024 file descriptors for this you will have to tell us which OS and Kernel version you are using... then we can help you.. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Ken Thomson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 30, 2003 12:03 PM Subject: [squid-users] Large squid cache configuration A long time ago I found a website that went through the process of setting up squid in a high usage environment with many concurrent users, large disk cache, etc. I've been trying to find the webpage again but to no avail. Does it still exist? I used the information from the website to setup a squid proxy. I now want to revisit the config decisions I made and compile 2.5STABLE3 on the same machine. Previously I used p-threads, aufs, and aio-threads=24. I have no idea now how I chose those settings (obviously I am good at keeping documentation ;-). Also need to recap on how to compile with more than 1024 file descriptors (I think it is a ulimit thing). Regards, Ken. PS. I tried going through the mailing list archive - but without a full text search it just takes too long trying to guess subjects.
Re: [squid-users] Solaris 8 running out of filedescriptors
Would you like to tell us, which solaris version you are using? Because there are different ways to increase file descriptors in diffirent version of Solaris -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Apostolou, Nicholas [IT]" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 30, 2003 1:01 PM Subject: [squid-users] Solaris 8 running out of filedescriptors | Hi All, | | What are the recommendations for Solaris 8 (kernel 108528-19),where it is | running out of file descriptors? | There is no information specific for Solaris 8 on the FAQ. | Currently running Squid2.5stable2. | | 2003/06/30 16:16:06| WARNING! Your cache is running out of filedescriptors | | Also what happens when you run out of DNS server processors? | This will go to 32, currently have 25 DNS processors, and I still have more | users to come on this host. | | 2003/06/30 14:35:28| WARNING: All dnsserver processes are busy. | 2003/06/30 14:35:28| WARNING: 25 pending requests queued | | | Nicholas Apostolou | Unix Systems | Business Technology | Level 15, 2 Park Street | Sydney NSW Australia 2000 | | Phone: (+612) 82254468 | Fax: (+612) 82255404 | Mobile: +61 401709007 | Email: [EMAIL PROTECTED] | | | Important Information | This message may contain confidential, proprietary or privileged | information. If you are not the intended recipient, please notify the | sender immediately and delete the message from your system. You should not | copy or use it for any purpose, nor disclose its contents to any other | person. E-mail transmission cannot be guaranteed to be secure or | error-free. No guarantee is made that any attachments are virus free. We | reserve the right to monitor all e-mail communications. | | Although the information is believed to be reliable, we do not guarantee its | accuracy and it may be incomplete or condensed. All opinions and estimates | constitute our judgement at the date of issue and are subject to change | without notice. Unless stated otherwise, pricing information is indicative | only, subject to change and is not an offer to deal at any price quoted. | Any reference to the terms of executed transactions is preliminary only and | subject to written confirmation. | | |
Re: [squid-users] Enabling delay pools in squid
Bennett, For this you will have to recompile your squid source with --enable-delaypool something like that better to get it via ./configure --help|grep delay-pool -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Bennett Kankuzi" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 01, 2003 4:21 PM Subject: [squid-users] Enabling delay pools in squid | | Dear All, | | I have squid currently up and running. It is working | perfectly well. It was installed when I was installing | the OS RH Linux 7.2. from CDs. However I am finding | out that web surfing is sucking our whole bandwidth. | Thus I want to use delay pools. Are delay pools | automatically enabled during squid installation? If | not, how do I enable them now. | | Thanks in advance. | | Bennett Kankuzi | Chancellor College | Malawi | C. Africa | | | | __ | Do you Yahoo!? | SBC Yahoo! DSL - Now only $29.95 per month! | http://sbc.yahoo.com |
Re: [squid-users] --> Problems with DISKD
For FreeBSD I will suggest better to use diskd instead aufs...if you are running linux then aufs much better... -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Alex Carlos Braga Antão" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 01, 2003 4:36 PM Subject: [squid-users] --> Problems with DISKD Hello, I have been running my squid proxy for about 3 weeks, with no problems. Yesterday, my squid cache started getting a lot of messages: 2003/07/01 08:23:13| storeDiskdSend OPEN: (35) Resource temporarily unavailable 2003/07/01 08:23:13| storeDiskdSend: msgsnd: (35) Resource temporarily unavailable I realized that my kernel configuration was worng, and configured it exactly like in the docs: kern.ipc.msgmax: 16384 kern.ipc.msgmni: 40 kern.ipc.msgmnb: 2048 kern.ipc.msgtql: 40 kern.ipc.msgssz: 8 kern.ipc.msgseg: 2048 msg 425K 25K4 512,4096,16384 kern.msgbuf: kern.msgbuf_clear: 0 security.bsd.unprivileged_read_msgbuf: 1 Then I Rebuilt the cache_dir and restarted it. No more messages received, until today. I´m getting the same messages. For a workarround, I cleared the cache and configured it to aufs. I think DISKD is better than AUFS (is it??) and I´d like to use it, but what may be happening My box is a FreeBSD 5.0 RELEASE, running SQUID 2.5-STABLE3-20030602 Thanks Alex C. B. Antão Analista de Sistemas e Suporte ICQ: 5144629http://motoviagens.pagina.de http://e-modelismo.pagina.de Um "bom" pouso é aquele do qual você sai caminhando. Um "ótimo" pouso é aquele depois do qual você pode usar o avião novamente.
Re: [squid-users] Enabling delay pools in squid
of course you can do it and much more via delay pools better to first study FAQs on delay pools then post question over here... http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8 -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Chijioke Kalu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, July 01, 2003 5:17 PM Subject: Re: [squid-users] Enabling delay pools in squid | | Hi Masood, | | My question about delay pools, is whether I can use it to limit both the | downstream and upstream traffic of a computer system ip | | cause I want to limit 5 different client IP address to 5k downlink and 2k | uplink. | | Can u give me a sample configuration to effect this. | | Thanks | | Kalu | | > | >Bennett, | > | >For this you will have to recompile your squid source | >with --enable-delaypool something like that better to get it via | >./configure --help|grep delay-pool | > | > | >-- | > | >Best Regs, | >Masood Ahmad Shah | >System Administrator | > | >^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | >| * * * * * * * * * * * * * * * * * * * * * * * * | >| Fibre Net (Pvt) Ltd. Lahore, Pakistan | >| Tel: +92-42-6677024 | >| Mobile: +92-300-4277367 | >| http://www.fibre.net.pk | >| * * * * * * * * * * * * * * * * * * * * * * * * | >^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | >Unix is very simple, but it takes a genius to understand the simplicity. | >(Dennis Ritchie) | >"All I want is a few minutes alone with the source code for the universe | >and | >a quick recompile." | > | > | >- Original Message - | >From: "Bennett Kankuzi" <[EMAIL PROTECTED]> | >To: <[EMAIL PROTECTED]> | >Sent: Tuesday, July 01, 2003 4:21 PM | >Subject: [squid-users] Enabling delay pools in squid | > | > | >| | >| Dear All, | >| | >| I have squid currently up and running. It is working | >| perfectly well. It was installed when I was installing | >| the OS RH Linux 7.2. from CDs. However I am finding | >| out that web surfing is sucking our whole bandwidth. | >| Thus I want to use delay pools. Are delay pools | >| automatically enabled during squid installation? If | >| not, how do I enable them now. | >| | >| Thanks in advance. | >| | >| Bennett Kankuzi | >| Chancellor College | >| Malawi | >| C. Africa | >| | >| | >| | >| __ | >| Do you Yahoo!? | >| SBC Yahoo! DSL - Now only $29.95 per month! | >| http://sbc.yahoo.com | >| | > | | _ | Protect your PC - get McAfee.com VirusScan Online | http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 | |
Re: [squid-users] Replication not Caching
You can define your website in squid that will not cache. and if you talk about replication then you can use some software or better to use dns with round robin fashion.. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Bhattacharyya, Somraj" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 01, 2003 6:52 PM Subject: [squid-users] Replication not Caching | Hi guys !! | | "If we replicate a web server and place it near as near as possible to a | client then we might not require caching servers." This is a general | statement and vissible for very large and popular web servers. | | If a multinational company puts different web servers for different | continents , its not only able to reduce the network traffic but also | provides a better response time to the users.Lots of huge conpanies also | doing that. | But the servers should be same, that is one master(updatable) and others | slave(viewable). Like the same way we configure parent and child proxies in | squid. But instead of caching I am thinking direct replication between those | servers to give support for a large number of users ( a country or may be | more than one country). | | Please note: Say by using say 5000 caching servers (roughly)we are serving a | country, where same web pages are cached in dfferent severs.May be two | servers side by side on a same table containing the same page, solving | problem but isnt it wasting resources.But one replicated server of a | particular website could handle the same situation, but ofcourse only for | that web site. | | How can squid and apache can technically help me to support this idea.Mainly | to support replicating web doucuments with in web servers not caching. | | Please share your ideas. | Thanks | Somraj |
Re: [squid-users] question about Forcing proxy.
you have not properly configure transparent proxy better to study FAQs. http://www.squid-cache.org/Doc/FAQ/FAQ-17.html -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Jason Brashear" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 7:16 AM Subject: RE: [squid-users] question about Forcing proxy. | One more thing to add.. | | Also when I ad this line | to my firewall rules: | $IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j | REDIRECT --to-port 3128 | | | I get this in my web browser: | | ERROR | The requested URL could not be retrieved | | -- -- | | | While trying to retrieve the URL: / | | The following error was encountered: | | Invalid URL | Some aspect of the requested URL is incorrect. Possible problems: | | Missing or incorrect access protocol (should be `http://'' or similar) | Missing hostname | Illegal double-escape in the URL-Path | Illegal character in hostname; underscores are not allowed | Your cache administrator is [EMAIL PROTECTED] | | | | -- -- | | | Generated Wed, 02 Jul 2003 02:13:53 GMT by firewall.hostrocks.com | (squid/2.5.STABLE1) | | | I have a system running SQUID with two nics. | One Public and one private. | The private issues a Dynamic IP address to the clients on the inside via | DHCP. | | | What I want to do is force all port 80 443 in bound traffic to squid so | that | proxy occurs with out having to add a proxy server setting their browser. | | | Any ideas? | | I know that I should be able to do this with IPTABLES. | I am running on RedHat 9.0 Also I hav esquid Guard installed and that seems | to really rock. | | Please help! | Thank you, | -Jason Brashear | |
Re: [squid-users] squid gets kill
keep eyes on cache.log and let us know what you are getting in cache.log when squid process killed. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Vikrant Agarwal" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 9:16 AM Subject: [squid-users] squid gets kill | Hi all , | | This is my first time posting to this mailing list . I'm facing | one very strange problem with my squid . My squid get killed once | in two or three days automatically and only after reinstalling it | with its RPM it gets up, i use same squid.conf file after every | new installation . i've checked each & every point and founds ok | at my end . | | I'm using Red Hat 7.2 with kernel 2.4.7-10 and squid RPM | squid-2.4.STABLE6-6.7.3.i386.rpm | | | does anyone have any idea on this .?? | | | Reg | | Vikrant Agarwal | ___ | Click below to experience Sooraj R Barjatya's latest offering | 'Main Prem Ki Diwani Hoon' starring Hrithik, Abhishek | & Kareena http://www.mpkdh.com | |
Re: [squid-users] Very high CPU load
check you cache.log. problem can be in cache rebuilding. if you squid process still used 99% CPU then you must C something in cache.log and I'm sure it will be cache rebuilding dir that's y it's taking time. it's depend on size of cache and mem + processor that how they can rebuild cache fast.. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Sessler, Enrico" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 12:12 PM Subject: [squid-users] Very high CPU load | Hello, | | for a few days I have a strange problem with | squid running under FreeBSD. Although the proxy | is almost not used squid runs all the time with | 99% CPU utilization. | | Have already rebuilt the complete cache dir and | installed the latest version (2.5STABLE3) nothing | changed the situation (rolled back to 2.5STABLE2 again). | | Below some information about the system and software. | | Did anybody have the same phenomenon or has an idea | what can be the resaon (or better) the soluion? | | | # squid version # | Squid Cache: Version 2.5.STABLE2 | configure options: --bindir=/usr/local/sbin | --sysconfdir=/usr/local/etc/squid --datadir=/usr/local/etc/squid/ | --localstatedir=/usr/local/squid '--enable-storeio=ufs diskd null' | '--enable-removal-policies=lru heap' --enable-auth=basic | --enable-basic-auth-helpers=SMB '--enable-external-acl-helpers=ip_user | unix_group' --enable-underscores --prefix=/usr/local i386-portbld-freebsd4.8 | | | ## squid.conf | http_port 8080 8081 8082 8083 8084 | icp_port 5150 | | acl all src 0.0.0.0 | | http_access allow all | | hierarchy_stoplist cgi-bin ? | | forwarded_for off | ## | | ### dmesg.boot ## | Copyright (c) 1992-2003 The FreeBSD Project. | Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 | The Regents of the University of California. All rights reserved. | FreeBSD 4.8-STABLE #1: Sun Apr 13 15:48:20 GMT 2003 | [EMAIL PROTECTED]:/usr/obj/usr/src/sys/KAYAK | Timecounter "i8254" frequency 1193182 Hz | CPU: Pentium II/Pentium II Xeon/Celeron (349.13-MHz 686-class CPU) | Origin = "GenuineIntel" Id = 0x652 Stepping = 2 | | Features=0x183f9ff | real memory = 201261056 (196544K bytes) | avail memory = 192548864 (188036K bytes) | Preloaded elf kernel "kernel" at 0xc033e000. | Pentium Pro MTRR support enabled | md0: Malloc disk | Using $PIR table, 8 entries at 0xc00fdf40 | npx0: on motherboard | npx0: INT 16 interface | pcib0: on motherboard | pci0: on pcib0 | pcib1: at device 1.0 on pci0 | pci1: on pcib1 | pci1: at 0.0 irq 9 | isab0: at device 7.0 on pci0 | isa0: on isab0 | atapci0: port 0xfcd0-0xfcdf at device 7.1 on | pci0 | ata0: at 0x1f0 irq 14 on atapci0 | ata1: at 0x170 irq 15 on atapci0 | pci0: at 7.2 irq 11 | chip1: port 0x8800-0x880f at | device 7.3 on pci0 | fxp0: port 0xfc40-0xfc7f | mem 0xfede-0xfedf,0xfeddf000-0xfedd irq 11 at device 17.0 on pc | i0 | fxp0: Ethernet address 00:02:b3:4b:2e:0e | inphy0: on miibus0 | inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto | fxp1: port 0xfc00-0xfc3f | mem 0xfeda-0xfedb,0xfedde000-0xfeddefff irq 12 at device 19.0 on pc | i0 | fxp1: Ethernet address 00:02:b3:4b:42:98 | inphy1: on miibus1 | inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto | orm0: at iomem 0xc-0xc7fff,0xc8000-0xc97ff,0xc9800-0xcafff | on isa0 | fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 | fdc0: FIFO enabled, 8 bytes threshold | fd0: <1440-KB 3.5" drive> on fdc0 drive 0 | atkbdc0: at port 0x60,0x64 on isa0 | atkbd0: flags 0x1 irq 1 on atkbdc0 | kbd0 at atkbd0 | vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 | sc0: at flags 0x100 on isa0 | sc0: VGA <16 virtual consoles, flags=0x300> | sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 | sio0: type 16550A | sio1 at port 0x2f8-0x2ff irq 3 on isa0 | sio1: type 16550A | ppc0: at port 0x378-0x37f irq 7 on isa0 | ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode | ppc0: FIFO with 16/16/8 bytes threshold | unknown: can't assign resources | ata1-slave: ATAPI identify retries exceeded | ad0: 4104MB [8895/15/63] at ata0-master UDMA33 | acd0: CDROM at ata1-master PIO4 | Mounting root from ufs:/dev/ad0s1a
Re: [squid-users] fqdncacheParse: No PTR record
Hasan, Don't worry about it this normal behave of fqdncahce when it does not find reverse record against the IP. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Hasan, Irfan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 1:31 PM Subject: [squid-users] fqdncacheParse: No PTR record Squid Cache (Version 2.5.STABLE1-20030204) Red Hat Linux 8.0 I'm receiving this error in cache.log any clue about this error messages 2003/07/02 15:59:16| fqdncacheParse: No PTR record
Re: [squid-users] Load balancing on single machine
hmmm but what do u think if the proxy is transparent ..:) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Kinkie" <[EMAIL PROTECTED]> To: "Marc Elsen" <[EMAIL PROTECTED]> Cc: "Dusan Djordjevic" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, July 07, 2003 1:54 PM Subject: Re: [squid-users] Load balancing on single machine | Marc Elsen <[EMAIL PROTECTED]> writes: | | > Dusan Djordjevic wrote: | >> | >> Monday 07 July 2003 10:56, Marc Elsen: | >> > > I plan to install few instances of Squid on one multiprocessor box | >> > > and balance load between them. I plan to use LinuxVirtualServer | >> > > for it. Do someone have that kind of solution ? What load | >> > > balancing you suggest ? Any other recommendation ? | >> > Do you have an idea of the sustained http reqs/sec , your squid | >> > has to deal with ? | >> | >> Yes. I need specific non-caching proxy. There are 3000-5000 requests per | >> second. Currently I have one 4CPU box i would like to deploy. | > | > Hm, I think I read that squid can give you a max. of about 300 | > reqs/sec. | > As stated before on the list squid on itself can not make | > use of more then one cpu. | > | > So I think in a virtual server setup, you may be better off with 4 | > separate boxes (probably), I think it would give you more | > flexibility and squid service uptime, if one box is down, | > for instance. | | If you're running on Linux, there is a trick which can balance | between 2 squid instances running on the same box, discriminating between | the two depending on the client IP address. | Run the second instance on some other http_port (i.e. 4128) and add this | iptables rule: | | iptables -t nat -A PREROUTING -s 0.0.0.0/0.0.0.1 -p tcp \ | --destination-port 3128 -j REDIRECT --to-ports 4128 | | | More instances (in powers of 2) should be possible using similar tricks. | | | -- | kinkie (kinkie-squid [at] kinkie [dot] it) | Random fortune, unrelated to the message: | Can't act. Slightly bald. Also dances. | -- RKO executive, reacting to Fred Astaire's screen test. |Cerf/Navasky, "The Experts Speak" |
Re: [squid-users] Load balancing on single machine
In my sense if one proxy will down another will not take it's place because iptable rules are redirecting packets to both port and port instance is not running.. so what type of load balancing .:) Better to run Linux clustering that is much better then things like that... -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Kinkie" <[EMAIL PROTECTED]> To: "Masood Ahmad Shah" <[EMAIL PROTECTED]> Cc: "Marc Elsen" <[EMAIL PROTECTED]>; "Dusan Djordjevic" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, July 07, 2003 2:34 PM Subject: Re: [squid-users] Load balancing on single machine | "Masood Ahmad Shah" <[EMAIL PROTECTED]> writes: | | > hmmm but what do u think if the proxy is transparent ..:) | | [...] | | The trick is the same. Just do two rules, one with source | | -s 0.0.0.0/0.0.0.1 | | redirecting to the first instance of the transparent proxy, the other with | | \! -s 0.0.0.0/0.0.0.1 | | redirecting to the other instance. | | -- | kinkie (kinkie-squid [at] kinkie [dot] it) | Random fortune, unrelated to the message: | Yow! Am I in Milwaukee? |
Re: [squid-users] Squid on port 80
yes of course better to check IIS process. You can run squid on any port but make sure no other service using that port. I will suggest better to not use well defined port.. but you want to listion port to squid then you can use redirector like iptable in linux and ipsec in Windows can do :) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Hasan, Irfan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 07, 2003 5:18 PM Subject: [squid-users] Squid on port 80 | I'm running Squid 2.5 Stable3 NT on Windows 2000 Professional, | yes yes I know it is not a good idea to run Windows 2000 Professional | but I've some other issues. | | I'm running squid on port 80, the problem is intermittent connection. | Even when I telnet on local machine on port 80 sometime I can connect | and sometime I can't connect. | | When I change port 80 to some other port, no problem everything run smooth. | I already check there is no other service is using Port 80. | | Is there any known issue to run Squid on port 80 or using Windows 2000 Pro.? | |
Re: [squid-users] Improve performance in squid
First of all I will suggest better to purchase some SCSI hard disks more then 17 GB. 4 GB RAM is okk.. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) "All I want is a few minutes alone with the source code for the universe and a quick recompile." - Original Message - From: "Adaíl Oliveira" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 07, 2003 7:19 PM Subject: [squid-users] Improve performance in squid | Hi, | I have a Dell Server with 4 GB ram + intel III 1 | GHz dual processor machine.I have a cache dir of 17 Gb for squid. Any | suggestions how to | improve performance in squid? | | Thanks | | A.O | |
[squid-users] redirect program
Dear alls, I'm using asqredir for redirecting URLs it's working fine. but when a URL match asqredir returned back simple empty page instead sending new URLs.. I want to redirect www.xyz.com/hi.jpg to www.abc.com/hi.jpg I have written asqredir url file like show below... http://xyz/images/logo.gif http://abc/redirect/redir.html now problem is that asqredir is not returning abc page it's returning emptoy page. I have study asqredir and it's saying right that it will return emptoy page. but I'm sure there is a way to redirect new URL instead emptoy page. Can someone let me know with example... -- Best Regs, Masood Ahmad Shah
Re: [squid-users] Squid compilation problem.
hmmm you don't have C compiler installed or there is a problem with path
--
Best Regs,
Masood Ahmad Shah
System Administrator
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
| * * * * * * * * * * * * * * * * * * * * * * * *
| Fibre Net (Pvt) Ltd. Lahore, Pakistan
| Tel: +92-42-6677024
| Mobile: +92-300-4277367
| http://www.fibre.net.pk
| * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
- Original Message -
From: "anant shintre" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 17, 2003 1:45 PM
Subject: [squid-users] Squid compilation problem.
| Hello,
| I wanted to install Squid on my Redhat Linux 8.0
| server.
| I have downloaded squid version
| "squid-2.5.STABLE3.tar.gz" from squid site to
| "http://www.squid-cache.org"; to /root directory.
| I tried to compile Squid with following steps given in
| Squid FAQ as follows :
|
| xzf squid-2.5.STABLE3.tar.gz
| cd squid-2.5.STABLE3
| ./configure
|
| when I gave command "./configure" I got following
| error :
|
| loading cache ./config.cache
| checking for a BSD compatible install...
| /usr/bin/install -c
| checking whether build environment is sane... yes
| checking for mawk... no
| checking for gawk... gawk
| checking whether make sets ${MAKE}... yes
| checking whether to enable maintainer-specific
| portions of Makefiles... no
| checking for gcc... no
| checking for cc... no
| configure: error: no acceptable cc found in $PATH
|
| Can you help me to compile Squid.
| Thanks.
|
| __
| Do you Yahoo!?
| SBC Yahoo! DSL - Now only $29.95 per month!
| http://sbc.yahoo.com
|
Re: [squid-users] extract the IPAddress and the MAC Address of the machine from which request came
my dear don't do like that... -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Maarten J H van den Berg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, July 17, 2003 4:59 PM Subject: Re: [squid-users] extract the IPAddress and the MAC Address of the machine from which request came | | HEY !!! STOP THIS ! | | | | On Thursday 17 July 2003 13:22, Reena Panwar wrote: | > Hi | > | > Squid is running in the transparent mode. Now whatever request comes to | > squid it has to extract the IPAddress and the MAC Address of the | > machine from which the request came. How can this be achieved. | > | > Regards | > Reena | > | > | > | > | > Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! | > http://login.mail.lycos.com/r/referral?aid=27005 | | -- | This email has been scanned for the presence of computer viruses. | | Maarten J. H. van den Berg ~~//~~ network administrator | VBVB - Amsterdam - The Netherlands - http://vbvb.nl | T +31204233288 F +31204233286 G +31651994273 |
Re: [squid-users] how to restrict the file size of download
Put in your squid.conf file... for example if you want to allow 20 KB request_body_max_size 20 KB -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Li Wei" <[EMAIL PROTECTED]> To: "" <[EMAIL PROTECTED]> Sent: Wednesday, July 23, 2003 12:26 PM Subject: [squid-users] how to restrict the file size of download | hi,all | | I'd like to restrict the size of download through Squid. | | Who can help me? | | My Squid is Version 2.5.STABLE2, and installed on Solaris 2.5 | | THX. | ** | Samuel Li^-^ HAVE A GOOD DAY ^-^ | JFTT | E-mail: [EMAIL PROTECTED] | ** | |
Re: [squid-users] Please set visible hostname by running squid installed from squid sorce tar
then simple is that set hotst_visible name in your squid.conf don't worry about it :) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Reena Panwar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 23, 2003 4:44 PM Subject: [squid-users] Please set visible hostname by running squid installed from squid sorce tar | Hi | | I have installed squid from squid-2.5.STABLE5.tar.gz. | | I have compiled it using make and installed. | | Now when I am trying to run it from | /usr/local/squid/sbin | it gives an error please set visible hostname | | Reena | | | | Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! | http://login.mail.lycos.com/r/referral?aid=27005 |
Re: [squid-users] Squid is runnin as a standalone server
hmmm it's very strange for me that you are using squid for web services instead apache :) If you know how to parse CGI or PHP JSP pages via squid .please let me know. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Reena Panwar" <[EMAIL PROTECTED]> To: "Antony Stone" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, July 23, 2003 4:54 PM Subject: Re: [squid-users] Squid is runnin as a standalone server | | --Please yaar If i want something which is not possible. Tell me. I asked a think because because obviously I was not sure if that can be done. | | Reena | | - Original Message - | | DATE: Wed, 23 Jul 2003 12:37:45 | From: Antony Stone <[EMAIL PROTECTED]> | To: [EMAIL PROTECTED] | Cc: | | >On Wednesday 23 July 2003 12:16 pm, Reena Panwar wrote: | > | >> Hi | >> | >> Look you did not get my question.. | >> | >> I am using squid as a standalone web server. I don't want to use any other | >> wen server with it. I am not using squid as a proxy but as a web server | >> which will run for me like a normal apache server but I have to use squid | >> only. | > | >Oh, I do apologise. I did not actually realise that it was possible to run | >Squid as a web server - I thought it was only a proxy. | > | >Thanks for enlightening me. | > | >Regards, | > | >Antony. | > | >-- | > | >You can spend the whole of your life trying to be popular, | >but at the end of the day the size of the crowd at your funeral | >will be largely dictated by the weather. | > | > - Frank Skinner | > | | | | | Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! | http://login.mail.lycos.com/r/referral?aid=27005 |
Re: [squid-users] Squid is runnin as a standalone server
Clark, I think so... -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Clark Allan Dave" <[EMAIL PROTECTED]> To: "'Masood Ahmad Shah'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, July 23, 2003 5:09 PM Subject: RE: [squid-users] Squid is runnin as a standalone server | I don't think he she knows anything about squid or apache or anything for that matter. | | He/ she is just a spammer , who annoys all the people here. | | -Original Message- | From: Masood Ahmad Shah [mailto:[EMAIL PROTECTED] | Sent: Wednesday, July 23, 2003 3:03 PM | To: [EMAIL PROTECTED]; Antony Stone | Cc: [EMAIL PROTECTED] | Subject: Re: [squid-users] Squid is runnin as a standalone server | | | hmmm it's very strange for me that you are using squid for web services | instead apache :) | If you know how to parse CGI or PHP JSP pages via squid .please let me | know. | | -- | | Best Regs, | Masood Ahmad Shah | System Administrator | | ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | | * * * * * * * * * * * * * * * * * * * * * * * * | | Fibre Net (Pvt) Ltd. Lahore, Pakistan | | Tel: +92-42-6677024 | | Mobile: +92-300-4277367 | | http://www.fibre.net.pk | | * * * * * * * * * * * * * * * * * * * * * * * * | ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | Unix is very simple, but it takes a genius to understand the simplicity. | (Dennis Ritchie) | | - Original Message - | From: "Reena Panwar" <[EMAIL PROTECTED]> | To: "Antony Stone" <[EMAIL PROTECTED]> | Cc: <[EMAIL PROTECTED]> | Sent: Wednesday, July 23, 2003 4:54 PM | Subject: Re: [squid-users] Squid is runnin as a standalone server | | | | | | --Please yaar If i want something which is not possible. Tell me. I asked | a think because because obviously I was not sure if that can be done. | | | | Reena | | | | - Original Message - | | | | DATE: Wed, 23 Jul 2003 12:37:45 | | From: Antony Stone <[EMAIL PROTECTED]> | | To: [EMAIL PROTECTED] | | Cc: | | | | >On Wednesday 23 July 2003 12:16 pm, Reena Panwar wrote: | | > | | >> Hi | | >> | | >> Look you did not get my question.. | | >> | | >> I am using squid as a standalone web server. I don't want to use any | other | | >> wen server with it. I am not using squid as a proxy but as a web server | | >> which will run for me like a normal apache server but I have to use | squid | | >> only. | | > | | >Oh, I do apologise. I did not actually realise that it was possible to | run | | >Squid as a web server - I thought it was only a proxy. | | > | | >Thanks for enlightening me. | | > | | >Regards, | | > | | >Antony. | | > | | >-- | | > | | >You can spend the whole of your life trying to be popular, | | >but at the end of the day the size of the crowd at your funeral | | >will be largely dictated by the weather. | | > | | > - Frank Skinner | | > | | | | | | | | | | Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! | | http://login.mail.lycos.com/r/referral?aid=27005 | | |
Re: [squid-users] Wccp and squid problem
Sukhjit, I'm running WCCP since last 1 year and did not get any problem. please check your i see you packets and also check is wccp module loaded via commaned lsmod|grep wccp -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Sukhjit Singh" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, July 31, 2003 8:27 AM Subject: [squid-users] Wccp and squid problem | Hi all squid users, | | i am running sorry i was running squid +wccp v 2 for one moth and suddenly | there was a problem and my squid stoped responding, it was figured out that | the squid was working fine ( by using it as a proxy i check it) and only | problem was with the wccp module or wccp problem on the cisco router.Has | anybody faced the same situation, kindly tellme. | | Presently i am running squid and redirecting the traffic from router with | the help of PBR (Policy Based routing).it is working fine but has his own | drawbacks. | | So it is a kind request to all the developers who are researching on squid | to take care of this part of the squid to ( means connectivity with the | router), or we can just stop using wccp. | | |Regards | |Sukhjit Singh |Network Administrator |Emmsons Infotech Ltd. |SCO 13-14-15, Sec 34A, |Chandigarh-160 022 |(Ph): +91 172 606664 |[EMAIL PROTECTED] |http://www.emmtel.com | | - Original Message - | From: <[EMAIL PROTECTED]> | To: <[EMAIL PROTECTED]> | Sent: Thursday, July 31, 2003 8:31 AM | Subject: [squid-users] Cache peer and never_direct | | | > Hi, | > After a little help. I have a setup here where I want to force all | > users to use a cache | > peer *except a few*. | > | > I am also using NTLM auth and NT Global group checking | > | > It seems to be partially working where the 'direct' users always go direct | > but the 'peered' users | > are only partialy using the peer (some requests are going direct). | > | > Squid.conf snippet: | > | #*** | > | > external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group | > | > acl DirectProxyUsers external NT_global_group | > acl PeerProxyUsers external NT_global_group | > acl password proxy_auth REQUIRED | > | > never_direct allow all | > | > always_direct allow DirectProxyUsers | > | > Http_access allow password PeerProxyUsers | > Http_access allow password DirectProxyUsers | > | > | #*** | > | > | > I have confirmed that the external ACL is working ok. If I remove the | > always_direct line then | > all requests go to the peer as expected. If I change the | 'DirectProxyUsers' | > ACL to a standard 'SRC' | > or something then it also works as expected (just DirectProxyUsers go | > direct). Is there an issue with | > using an external helper with an always_direct or something? | > | > As it is, it seems that about 2 in 5 of requests from the users that match | > the 'PeerProxyUsers' ACL still | > Go direct. Why? | > | > Thanks in Advance, | > Andrew | > | |
Re: [squid-users] Squid, WCCP, and Loading?
my dear your all configuration are fine. but I'm sure you have problem in your module check is your module loaded.. lsmod |grep wccp let us know yes or no? -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Larry M. Smith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 04, 2003 10:52 AM Subject: [squid-users] Squid, WCCP, and Loading? | I am trying to set up Squid 2.5-STABLE3 as a transparent proxy with a | Cisco 7204 VXR (running IOS 12.2(6))and am running across a maddening | problem - works in test network, doesn't work in production network. | | I have read the FAQ as well as searched the lists. I have tried both | the ip_no_pmtu_disc and setting the MTU of eth0 back to 1476, and | neither worked (nor did I expect them to as when it doesn't work, it | doesn't work for redirection as well as it doesn't work hitting the | proxy directly). | | I am using the ip_wccp module as described in the FAQ. Have tried | ip_gre however ip_wccp just seems more straightforward to me. | | When it's not working, doing a "sh ip wccp web-cache" on the router will | show the redirected packet counter incrementing, access.log is logging | client accesses, cache.log shows no abnormalities, and messages shows no | abnormalities (i.e. if I wasn't sitting at the client everything would | look like it's working), top shows the box barely breaking a sweat | (squid taking < 1% of CPU), but the clients never get pages and | eventually time out. Did a sniff of the segment (with ethereal) that | the Squid box is on and it appears that redirected requests are going on | the segment, but Squid never (or more accurately very rarely) goes out | to get the data for the requests. (Conversely, in the test network, you | see the redirected request, Squid going out to get the data, the remote | server responding, and Squid sending the data back - this only happens | for a minute number of the redirected requests in the production | network). Once I disable the redirection from the Cisco side, clients | (test, small number) hitting the squid cache directly work once again | (no further intervention required). | | The only difference between the production and test networks (other than | client load) is the production network is redirecting off of atm1/0 | while the test network is redirecting off of fa0/0 (and the requisite | addressing/configuration changes). I don't believe that to be cause of | the functionality problem as in the production network I do see the | packets being redirected to Squid. | | The box is a dual P4 XEON 2.4G, hyperthreading (Linux sees "4" | processors) with 3GB RAM and 3 36GB U320 SCSI drives. Linux 2.4.20, | iptables 1.2.8, squid 2.5STABLE3. I do have fairly restrictive firewall | rules, however they are consistent between the production and test | environments therefore I don't at this point believe the issue lies there. | | Squid was compiled with: --prefix=/usr/local/squid | --enable-storeio=ufs,diskd --enable-removal-policies=lru,heap | --enable-wccp --disable-ident-lookups --enable-truncate | --enable-underscores --enable-linux-netfilter | | squid.conf excerpt: | http_port (IP Address eth0):8080 | httpd_accel_host virtual | httpd_accel_port 80 | httpd_accel_with_proxy on | httpd_accel_uses_host_header on | wccp_router (router's fa0/0 same subnet) | | iptables redirect: | iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 80 -s (myIPspace) | -j REDIRECT --to-port 8080 | | Cache partition mount options: | LABEL=/var/squid/0 /var/squid/0ext3 | defaults,noatime,noexec,nosuid1 2 | LABEL=/var/squid/1 /var/squid/1ext3 | defaults,noatime,noexec,nosuid1 2 | LABEL=/var/squid/2 /var/squid/2ext3 | defaults,noatime,noexec,nosuid1 2 | | router configuration: | ip wccp version 1 | ip wccp web-cache | (within the interface) ip wccp web-cache redirect out | | If I didn't know any better it would appear to be purely a load related | issue (within Squid, as the box doesn't appear to be doing anything) but | I know there has to be people out there throwing more at it than I am | (between 500-600 potential clients when I attempted to insert into the | production environment). | | Lastly, in the production environment (prior to trying Squid) I did have | a Cisco Cache Engine 590 running WCCPv2 against the same router (I did | configure the router for WCCPv1 w
Re: [squid-users] Squid, WCCP, and Loading?
yes I heard from someone since last 2 months that there is a bug in CISCO ios regarding WCCP but I don't know on which IOS :(... so better to change your IOS -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Damian-Grint Philip" <[EMAIL PROTECTED]> To: "'Larry M. Smith'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, August 04, 2003 12:41 PM Subject: RE: [squid-users] Squid, WCCP, and Loading? | I had similar symtoms - working fine on one 3620 but blocking on another, | even when I clamped path MTU down to 576... I eventually used a route map " | set df 0" for returning traffic which sorted the problem - I think there | may be a Cisco implementation bug... | | See this url for more details: | http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080 | 093f1f.shtml | | Phil DG | | -Original Message- | From: Larry M. Smith [mailto:[EMAIL PROTECTED] | Sent: 04 August 2003 06:53 | To: [EMAIL PROTECTED] | Subject: [squid-users] Squid, WCCP, and Loading? | | | I am trying to set up Squid 2.5-STABLE3 as a transparent proxy with a | Cisco 7204 VXR (running IOS 12.2(6))and am running across a maddening | problem - works in test network, doesn't work in production network. | | I have read the FAQ as well as searched the lists. I have tried both | the ip_no_pmtu_disc and setting the MTU of eth0 back to 1476, and | neither worked (nor did I expect them to as when it doesn't work, it | doesn't work for redirection as well as it doesn't work hitting the | proxy directly). | | I am using the ip_wccp module as described in the FAQ. Have tried | ip_gre however ip_wccp just seems more straightforward to me. | | When it's not working, doing a "sh ip wccp web-cache" on the router will | show the redirected packet counter incrementing, access.log is logging | client accesses, cache.log shows no abnormalities, and messages shows no | abnormalities (i.e. if I wasn't sitting at the client everything would | look like it's working), top shows the box barely breaking a sweat | (squid taking < 1% of CPU), but the clients never get pages and | eventually time out. Did a sniff of the segment (with ethereal) that | the Squid box is on and it appears that redirected requests are going on | the segment, but Squid never (or more accurately very rarely) goes out | to get the data for the requests. (Conversely, in the test network, you | see the redirected request, Squid going out to get the data, the remote | server responding, and Squid sending the data back - this only happens | for a minute number of the redirected requests in the production | network). Once I disable the redirection from the Cisco side, clients | (test, small number) hitting the squid cache directly work once again | (no further intervention required). | | The only difference between the production and test networks (other than | client load) is the production network is redirecting off of atm1/0 | while the test network is redirecting off of fa0/0 (and the requisite | addressing/configuration changes). I don't believe that to be cause of | the functionality problem as in the production network I do see the | packets being redirected to Squid. | | The box is a dual P4 XEON 2.4G, hyperthreading (Linux sees "4" | processors) with 3GB RAM and 3 36GB U320 SCSI drives. Linux 2.4.20, | iptables 1.2.8, squid 2.5STABLE3. I do have fairly restrictive firewall | rules, however they are consistent between the production and test | environments therefore I don't at this point believe the issue lies there. | | Squid was compiled with: --prefix=/usr/local/squid | --enable-storeio=ufs,diskd --enable-removal-policies=lru,heap | --enable-wccp --disable-ident-lookups --enable-truncate | --enable-underscores --enable-linux-netfilter | | squid.conf excerpt: | http_port (IP Address eth0):8080 | httpd_accel_host virtual | httpd_accel_port 80 | httpd_accel_with_proxy on | httpd_accel_uses_host_header on | wccp_router (router's fa0/0 same subnet) | | iptables redirect: | iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 80 -s (myIPspace) | -j REDIRECT --to-port 8080 | | Cache partition mount options: | LABEL=/var/squid/0 /var/squid/0ext3 | defaults,noatime,noexec,nosuid1 2 | LABEL=/var/squid/1 /var/squid/1ext3 | defaults,noatime,noexec,nosuid1 2 | LABEL=/var/squid/2 /var/squid/2ext3 | defa
Re: [squid-users] Squid, WCCP, and Loading?
Respected Henrik, If he is running WCCP then I think no need to block cache proxy traffic from router for intercepting... because Cisco router does not redirect wccp packets to cache that is in WCCP table. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "Larry M. Smith" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, August 04, 2003 12:53 PM Subject: Re: [squid-users] Squid, WCCP, and Loading? | On Monday 04 August 2003 07.52, Larry M. Smith wrote: | > I am trying to set up Squid 2.5-STABLE3 as a transparent proxy with | > a Cisco 7204 VXR (running IOS 12.2(6))and am running across a | > maddening problem - works in test network, doesn't work in | > production network. | | > will show the redirected packet counter incrementing, access.log is | > logging client accesses, cache.log shows no abnormalities, and | | > barely breaking a sweat (squid taking < 1% of CPU), but the clients | > never get pages and eventually time out. Did a sniff of the | | Have you instructed your router to not intercept Squid's own traffic? | | Same thing in the interception rules on your Squid server? (but if you | disable the interception on the Cisco I don't think this is the | problem..) | | > The only difference between the production and test networks (other | > than client load) is the production network is redirecting off of | > atm1/0 while the test network is redirecting off of fa0/0 (and the | > requisite addressing/configuration changes). I don't believe that | > to be cause of the functionality problem as in the production | > network I do see the packets being redirected to Squid. | | If you see traffic in access.log then the redirection is working. | | If you have enabled interception and then normal proxying does not | work then the interception is intercepting too much, preventing the | proxy itself from doing what it should. Remember that the proxy is | just a HTTP client like any other in the eye of interception rules | and if the proxy uses the same router as your clients then rules is | needed to instruct the router on what to do with the traffic. | | A very good test when verifying networing, interception rules etc is | to start by verifying that browsing directly from the proxy server | without using the proxy always works. For this purpose you can use | lynx/wgetor even squidclient (just remember to specify host and port | options to squidclient, or else it assumes you want to ask the | proxy..). If browsing from the proxy server does not work then there | is networking errors and proxying via the same can not work until the | networking errors are corrected. | | -- | Donations welcome if you consider my Free Squid support helpful. | https://www.paypal.com/xclick/business=hno%40squid-cache.org | | If you need commercial Squid support or cost effective Squid or | firewall appliances please refer to MARA Systems AB, Sweden | http://www.marasystems.com/, [EMAIL PROTECTED] |
Re: [squid-users] Squid, WCCP, transparent proxy
h if you have just single cache for your network then no need to run WCCP ... I will suggest better to redirect port 80 traffic to your cache simple is that. and of course iptables or ipchains will redirect your traffic. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Robert Mena" <[EMAIL PROTECTED]> To: "fooler" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, August 05, 2003 7:25 AM Subject: Re: [squid-users] Squid, WCCP, transparent proxy | Hi Fooler, | | Thanks for the reply. | | How stable is this wccp daemon ? | | If squid would be used in the same machine would I be | able to do this proxy without the wccp ? | | - rt | | --- fooler <[EMAIL PROTECTED]> wrote: | > | > - Original Message - | > From: "Robert Mena" <[EMAIL PROTECTED]> | > To: "Henrik Nordstrom" <[EMAIL PROTECTED]>; | > <[EMAIL PROTECTED]> | > Sent: Tuesday, August 05, 2003 7:22 AM | > Subject: Re: [squid-users] Squid, WCCP, transparent | > proxy | > | > | > > The actual Squid is a separate machine. | > > | > > What would be the normal interceptation ? | > | > since your router is separated from your squid | > machine and you wanted to | > have a wccp on your linux router box, all you need | > is a wccp daemon... you | > can get this at http://wccpd.sourceforge.net/ | > | > > iptables | > > with a redirect option ? | > | > yup since iptables is the latest firewall program | > for linux... | > | > | > > what would you suggest to have some sort of | > failover | > > mechanism. Suppose squid goes down it would | > forward | > > the requests... | > | > if you have a working wccp, then thats the point of | > wccp :-> | > | > fooler. | > | > | > | | | __ | Do you Yahoo!? | Yahoo! SiteBuilder - Free, easy-to-use web site design software | http://sitebuilder.yahoo.com |
Re: [squid-users] Strange Log
Onethine make sure that if the host name are same your Squid process will not killed up. if you are using UNIX of *NIX os then same name is not the issue becoz squid does not rely on netbios name. yes if you are using DNS same name it can be problem.. for more you will have to let us know... which OS and version you are using? which version of Squid you are using? also let us know about ur glibc version and gcc too? -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "Squid-users" <[EMAIL PROTECTED]> Sent: Friday, August 08, 2003 8:20 AM Subject: [squid-users] Strange Log | All, | | In the upgrade progress, my Squid crashed (kernel panic) immediately after | users starting to browse. Below I found a strange log. | | Thu Aug 7 16:10:10 2003.379 RELEASE -1 | 6BF7EAEC6EEDE0ABAB7063E887CF6E9E ? ? ? ? ?/? ?/? ? ? | Thu Aug 7 16:10:10 2003.379 RELEASE -1 | 7A32312ABBE6E4C4BA9C60A712F5CA52 ? ? ? ? ?/? ?/? ? ? | | All new configuration is exactly same with the old one. The only different | (and stupid) thing is I had 1 client machine that has same host name with | the Squid box. | | Does the double host name cause the problem? | What does the log above mean (no info at all)? | | Many thanks for your help | | Thx & Rgds, | | Awie | | |
Re: [squid-users] Strange Log
will suggest better to tune you system via kernel and system BIOS. If you have upgraded your BIOS you will have to reinstall OS due to hardware addresses. I will suggest if you are using Red Hat Linux 7.3 no need to upgrade Kernel. Linux 7.3 by default have patchec and tuned kernel which is usefull for corporate system.s -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]>; "Squid Support (Henrik Nordstrom)" <[EMAIL PROTECTED]> Sent: Friday, August 08, 2003 8:51 PM Subject: Re: [squid-users] Strange Log | Masood & Henrik | | Thanks for your answer. | | In my environment, there is no DNS server that handle naming service. I used | RH 7.3 (kernel 2.4.20), Squid 2.4.S7. The GCC version is 2.96. So far, the | machine run very well. | | As you and Henrik explained, seems the problem is coming from another | source. I should find out why the machine crashed. | | Thx & Rgds, | | Awie | | - Original Message - | From: "Masood Ahmad Shah" <[EMAIL PROTECTED]> | To: "Awie" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> | Sent: Friday, August 08, 2003 3:15 PM | Subject: Re: [squid-users] Strange Log | | | > Onethine make sure that if the host name are same your Squid process will | > not killed up. if you are using UNIX of *NIX os then same name is not the | > issue becoz squid does not rely on netbios name. yes if you are using DNS | > same name it can be problem.. | > for more you will have to let us know... | > | > which OS and version you are using? | > which version of Squid you are using? | > also let us know about ur glibc version and gcc too? | > | > -- | > | > Best Regs, | > Masood Ahmad Shah | > System Administrator | > | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > | * * * * * * * * * * * * * * * * * * * * * * * * | > | Fibre Net (Pvt) Ltd. Lahore, Pakistan | > | Tel: +92-42-6677024 | > | Mobile: +92-300-4277367 | > | http://www.fibre.net.pk | > | * * * * * * * * * * * * * * * * * * * * * * * * | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > Unix is very simple, but it takes a genius to understand the simplicity. | > (Dennis Ritchie) | > | > - Original Message - | > From: "Awie" <[EMAIL PROTECTED]> | > To: "Squid-users" <[EMAIL PROTECTED]> | > Sent: Friday, August 08, 2003 8:20 AM | > Subject: [squid-users] Strange Log | > | > | > | All, | > | | > | In the upgrade progress, my Squid crashed (kernel panic) immediately | after | > | users starting to browse. Below I found a strange log. | > | | > | Thu Aug 7 16:10:10 2003.379 RELEASE -1 | > | 6BF7EAEC6EEDE0ABAB7063E887CF6E9E ? ? ? ? ?/? ?/? ? ? | > | Thu Aug 7 16:10:10 2003.379 RELEASE -1 | > | 7A32312ABBE6E4C4BA9C60A712F5CA52 ? ? ? ? ?/? ?/? ? ? | > | | > | All new configuration is exactly same with the old one. The only | different | > | (and stupid) thing is I had 1 client machine that has same host name | with | > | the Squid box. | > | | > | Does the double host name cause the problem? | > | What does the log above mean (no info at all)? | > | | > | Many thanks for your help | > | | > | Thx & Rgds, | > | | > | Awie | > | | > | | > | | > | |
Re: [squid-users] Strange Log
your squid is running f9. but onething make sure that Squid does not depend on system board. Squid is an application. when you upgraded your BOIS it can make problem for file system. if file system is not working fine of course Squid will not. Becoz squid depend on file system, OS instead system board. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> Sent: Saturday, August 09, 2003 9:44 AM Subject: Re: [squid-users] Strange Log | Yes, Masood. | | The vendor of system board removing the feature that (perhaps) Squid need | it. After narrowing down the isolation, it seems Squid tried to write to its | cache directory and kernel became panic. | | Now, I downgrade the BIOS to older version that system able to run normal. | Now, it seems OK. | | Thx & Rgds, | | Awie | | ----- Original Message - | From: "Masood Ahmad Shah" <[EMAIL PROTECTED]> | To: "Awie" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> | Sent: Saturday, August 09, 2003 12:26 PM | Subject: Re: [squid-users] Strange Log | | | > will suggest better to tune you system via kernel and system BIOS. If you | > have upgraded your BIOS you will have to reinstall OS due to hardware | > addresses. I will suggest if you are using Red Hat Linux 7.3 no need to | > upgrade Kernel. Linux 7.3 by default have patchec and tuned kernel which | is | > usefull for corporate system.s | > | > | > -- | > | > Best Regs, | > Masood Ahmad Shah | > System Administrator | > | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > | * * * * * * * * * * * * * * * * * * * * * * * * | > | Fibre Net (Pvt) Ltd. Lahore, Pakistan | > | Tel: +92-42-6677024 | > | Mobile: +92-300-4277367 | > | http://www.fibre.net.pk | > | * * * * * * * * * * * * * * * * * * * * * * * * | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > Unix is very simple, but it takes a genius to understand the simplicity. | > (Dennis Ritchie) | > | > - Original Message - | > From: "Awie" <[EMAIL PROTECTED]> | > To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" | > <[EMAIL PROTECTED]>; "Squid Support (Henrik Nordstrom)" | > <[EMAIL PROTECTED]> | > Sent: Friday, August 08, 2003 8:51 PM | > Subject: Re: [squid-users] Strange Log | > | > | > | Masood & Henrik | > | | > | Thanks for your answer. | > | | > | In my environment, there is no DNS server that handle naming service. I | > used | > | RH 7.3 (kernel 2.4.20), Squid 2.4.S7. The GCC version is 2.96. So far, | the | > | machine run very well. | > | | > | As you and Henrik explained, seems the problem is coming from another | > | source. I should find out why the machine crashed. | > | | > | Thx & Rgds, | > | | > | Awie | > | | > | - Original Message - | > | From: "Masood Ahmad Shah" <[EMAIL PROTECTED]> | > | To: "Awie" <[EMAIL PROTECTED]>; "Squid-users" | > <[EMAIL PROTECTED]> | > | Sent: Friday, August 08, 2003 3:15 PM | > | Subject: Re: [squid-users] Strange Log | > | | > | | > | > Onethine make sure that if the host name are same your Squid process | > will | > | > not killed up. if you are using UNIX of *NIX os then same name is not | > the | > | > issue becoz squid does not rely on netbios name. yes if you are using | > DNS | > | > same name it can be problem.. | > | > for more you will have to let us know... | > | > | > | > which OS and version you are using? | > | > which version of Squid you are using? | > | > also let us know about ur glibc version and gcc too? | > | > | > | > -- | > | > | > | > Best Regs, | > | > Masood Ahmad Shah | > | > System Administrator | > | > | > | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > | > | * * * * * * * * * * * * * * * * * * * * * * * * | > | > | Fibre Net (Pvt) Ltd. Lahore, Pakistan | > | > | Tel: +92-42-6677024 | > | > | Mobile: +92-300-4277367 | > | > | http://www.fibre.net.pk | > | > | * * * * * * * * * * * * * * * * * * * * * * * * | > | > ^ ^ ^ ^ ^
Re: [squid-users] wccpv2 problems
what do u mean by precompiled ? If you mean to say that you have already compiled squid source and now you patched your squid source with wccp support.. for this you will have to run make clean before make -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Allen Stringfellow" <[EMAIL PROTECTED]> To: "SquidList" <[EMAIL PROTECTED]> Sent: Wednesday, August 06, 2003 7:41 AM Subject: [squid-users] wccpv2 problems | I am trying to compile Squid-2.5.3 on RedHat Linux 9.0 (kernel 2.4.21 with | ip_wccp.patch patched into the precompile includes). I ran the wccpv2.patch | against the precompiled squid source and ran the configure script | with --linux-netfilter , --delay-pools, --snmp, and --wccpv2 options | enabled. When I run 'make all' I get the following errors from the wccpv2 | mod: | | wccpv2.c || echo './'`wccpv2.c | wccpv2.c: In function `wccp2HandleUdp': | wccpv2.c:338: warning: unused variable `tmp' | wccpv2.c: In function `wccp2AssignBuckets': | wccpv2.c:483: parse error before "sizeof" | wccpv2.c:483: parse error before ')' token | wccpv2.c:442: warning: unused variable `wccp2_assign_bucket' | wccpv2.c:443: warning: unused variable `buckets_per_cache' | wccpv2.c:444: warning: unused variable `loop' | wccpv2.c:445: warning: unused variable `number_caches' | wccpv2.c:447: warning: unused variable `caches' | wccpv2.c:448: warning: unused variable `offset' | wccpv2.c:449: warning: unused variable `buckets' | wccpv2.c:450: warning: unused variable `buf' | make[3]: *** [wccpv2.o] Error 1 | | Is there a more current patch or am I doing something wrong?? | | |
Re: [squid-users] WCCP
it's not more than 100% :) I'm using it 90% so I think it must be typo error. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "RAHUL T. KARTHA" <[EMAIL PROTECTED]> To: "'Masood Ahmad Shah'" <[EMAIL PROTECTED]> Sent: Thursday, August 14, 2003 11:22 AM Subject: RE: [squid-users] WCCP I was just going through the mail archiver and found this ins one of the emails now if I understood it correctly 0 stands for minimam time 500% I don't know and 172800 stands for max time can u pls explain what that 500% means and what will be ideal time for all parameters I had seen a similar mail from you some time back on the similar topic but could not find it Thanks in advance refresh_pattern/i \.class$ 0 500% 172800 refresh_pattern/i \.gif$ 0 500% 172800 refresh_pattern/i \.jpg$ 0 500% 172800 refresh_pattern/i \.jpe$ 0 500% 172800 refresh_pattern/i \.jpeg$ 0 500% 172800 refresh_pattern/i \.png$ 0 500% 172800 refresh_pattern/i \.bmp$ 0 500% 172800 refresh_pattern/i \.tif$ 0 500% 172800 refresh_pattern/i \.tiff$ 0 500% 172800 refresh_pattern/i \.mov$ 0 500% 172800 refresh_pattern/i \.avi$ 0 500% 172800 refresh_pattern/i \.qt$ 0 500% 172800 refresh_pattern/i \.mpeg$ 0 500% 172800 refresh_pattern/i \.mpg$ 0 500% 172800 refresh_pattern/i \.mpe$ 0 500% 172800 refresh_pattern/i \.wav$ 0 500% 172800 refresh_pattern/i \.au$ 0 500% 172800 refresh_pattern/i \.mid$ 0 500% 172800 refresh_pattern/i \.zip$ 0 500% 172800 refresh_pattern/i \.gz$ 0 500% 172800 refresh_pattern/i \.arj$ 0 500% 172800 refresh_pattern/i \.lha$ 0 500% 172800 refresh_pattern/i \.lzh$ 0 500% 172800 refresh_pattern/i \.rar$ 0 500% 172800 refresh_pattern/i \.tgz$ 0 500% 172800 refresh_pattern/i \.tar$ 0 500% 172800 refresh_pattern/i \.exe$ 0 500% 172800 refresh_pattern/i \.bin$ 0 500% 172800 refresh_pattern/i \.hqx$ 0 500% 172800 refresh_pattern/i \.pdf$ 0 300% 172800 refresh_pattern/i \.rtf$ 0 300% 172800 refresh_pattern/i \.doc$ 0 300% 172800
Re: [squid-users] Squid, WCCP, transparent proxy
hmmm if you don't have cisco router... and you want to use WCCP. you can for this you will have to download http://rpmfind.net/linux/RPM/PLD/dists/ra/PLD/i386/PLD/RPMS/wccpd-0.2-2.i386.html But I will suggest better to redirect traffic for post 80 to your cache via Kernel firewall like ipchains or iptables. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Robert Mena" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 05, 2003 3:32 AM Subject: [squid-users] Squid, WCCP, transparent proxy | Hi, | | After reading the FAQ about wccp I still have some | doubts regarding my setup. | | My router is actually a linux box with some | synchronous cards and I'd like to "force" the users to | use the cache in order to save bandwidth. | | I'd would create some white list where direct access | should be granted, so some trouble sites could still | work but otherwise force the cache to be used. | | I am not quite sure what would be the best way to do | this. | | Any tips would be great! | | __ | Do you Yahoo!? | Yahoo! SiteBuilder - Free, easy-to-use web site design software | http://sitebuilder.yahoo.com |
Re: [squid-users] Compile WCCP module optimally
very simple http://www.sublime.com.au/squid-wccp/ -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "Squid-users" <[EMAIL PROTECTED]> Sent: Tuesday, August 12, 2003 7:12 PM Subject: [squid-users] Compile WCCP module optimally | All, | | Sorry for this (beginner) question. However, I want to know how to compile | match and optimally the ip_wccp.c into my RH 7.3 (kernel 2.4.21) on Pentium | 4 machine. | | Hope you would like to advise me. Your answer is very appreciated. | | Thx & Rgds, | | Awie | | | |
Re: [squid-users] WCCP
Paul, The docs you have already are for 2.4.xx kernel so you can use this patch for any kernel like 2.4.9 2.4.15 et.. I'm running WCCP with Squid 2.4 STABLE 2 /3 too and it's working like charm. patch your kernel with required patch and run it. if you face any problem let uw know. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 12, 2003 9:49 PM Subject: [squid-users] WCCP | I am looking at some documentation on installing and configuring WCCP for | use with squid. However those docs are for RedHat Linux v7.1 with a 2.4.9 | kernel and squid 2.4.STABLE2. I am running RedHat Linux 9 with a 2.4.20 | kernel and squid 2.5.STABLE3. | | I need to get WCCP running and seem to have problems getting my fingers | around the concept. I have seen a couple different docs for older versions | of Linux, one says I have to have wccp AND gre installed, one just calls for | gre. | | I am following the docs for the previously mentioned install but I can't | seem to compile the wccp module. | | I am, unfortunately, in a time crunch on this as I have to bring it up and | running for a test beginning on Friday the 15th and this was a twist I had | not previously planned on. Any assistance would be appreciated. | | | Paul Fiero | Information Security Analyst | City of Austin Communications and Technology Management | (512) 974-3559 | [EMAIL PROTECTED] | | CONFIDENTIALITY NOTICE: | | The information contained in this ELECTRONIC MAIL transmission is | confidential. It may also be privileged work product or proprietary | information. This information is intended for the exclusive use of the | addressee(s). If you are not the intended recipient, you are hereby notified | that any use, disclosure, dissemination, distribution [other than to the | addressee(s)], copying or taking of any action because of this information | is strictly prohibited. | | | | | Vampireware /n/, a project, capable of sucking the lifeblood out of anyone | unfortunate enough to be assigned to it, which never actually sees the light | of day, but nonetheless refuses to die. | | |
Re: [squid-users] Compile WCCP module optimally
yes it's very strange for me too. that you can not run simultenously both. becoz purpose of both these same. I mean to say you have wator system then y u r going to build up again wator system if you have already. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "Awie" <[EMAIL PROTECTED]> Cc: "Henrik Nordstrom" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> Sent: Thursday, August 14, 2003 8:12 PM Subject: Re: [squid-users] Compile WCCP module optimally | On Thu, 14 Aug 2003, Awie wrote: | | > Ahh so clear ! Thanks Henrik. | | I still wonder which document says both ip_wccp and ip_gre should be | loaded at the same time. | | Regards | Henrik | |
Re: [squid-users] checking link availability
Arfan, If you can not use WCCP. then I will suggest better to use Linux Clustering. your toplogy looks like shown below.. | Cache one Router---Linux Cluster Server | Cache two You can also use Squid sibling. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Arfan Ahmad" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 20, 2003 2:48 PM Subject: RE: [squid-users] checking link availability | Dear Sir | actually we have an ISP setup and running 120 lines and one | squid machine. Our uplink is of 256K and downlink 512K. the issue | is that I want to run two proxies without wccp , any idea how to | manage it so that we can balance the traffic load . | | Arfan Ahmad Rana | Suite #4 , 38-A Multinet Pvt Limited | Gulberg lll Lahore. | Mobile# 0333-4222766 | Office: 0425870588-95 | | | | |
Re: [squid-users] How may I block MSN Messenger...
I will suggest better to block it via your firewall it can be Linux firewall ipfw, ipchains, iptables or router etcc.. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Boniforti Flavio" <[EMAIL PROTECTED]> To: "'Adam Aube'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, August 20, 2003 4:44 PM Subject: RE: [squid-users] How may I block MSN Messenger... | > Scratch that - I made the silly mistake of assuming that | > req_mime_type would match on the entire data; it probably | > looks for the Content-Type: line and matches from there. | | Well... I'm still at it: | | acl msn_no_block src 10.167.211.165/255.255.255.255 | acl msn_server rep_mime_type ^application/x-msn-messenger | #acl msn_server dstdomain gateway.messenger.hotmail.com | #acl msn_server dst 207.46.110.0/255.255.255.0 | http_access deny !msn_no_block msn_server | http_access deny all | | | I alternatively tried the different "msn_server" ACLs, with no success! | My station's IP is 10.167.211.11, therefore it shouldn't be able to get | through (msn_no_block just contains ONE IP: 10.167.211.165). | | What now? | | Thank you again! | | |
Re: [squid-users] How may I block MSN Messenger...
ohh my dears simple is that block port 1863 and I'm 100% sure MSN will be blocked :) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Adam Aube" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 20, 2003 5:58 PM Subject: RE: [squid-users] How may I block MSN Messenger... | > Why I don't get any "TCP/DENIED" | | Because Squid is allowing the request, and is just blocking | the reply. | | > Should I be doing it on "req_mime_type" instead? | | That is the normal procedure. You would need to change the | "http_reply_access" line to "http_access". | | Adam |
Re: [squid-users] WCCPV2
hmm it seems to be all fine except .. you have not defind on your WCCP router redirection of wccp packets... like on your wccp WAN interface put ip wccp redirect out it will work like charm :) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Jason Chin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 21, 2003 4:29 PM Subject: [squid-users] WCCPV2 | Hi guys, im trying to get squid with wccpv2 running on a Redhat 8.0 box but | im having some problems. Im using a Cisco 3661 Router with IOS 12.2(15)T1. I | have successfully patched and recompiled my kernel without any errors with | the ip_wccp-2_4_18.patch found at squid.visolve.com. Im using Squid Cache | version 2.5.STABLE3 which has also been patched without any errors using the | wccpv2.patch and built with options: | ./configure --enable-async-io=120 --enable-removal-policies=heap --enable-ki | ll-parent-hack --enable-cachemgr-hostname=Alpha-Cache --enable-htcp --enable | -linux-netfilter --disable-hostname-checks --enable-cache-digests --enable -w | ccpv2. The squid.conf is the same i use on my mini squid farm (4 redhat 8.0 | boxes running squid 2.5 stable 3 and wccpv1) changing only stuff like | visible/unique_hostname and the new wccpv2 configs found after patching. | Rules for transparent proxy has been configured on the squid box | /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j | REDIRECT --to-ports 3128. I have confirmed squid and the port redirection is | working by configuring my browser to use the squid server as its proxy at | port 80 and 3128. | The Router and the squid wccpv2 box seem to be communicating with wccpv2: | | 2003/08/21 07:15:05| WCCP2 Assigning Redirect | 2003/08/21 07:15:11| Incoming WCCP v2 I_SEE_YOU length 132. | 2003/08/21 07:15:11| Incoming WCCP2_I_SEE_YOU received id = 4. | 2003/08/21 07:15:11| Incoming WCCP2_I_SEE_YOU member change = 0 tmp=2. | 2003/08/21 07:15:11| Incoming WCCP2_I_SEE_YOU member change = 2. | 2003/08/21 07:15:22| Incoming WCCP v2 I_SEE_YOU length 132. | 2003/08/21 07:15:22| Incoming WCCP2_I_SEE_YOU received id = 5. | 2003/08/21 07:15:22| Incoming WCCP2_I_SEE_YOU member change = 2 tmp=2. | 2003/08/21 07:15:33| Incoming WCCP v2 I_SEE_YOU length 132. | 2003/08/21 07:15:33| Incoming WCCP2_I_SEE_YOU received id = 6. | | WCCP-EVNT:S00: Built new router view: 0 routers, 0 usable web caches, change | # 0001 | WCCP-PKT:S00: Sending I_See_You packet to 192.168.1.10 w/ rcv_id 0001 | Aug 21 11:03:31: %WCCP-5-CACHEFOUND: Web Cache 192.168.1.10 acquired | WCCP-PKT:S00: Received valid Here_I_Am packet from 192.168.1.10 w/rcv_id | 0001 | WCCP-EVNT:S00: Built new router view: 1 routers, 1 usable web caches, change | # 0002 | WCCP-PKT:S00: Sending I_See_You packet to 192.168.1.10 w/ rcv_id 0002 | WCCP-PKT:S00: Received valid Here_I_Am packet from 192.168.1.10 w/rcv_id | 0002 | WCCP-PKT:S00: Sending I_See_You packet to 192.168.1.10 w/ rcv_id 0003 | | CORE-ROUTER#sho ip wccp web-cache | Global WCCP information: | Router information: | Router Identifier: 208.246.26.1 | Protocol Version:2.0 | | Service Identifier: web-cache | Number of Cache Engines: 1 | Number of routers: 1 | Total Packets Redirected:0 | Redirect access-list:TEST | Total Packets Denied Redirect: 3778 | Total Packets Unassigned:2090 | Group access-list: -none- | Total Messages Denied to Group: 0 | Total Authentication failures: 0 | | CORE-ROUTER#sho ip wccp web-cache detail | WCCP Cache-Engine information: | Web Cache ID: 192.168.1.10 | Protocol Version: 2.0 | State: Usable | Initial Hash Info: | | Assigned Hash Info: | | Hash Allotment:256 (100.00%) | Packets Redirected:0 | Connect Time: 00:00:55 | | However there is no activity in my squid access.log and surfing does not | work once wccpv2 is enabled on the router. Can anyone assist? Thanking you | in advance. | | -Jason | | | |
Re: [squid-users] how much disk space is required???
Sukhjit, Hard disk space depend on RAM + users. your RAM is okk if you can increase your rame upto 1 GB it will be fine. you can also increase your cache upto 40 GB or more if you are going to increase RAM. becoz if you have more space for objects in your cache it will not purge old object as often it will for less cache. I will suggest better to use refresh_pattren with more hard disk spache + RAM -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Sukhjit Singh" <[EMAIL PROTECTED]> To: "Jerry Murdock" <[EMAIL PROTECTED]>; "Francesco" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, August 21, 2003 4:28 PM Subject: [squid-users] how much disk space is required??? | Dear All Squid gurus, | | With God's grace i have a squid+wccp running fine till yet. | I have about 355request/minute | I have 20GB HDD which is almost 50% filled within 4 days | 512Mb RAM | | can anybody suggest me how much Hard Disk space is required my be according | to the number of requests coming. | | | | |Regards | |Sukhjit Singh |Network Administrator |Emmsons Infotech Ltd. |SCO 13-14-15, Sec 34A, |Chandigarh-160 022 |(Ph): +91 172 606664 |[EMAIL PROTECTED] |http://www.emmtel.com | | - Original Message - | From: "Jerry Murdock" <[EMAIL PROTECTED]> | To: "Francesco" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> | Sent: Thursday, August 21, 2003 4:22 PM | Subject: Re: [squid-users] R: [squid-users] POP3 authenticator | | | > google for pam_pop3 | > - Original Message - | > From: "Francesco" <[EMAIL PROTECTED]> | > To: "Jerry Murdock" <[EMAIL PROTECTED]>; "Francesco" | > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> | > Sent: Thursday, August 21, 2003 2:04 AM | > Subject: [squid-users] R: [squid-users] POP3 authenticator | > | > | > > Hi Jerry, and thank you in advanc for your kind interest! | > > | > > Could you please be so nice to explain me where i can fin the PAM Pop3 | > > Authenticator module?? I have made lots of research but i cannot find | > it! | > > | > > Thank you again, best best regards! | > > | > > Francesco Collini | > > | > > | > | > | > | | |
[squid-users] Squid Radius :: Nas_Port_Type Patch
Day before yesterday I installed the squid radius support. In our case
it was not like we can download and make install and the authentication
helper starts authenticating. I was getting authentication failure when
getting into squid with valid radius username/password. We started
thinking about why we are getting squid authentication failure.
Well, we finally finished with success. The problem was that there was a
parameter Nas_Port_Type need to send from squid authenticator helper to
radius server. We finally made it; we have added Nas-Port-Type support
to the squid_rad_auth authentication helper allowing sending
Nas-Port-Type via the authentication request packet to radius; The
Nas_Port_Type patch is available as an attachment.In patch the default
value for this attribute is 0; you can set your own by changing:
static int nasporttype = 0;
If you are new to linux/unix and don't know how to patch; this blog
might help.
http://weblogs.com.pk/jahil/archive/2007/04/30/patch-in-unix.aspx
Yea but I would not finish it without thanks to Khurram Bh; Khurram
<http://www.weblogs.com.pk/jahil/> is one of my colleagues who have good
programming problem-solving skills. He is one of those people I usually
go to visit him. We have been together and we share views. I appreciate
his very capable skills and his willingness to work hard to keep the
things smooth. I have always appreciated his support.
Regards,
Masood Ahmad Shah
http://www.nexlinx.net.pk
--- squid_rad_auth.c2006-05-24 19:27:32.0 +0500
+++ squid_rad_auth.c.nastype2007-06-12 18:07:42.0 +0500
@@ -82,6 +82,9 @@
static char identifier[MAXLINE] = "";
static char svc_name[MAXLINE] = "radius";
static int nasport = 111;
+
+static int nasporttype = 0;
+
static UINT4 nas_ipaddr;
static UINT4 auth_ipaddr;
static int retries = 30;
@@ -314,6 +317,19 @@
ptr += 4;
total_length += 6;
+//Lets add NAS-PORT-TYPE
+
+*ptr++ = PW_NAS_PORT_TYPE;
+*ptr++ = 6;
+
+ui = htonl(nasporttype);
+memcpy(ptr, &ui, 4);
+ptr += 4;
+total_length += 6;
+
+
+//End Here//
+
if (*identifier) {
int len = strlen(identifier);
*ptr++ = PW_NAS_ID;
Re: [squid-users] Memory leak?
very simple decrase your cache_mem to 32 not more than that and lets C :) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "shpendi " <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 01, 2003 2:50 PM Subject: [squid-users] Memory leak? | Hi there, | | I'm running a Squid 2.5.STABLE3 Squid on Redhat 9 linux installed on a dual P4 2.4GHz, 3GB RAM and 6xSCSI 320 harddisks. The proxy is configured to work as transparent. | The problem is that after the proxy starts being hit, the memory consumption is going high as time passes until it starts using swap. | I have configured cache_mem to 192MB, and the squid process is using around 500MB of RAM but the rest is being eaten somehow. When I turn the squid process down (regulary), only the memory used by Squid (500MB) are being released while around 2.5 GB are left allocated, and the only way to deallocate them is to restart the server. | I have upgraded redhat to its latest packages, and tried different malloc libraries (GNU, DL,...) but it didnt help. I turned memory pools off, but that didnt help either. I applied the memory leak patches for squid 2.5.3 although I didnt use those functions but everything remained the same. | I'm using ReiserFS filesystem on the disks where the cache resides (notail, noatime,nodiratime). | Can somebody give me a hint on what could be going wrong here. Any hint is apprecated. | Compile options: --enable-cache-digests --with-aio --enable-snmp --enable-gnuregex - -enable-removal-policies --enable-storeio=ufs,diskd --enable-linux-netfilter --disable-ident-lookups --enable-poll --enable-underscores --enable-xmalloc -statistics | ReiserFS: 3.6.25 | Kernel: 2.4.20-20.9smp | glibc: 2.3.2-27.9 | | Hope somebody has an idea of whats going on as I'm running out of options here :) | | regards, | Shpend Bakalli |
Re: [squid-users] Squid start problem
hmmm very strange you should make access.log and cache.log manully ..swap file squid will create automatically... simple is that.. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Ehsan Lesani" <[EMAIL PROTECTED]> To: "ads squid" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, September 02, 2003 9:39 AM Subject: Re: [squid-users] Squid start problem | Dear Friend. | You should not make access.log, cache.log & swap.log your self. | The squid will create them when it begins to work. | | Best wishes. | Ehsan Lesani. | | - Original Message - | From: "ads squid" <[EMAIL PROTECTED]> | To: "Ehsan Lesani" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> | Sent: Monday, September 01, 2003 2:13 PM | Subject: Re: [squid-users] Squid start problem | | | > I have added user and gruop. | > Then i Have given command : | > /usr/local/squid/sbin/squid -k parse | > | > No error. | > then command | > /usr/local/squid/sbin/squid -z | > | > Then I created files in directory "/var/log/squid" | > cache.log, access.log, store.log and swap.log | > | > no error. | > When i gave command | > /usr/local/squid/sbin/squid -NCd1 for first start of | > squid. It gives error as follows: | > | > [EMAIL PROTECTED] root]# /usr/local/squid/sbin/squid -NCd1 | > 2003/09/01 14:56:54| Starting Squid Cache version | > 2.5.STABLE3 for i686-pc-linux-gnu... | > 2003/09/01 14:56:54| Process ID 11628 | > 2003/09/01 14:56:54| With 1024 file descriptors | > available | > 2003/09/01 14:56:54| Performing DNS Tests... | > 2003/09/01 14:56:54| Successful DNS name lookup | > tests... | > 2003/09/01 14:56:54| DNS Socket created at 0.0.0.0, | > port 32778, FD 4 | > 2003/09/01 14:56:54| Adding nameserver 202.63.164.17 | > from /etc/resolv.conf | > 2003/09/01 14:56:54| Adding nameserver 202.63.164.18 | > from /etc/resolv.conf | > 2003/09/01 14:56:54| Unlinkd pipe opened on FD 9 | > 2003/09/01 14:56:54| Swap maxSize 512 KB, | > estimated 102400 objects | > 2003/09/01 14:56:54| Target number of buckets: 5120 | > 2003/09/01 14:56:54| Using 8192 Store buckets | > 2003/09/01 14:56:54| Max Mem size: 131072 KB | > 2003/09/01 14:56:54| Max Swap size: 512 KB | > 2003/09/01 14:56:54| /var/log/squid/swap.log.00: (13) | > Permission denied | > FATAL: storeUfsDirOpenSwapLog: Failed to open swap | > log. | > Aborted | > | > I have chomod swap.log to '777' still error. | > Help appreciated. | > Thanks | > | > --- Ehsan Lesani <[EMAIL PROTECTED]> wrote: | > > You can add a new group by 'groupadd' command. | > > You can do it in X also. | > > | > > Best Regards. | > > Ehsan Lesani. | > > - Original Message - | > > From: ads squid | > > To: Ehsan Lesani ; [EMAIL PROTECTED] | > > Sent: Sunday, August 31, 2003 9:07 AM | > > Subject: Re: [squid-users] Squid start problem | > > | > > | > > How to add user and user group for squid on Linux | > > 8.0 | > > Thanks | > > | > > | > > Ehsan Lesani <[EMAIL PROTECTED]> wrote: | > > Dear friend you can change the | > > cache_effective_user in your squid.conf | > > configuration file.But it would be better if you | > > add a squid user and a | > > squid group to your Linux. | > > | > > Best Ragrds. | > > Ehsan Lesani. | > > - Original Message - | > > From: "ads squid" | > > To: | > > Sent: Saturday, August 30, 2003 10:15 PM | > > Subject: [squid-users] Squid start problem | > > | > > | > > > I have compiled and installedsquid-2.5.STABLE3 | > > version | > > > on my Linix 8.0 machine. It went smothly. | > > > As per squid FAQ I have created cache | > > directory. cache | > > > partition is also there. | > > > | > > > when I gave command | > > > [EMAIL PROTECTED] squid-2.5.STABLE3]# | > > > /usr/local/squid/sbin/squid -k parse | > > > It gives error. | > > > | > > > FATAL: getpwnam failed to find userid
Re: [squid-users] squid cache
yes it means squid will use 100 MB for objects... not more -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Fritz Mesedilla" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 02, 2003 1:58 PM Subject: [squid-users] squid cache I don't have much on my test squid machine. I noticed it started to slow down after 3 days of usage and the drive was full. I was the only one using it as I was testing it. Is there a way for me to lessen or limit the drive usage? I saw this... cache_dir ufs /var/squid/cache 100 16 256 Does this mean squid will only use 100MB under this directory and nothing more? fritz --- + Basta Ikaw Lord -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by e-mail and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Overture Media, Inc. Direct Line: (632) 635-4785 Trunkline: (632) 631-8971 Local 146 Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100
Re: [squid-users] tweeking squid for vsats
If you are using VSAT service. then you will have to check your network delay instead to do something with squid. I will suggest better to check your packet delay on VSAT link like... ping www.yahoo.com and check icmp packet delay. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "RAHUL T. KARTHA" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 02, 2003 3:00 PM Subject: [squid-users] tweeking squid for vsats | Hi list | | I hope some one might have done this before | | My setup is as bellow | | Internal net > squid > vsat -> isp net --> isp vsat | > main backbone | | I am using squid-2.4.STABLE7-4 on Redhat 7.3 | | The main problem is delay | | Any suggestion is welcome | | | Regards | | RAHUL KARTHA | |
Re: [squid-users] tweeking squid for vsats
I want to bring your notice that setting you are going to tell Mr Rahul are by default set into Linux like show below.. 1) be sure that the followings are enabled in your /etc/sysctl.conf: net.ipv4.tcp_window_scaling=1 net.ipv4.tcp_timestamps=1 net.ipv4.tcp_sack=1 so no need to change these setting better to check again your upstream and downstream packet delay...first -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "fooler" <[EMAIL PROTECTED]> To: "RAHUL T. KARTHA" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, September 02, 2003 3:41 PM Subject: Re: [squid-users] tweeking squid for vsats | - Original Message - | From: "RAHUL T. KARTHA" <[EMAIL PROTECTED]> | To: <[EMAIL PROTECTED]> | Sent: Tuesday, September 02, 2003 6:00 PM | Subject: [squid-users] tweeking squid for vsats | | | > Hi list | > | > I hope some one might have done this before | > | > My setup is as bellow | > | > Internal net > squid > vsat -> isp net --> isp vsat | > > main backbone | > | > I am using squid-2.4.STABLE7-4 on Redhat 7.3 | > | > The main problem is delay | | the latency is caused by the speed of light and cant be decreased it... | therefore, the longer the path for a packet to travel (eg. satellite links), | the higher latency you will get | | here are my recommendations to improve your service: | | 1) be sure that the followings are enabled in your /etc/sysctl.conf: | | net.ipv4.tcp_window_scaling=1 | net.ipv4.tcp_timestamps=1 | net.ipv4.tcp_sack=1 | | 2) increase your tcp window size according to bandwidth-delay product | | 3) parent your squid to your "isp net" proxy server | | fooler. | | | | | | | |
Re: [squid-users] ftp problem
Babar, ftp data goes to port 21 and your gatway intercepting port 80 traffic so make sure that your ftp traffic will by pass proxy... -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "babar haq" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 03, 2003 11:08 AM Subject: Re: [squid-users] ftp problem | well u r right ...while trying different scenarios (with and without proxy) i forgot to remove the settings from the browser. | the interesting thing is if i remove the proxy from the browser i dont get any thing in access.log and "cannot display page" is displayed in ie. | i will try using some other browser and post the error i get | thanx | | Regards, | Babar Haq | - Original Message - | From: Henrik Nordstrom <[EMAIL PROTECTED]> | Date: Tue, 2 Sep 2003 19:16:50 +0200 | To: "babar haq" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] | Subject: Re: [squid-users] ftp problem | | > On Tuesday 02 September 2003 13.36, babar haq wrote: | > | > > browser:ftp://ftp.cybertrails.com/pub/redhat/redhat/ this is wat | > > comes out in access.log | > > 1062498026.415 240509 192.168.0.47 TCP_MISS/504 1477 GET | > > ftp://ftp.cybertrails.com/pub/redhat/redhat/ - NONE/- text/html | > | > Your Squid is not transparent if you get ftp:// in access.log.. for | > this to happen in the first place the browser must be configured to | > use Squid as a proxy. | > | > The problem here is that for some reason your Squid can not contact | > the requested FTP site. | > | > Try using Netscape or another browser which shows the real error given | > by the proxy instead of trying to guess wildly based on the status | > code alone like MSIE. This may give additional hints as to why your | > Squid can not contact the FTP server. | > | > Regards | > Henrik | > | > -- | > Donations welcome if you consider my Free Squid support helpful. | > https://www.paypal.com/xclick/business=hno%40squid-cache.org | > | > If you need commercial Squid support or cost effective Squid or | > firewall appliances please refer to MARA Systems AB, Sweden | > http://www.marasystems.com/, [EMAIL PROTECTED] | > | | -- | __ | Sign-up for your own personalized E-mail at Mail.com | http://www.mail.com/?sr=signup | | CareerBuilder.com has over 400,000 jobs. Be smarter about your job search | http://corp.mail.com/careers | |
Re: [squid-users] fake requests
Ahmad, this traffic is coming from worm effected machine.. I will suggest better to put firewall like cisco router and filter your traffic on url reg parse basis if you can not do that.. then simple blcok these URLs via squid access list... :) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Ahmad Khan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 03, 2003 1:09 PM Subject: [squid-users] fake requests | i am expiriencing fake requests from many clients , | which is towards random ip addresses which dont host | any web site or dont even listen on port 80 , do we | have any solution in squid ?? | | | regards | | eak | | __ | Do you Yahoo!? | Yahoo! SiteBuilder - Free, easy-to-use web site design software | http://sitebuilder.yahoo.com |
[squid-users] Re: ftp problem
Barbar, Squid is only for http. I mean to say port 80 traffic. if you want ftp proxy with transparent mode support. I will suggest use frox ftp transparent proxy really very good. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "babar haq" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 03, 2003 4:09 PM Subject: ftp problem | can i redirect port 21 to 8080 using iptables | actually i am using delay_pools to manage bandwidth and if i sourse nat or masq port 21 then i wont be able to do that ... | am i right... | waisay nice to know that there is a paki around on squid mailing list:) | i am from isb by the way | thanx | Regards, | Babar Haq | | -- | __ | Sign-up for your own personalized E-mail at Mail.com | http://www.mail.com/?sr=signup | | CareerBuilder.com has over 400,000 jobs. Be smarter about your job search | http://corp.mail.com/careers | |
Re: [squid-users] redirect url
if you are using Linux then better to do it via ipchains or iptables. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "babar haq" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 03, 2003 6:31 PM Subject: [squid-users] redirect url | i am running squid 2.5 stable 3. | i want a specific url to be serviced by a local windows iis webserver??? ie i want to redirect the url to a specific machine on our lan?? | is there any such option in squid?? | i hope my question is clear | | Regards, | Babar | -- | __ | Sign-up for your own personalized E-mail at Mail.com | http://www.mail.com/?sr=signup | | CareerBuilder.com has over 400,000 jobs. Be smarter about your job search | http://corp.mail.com/careers | |
Re: [squid-users] TCP_MISS/200 in logfile!
Numan, There are so many solutions to block things like that. 1> you can put an inline IDS before Squid...IDS will detect attack machines via IP and it will block these IPs from router or ipchains, iptables, ipfw if you are using Unix like os..it's depend on inline IDS settings. 2> you can filter these type of request via squid acl but it will not decrease load on your network. better to block these IPs for port 80 :). 3> One of the best solution if you remembred NIMDA or Code red days. :). I guess you have cisco router if yes. then check the way how u can block these type of attcks shown below... first check your IOS 7200 12.1(5)T 7100 12.1(5)T 3660 12.1(5)T 3640 12.1(5)T 3620 12.1(5)T 2600 12.1(5)T 1700 12.2(5)T Note: You need to enable Cisco Express Forwarding (CEF) in order to use Network-Based Application Recognition (NBAR). 1>Router(config)#class-map match-any http-hacks Router(config-cmap)#match protocol http url "*NONE/*"2>Router(config)#policy-map mark-inbound-http-hacks Router(config-pmap)#class http-hacks Router(config-pmap)#set ip dscp 1 3>Router(config)#interface serial 0/0 Router(config-if)#service-policy input mark-inbound-http-hacks4>Router(config)#access-list 105 deny ip any any dscp 1 Router(config)#access-list 105 permit ip any any 5>Router(config)#interface ethernet 0/0 Router(config-if)#ip access-group 105 out I'm sure it will work like charm. :) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Nauman Malik" <[EMAIL PROTECTED]> To: "Henrik Nordstrom" <[EMAIL PROTECTED]>; "squid" <[EMAIL PROTECTED]> Sent: Wednesday, September 10, 2003 3:48 PM Subject: Re: [squid-users] TCP_MISS/200 in logfile! Yes...that is true...But is it possible that we add some ACL or filter in squid to block these types of requests? *** REPLY SEPARATOR *** On 9/10/2003 at 12:14 PM Henrik Nordstrom wrote: >On Wednesday 10 September 2003 11.18, Nauman Malik wrote: >> I have lots of TCP_MISS/504 in log files. It slows down my proxy as >> well. Any idea?. >> >> >> 1063160536.044 509082 202.15.52.45 TCP_MISS/504 1021 GET >> http://202.100.131.202/ - NONE/- - 1063160536.044 509617 >> 202.15.52.45 TCP_MISS/504 1021 GET http://202.100.132.189/ - NONE/- >> - 1063160537.027 509295 202.15.52.45 TCP_MISS/504 1019 GET >> http://202.100.132.28/ - NONE/- - 1063160537.027 509535 >> 202.15.52.45 TCP_MISS/504 1019 GET http://202.100.132.30/ - NONE/- >> - 1063160537.027 509325 202.15.52.45 TCP_MISS/504 1021 GET >> http://202.100.131.200/ - NONE/- - 1063160537.027 419656 >> 202.15.52.45 TCP_MISS/504 1021 GET http://202.100.160.153/ - NONE/- >> - 1063160539.014 509486 202.15.52.45 TCP_MISS/504 1021 GET >> http://202.100.132.238/ - NONE/- - 1063160539.014 509342 >> 202.15.52.45 TCP_MISS/504 1021 GET http://202.100.133.206/ - NONE/- >> - > >Most likely the client with IP 202.15.52.45 is infected by a >virus/worm trying to propagate itself to random IIS servers on the >net or otherwise scanning the network for HTTP servers via your >proxy. > >Regards >Henrik > >-- >Donations welcome if you consider my Free Squid support helpful. >https://www.paypal.com/xclick/business=hno%40squid-cache.org > >If you need commercial Squid support or cost effective Squid or >firewall appliances please refer to MARA Systems AB, Sweden >http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] WCCP issue
if you are using wccp then no need to deny Squid box ip in redirect-to-squid access list. becoz cisco router does not route wccp cache to traffic to wccp cache. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "Squid-users" <[EMAIL PROTECTED]> Sent: Thursday, September 11, 2003 5:43 PM Subject: [squid-users] WCCP issue | All, | | I was succesfull to run WCCP with my old box (Linux 2.2.19 and Squid 2.3.S4) | using WCCP patch of Joe Copper. | | Now, I use new version of Linux 2.4.21 and Squid 2.4S7 and Cisco 3660 with | IOS 12.1. The router did not work well to redirect the packets. Below the | messages in Linux box and Cisco Router as well. | | | # lsmod | | Module Size Used byNot Tainted | ipt_REDIRECT1408 1 (autoclean) | ip_wccp 1456 0(unused) | | | dpr-gtw-01#sh ip wccp | Global WCCP information: | Router information: | Router Identifier: aaa.aaa.aaa.aaa | Protocol Version:1.0 | | Service Identifier: web-cache | Number of Cache Engines: 1 | Number of routers: 1 | Total Packets Redirected:14159 | Redirect access-list:redirect-to-squid | Total Packets Denied Redirect: 17336 | Total Packets Unassigned:222478 | Group access-list: squid-cache | Total Messages Denied to Group: 0 | Total Authentication failures: 0 | | Herewith IOS setting : | | ! | ip wccp version 1 | ip wccp web-cache redirect-list redirect-to-squid group-list squid-cache | ! | ! | interface Serial1/0 | Bla..bla...bla. | ip wccp web-cache redirect out | ! | interface Serial1/1 | Bla..bla...bla. | ip wccp web-cache redirect out | ! | ! | ip access-list standard squid-cache | permit ip.of.my.Squid | ! | ip access-list extended redirect-to-squid | deny tcp host ip.of.my.squid any eq www | permit ip my.subnet.block.list any | deny tcp any any eq www | ! | ! | ! | | FYI, I have 2 Internet links that attached to both serial of router. | | Why did the router display lines below? | What does the packet unassigned mean? Is it any non-HTTP packet? | | Total Packets Denied Redirect: 17336 | Total Packets Unassigned:222478 | | Your answer is very appreciated and waited for. | | Thx & Rgds, | | Awie | | | |
Re: [squid-users] WCCP issue
you have misunderstand my words. I said no need to block WCCP proxy traffic regarding redirecting becoz cisco router does not route proxy packet. If a proxy is listed in wccp. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> Sent: Thursday, September 11, 2003 8:24 PM Subject: Re: [squid-users] WCCP issue | Masood, | | Do you mean I can remove the both standard and extend access-list? Would you | give me the IOS sample? | | I used the same IOS command as my last succesfull setting that using both | access-list. | | Thx & Rgds, | | Awie | | ----- Original Message - | From: "Masood Ahmad Shah" <[EMAIL PROTECTED]> | To: "Awie" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> | Sent: Thursday, September 11, 2003 9:18 PM | Subject: Re: [squid-users] WCCP issue | | | > if you are using wccp then no need to deny Squid box ip in | redirect-to-squid | > access list. becoz cisco router does not route wccp cache to traffic to | wccp | > cache. | > | > -- | > | > Best Regs, | > Masood Ahmad Shah | > System Administrator | > | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > | * * * * * * * * * * * * * * * * * * * * * * * * | > | Fibre Net (Pvt) Ltd. Lahore, Pakistan | > | Tel: +92-42-6677024 | > | Mobile: +92-300-4277367 | > | http://www.fibre.net.pk | > | * * * * * * * * * * * * * * * * * * * * * * * * | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > Unix is very simple, but it takes a genius to understand the simplicity. | > (Dennis Ritchie) | > | > - Original Message - | > From: "Awie" <[EMAIL PROTECTED]> | > To: "Squid-users" <[EMAIL PROTECTED]> | > Sent: Thursday, September 11, 2003 5:43 PM | > Subject: [squid-users] WCCP issue | > | > | > | All, | > | | > | I was succesfull to run WCCP with my old box (Linux 2.2.19 and Squid | > 2.3.S4) | > | using WCCP patch of Joe Copper. | > | | > | Now, I use new version of Linux 2.4.21 and Squid 2.4S7 and Cisco 3660 | with | > | IOS 12.1. The router did not work well to redirect the packets. Below | the | > | messages in Linux box and Cisco Router as well. | > | | > | | > | # lsmod | > | | > | Module Size Used byNot Tainted | > | ipt_REDIRECT1408 1 (autoclean) | > | ip_wccp 1456 0(unused) | > | | > | | > | dpr-gtw-01#sh ip wccp | > | Global WCCP information: | > | Router information: | > | Router Identifier: aaa.aaa.aaa.aaa | > | Protocol Version:1.0 | > | | > | Service Identifier: web-cache | > | Number of Cache Engines: 1 | > | Number of routers: 1 | > | Total Packets Redirected:14159 | > | Redirect access-list:redirect-to-squid | > | Total Packets Denied Redirect: 17336 | > | Total Packets Unassigned:222478 | > | Group access-list: squid-cache | > | Total Messages Denied to Group: 0 | > | Total Authentication failures: 0 | > | | > | Herewith IOS setting : | > | | > | ! | > | ip wccp version 1 | > | ip wccp web-cache redirect-list redirect-to-squid group-list squid-cache | > | ! | > | ! | > | interface Serial1/0 | > | Bla..bla...bla. | > | ip wccp web-cache redirect out | > | ! | > | interface Serial1/1 | > | Bla..bla...bla. | > | ip wccp web-cache redirect out | > | ! | > | ! | > | ip access-list standard squid-cache | > | permit ip.of.my.Squid | > | ! | > | ip access-list extended redirect-to-squid | > | deny tcp host ip.of.my.squid any eq www | > | permit ip my.subnet.block.list any | > | deny tcp any any eq www | > | ! | > | ! | > | ! | > | | > | FYI, I have 2 Internet links that attached to both serial of router. | > | | > | Why did the router display lines below? | > | What does the packet unassigned mean? Is it any non-HTTP packet? | > | | > | Total Packets Denied Redirect: 17336 | > | Total Packets Unassigned:222478 | > | | > | Your answer is very appreciated and waited for. | > | | > | Thx & Rgds, | > | | > | Awie | > | | > | | > | | > | | > | |
Re: [squid-users] WCCP issue
no by default squid enable wccp ... so no need to compile with wccp support. if you want to disable wccp then you can put --disable-wccp. There is some buggy IOS in cisco they did not redirect traffic or did not allot hash code. so better to change your IOS on cisco router. if it does not solve porblem then better to check wccp module lsmod | grep wccp onthing more make sure you have ip wccp redirect out on your router border interface -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> Sent: Friday, September 12, 2003 9:11 AM Subject: Re: [squid-users] WCCP issue | After I clear WCCP statistic, I found a strange condition as below: | | dpr-gtw-01#sh ip wccp | Global WCCP information: | Router information: | Router Identifier: my.router.ip.adrr | Protocol Version:1.0 | | Service Identifier: web-cache | Number of Cache Engines: 1 | Number of routers: 1 | Total Packets Redirected:0 | Redirect access-list:redirect-to-squid | Total Packets Denied Redirect: 0 | Total Packets Unassigned:4578 | Group access-list: squid-cache | Total Messages Denied to Group: 0 | Total Authentication failures: 0 | | dpr-gtw-01#sh ip wccp web-cache detail | WCCP Cache-Engine information: | IP Address:aaa.aaa.aaa.aaa | Protocol Version: 0.3 | State: Usable | Initial Hash Info: | | Assigned Hash Info: | | Hash Allotment:0 (0.00%) | Packets Redirected:0 | Connect Time: 00:08:25 | | dpr-gtw-01#sh ip wccp web-cache detail | WCCP Cache-Engine information: | IP Address:aaa.aaa.aaa.aaa | Protocol Version: 0.3 | State: Usable | Initial Hash Info: | | Assigned Hash Info: | | Hash Allotment:0 (0.00%) | Packets Redirected:0 | Connect Time: 00:08:30 | | dpr-gtw-01#sh ip wccp web-cache detail | WCCP Cache-Engine information: | IP Address:aaa.aaa.aaa.aaa | Protocol Version: 0.3 | State: Usable | Initial Hash Info: | | Assigned Hash Info: | | Hash Allotment:0 (0.00%) | Packets Redirected:0 | Connect Time: 00:08:30 | | There are only Unassigned Packets displayed and the HASH Allotment is 0. I | suspect it is because of Linux / Squid issue instead Cisco IOS. | | I configured the Squid without any parameter. Should I use the --enable-wccp | parameters? | | Thx & Rgds, | | Awie | | - Original Message ----- | From: "Awie" <[EMAIL PROTECTED]> | To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" | <[EMAIL PROTECTED]> | Sent: Thursday, September 11, 2003 11:24 PM | Subject: Re: [squid-users] WCCP issue | | | > Masood, | > | > Do you mean I can remove the both standard and extend access-list? Would | you | > give me the IOS sample? | > | > I used the same IOS command as my last succesfull setting that using both | > access-list. | > | > Thx & Rgds, | > | > Awie | > | > - Original Message - | > From: "Masood Ahmad Shah" <[EMAIL PROTECTED]> | > To: "Awie" <[EMAIL PROTECTED]>; "Squid-users" | <[EMAIL PROTECTED]> | > Sent: Thursday, September 11, 2003 9:18 PM | > Subject: Re: [squid-users] WCCP issue | > | > | > > if you are using wccp then no need to deny Squid box i
Re: [squid-users] WCCP issue
Awie, Better to change IOS as you was running before. There must be something wrong with IOS or WCCP module. If wccp module is working f9 then better to change IOS. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> Sent: Friday, September 12, 2003 1:55 PM Subject: Re: [squid-users] WCCP issue | Masood, | | Seems the problem because of CEF issue. My router has IOS version 12.1.(3)T | that pretty old (as my friend at Cisco said), perhaps having problem with IP | GRE as stated in the FAQ below: | | *** | | IOS 12.x problems | Some people report problems with WCCP and IOS 12.x. They see truncated or | fragmented GRE packets arriving at the cache. Apparently it works if you | disable Cisco Express Forwarding for the interface: | | conf t | ip cef # some systems may already have 'ip cef global' | int Ethernet 0/0 (or int FastEthernet 0/0 or other internal interface) | no ip route-cache cef | CTRL Z | | This may well be fixed in later releases of IOS. | | *** | | Now, I use route map instead WCCP and run normally, but I still want to use | WCCP. As it is save and better than route map. | | Your advise please. | | Thx & Rgds, | | Awie | | - Original Message - | From: "Masood Ahmad Shah" <[EMAIL PROTECTED]> | To: "Awie" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> | Sent: Friday, September 12, 2003 1:33 PM | Subject: Re: [squid-users] WCCP issue | | | > no by default squid enable wccp ... so no need to compile with wccp | support. | > if you want to disable wccp then you can put --disable-wccp. | > There is some buggy IOS in cisco they did not redirect traffic or did not | > allot hash code. so better to change your IOS on cisco router. | > if it does not solve porblem then better to check wccp module | > lsmod | grep wccp | > | > | > onthing more make sure you have ip wccp redirect out on your router border | > interface | > | > -- | > | > Best Regs, | > Masood Ahmad Shah | > System Administrator | > | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > | * * * * * * * * * * * * * * * * * * * * * * * * | > | Fibre Net (Pvt) Ltd. Lahore, Pakistan | > | Tel: +92-42-6677024 | > | Mobile: +92-300-4277367 | > | http://www.fibre.net.pk | > | * * * * * * * * * * * * * * * * * * * * * * * * | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > Unix is very simple, but it takes a genius to understand the simplicity. | > (Dennis Ritchie) | > | > - Original Message - | > From: "Awie" <[EMAIL PROTECTED]> | > To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" | > <[EMAIL PROTECTED]> | > Sent: Friday, September 12, 2003 9:11 AM | > Subject: Re: [squid-users] WCCP issue | > | > | > | After I clear WCCP statistic, I found a strange condition as below: | > | | > | dpr-gtw-01#sh ip wccp | > | Global WCCP information: | > | Router information: | > | Router Identifier: my.router.ip.adrr | > | Protocol Version:1.0 | > | | > | Service Identifier: web-cache | > | Number of Cache Engines: 1 | > | Number of routers: 1 | > | Total Packets Redirected:0 | > | Redirect access-list:redirect-to-squid | > | Total Packets Denied Redirect: 0 | > | Total Packets Unassigned:4578 | > | Group access-list: squid-cache | > | Total Messages Denied to Group: 0 | > | Total Authentication failures: 0 | > | | > | dpr-gtw-01#sh ip wccp web-cache detail | > | WCCP Cache-Engine information: | > | IP Address:aaa.aaa.aaa.aaa | > | Protocol Version: 0.3 | > | State: Usable | > | Initial Hash Info: | > | | > | Assigned Hash Info: | > |
Re: [squid-users] Squid seem to be slower than our Novell BorderManger
Squid is http proxy. It can ftp to some server which can understand how to run ftp over http. If you want to run pure ftp proxy server for this you will have to run ftp proxy server like frox. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Abdul Khader" <[EMAIL PROTECTED]> To: "Henrik Nordstrom" <[EMAIL PROTECTED]>; "Mathew Thomas" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, September 12, 2003 2:06 PM Subject: Re: [squid-users] Squid seem to be slower than our Novell BorderManger | Hi, | I am a newbi to squid. I would like to know if I can | do ftp over squid. By default it does not do ftp. I | would be obliged of any early help. | THanks in advance. | | REgards | Abdul Khader | | --- Henrik Nordstrom <[EMAIL PROTECTED]> wrote: | > fre 2003-09-12 klockan 06.14 skrev Mathew Thomas: | > > Hi Adam, | > > | > > I am not raiding the cache disk - mounting as six | > cache disk. I can't see any bottleneck | > | > Neither can I and assuming all hardware and | > networking works as expected | > you should not notice Squid in the request path with | > this low load.. | > | > When load starts to increase you may run into | > bottlenecks, but not when | > testing with only a few clients. | > | > I would start by verifying that the networking is | > correct | > | > * Cabling | > * Half/full duplex selection | > * Routing | > * DNS configuration | > | > Regards | > Henrik | > | > -- | > Donations welcome if you consider my Free Squid | > support helpful. | > | https://www.paypal.com/xclick/business=hno%40squid-cache.org | > | > Please consult the Squid FAQ and other available | > documentation before | > asking Squid questions, and use the squid-users | > mailing-list when no | > answer can be found. Private support questions is | > only answered | > for a fee or as part of a commercial Squid support | > contract. | > | > If you need commercial Squid support or cost | > effective Squid and | > firewall appliances please refer to MARA Systems AB, | > Sweden | > http://www.marasystems.com/, [EMAIL PROTECTED] | > | | | __ | Do you Yahoo!? | Yahoo! SiteBuilder - Free, easy-to-use web site design software | http://sitebuilder.yahoo.com |
Re: [squid-users] WCCP issue
Awie, Check have you place ip wccp redirect out on your router interface.:) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> Sent: Friday, September 12, 2003 5:56 PM Subject: Re: [squid-users] WCCP issue | The situation change so fast as I tried some possibilities. After I change | the WCCP version in the squid.conf to be 4. The router captured a correct | things as below: | | dpr-gtw-01#sh ip w w d | WCCP Cache-Engine information: | IP Address:my.squid.ip.addr | Protocol Version: 0.4 | State: Usable | Initial Hash Info: | | Assigned Hash Info: | | Hash Allotment:256 (100.00%) | Packets Redirected:0 | Connect Time: 00:01:37 | | It seems becoming better than before (compare to my last email). I also | disabled the CEF at the interface that has ip wccp command. | However, the packet still was not redirected | | Thx & Rgds, | | Awie | | ----- Original Message - | From: "Masood Ahmad Shah" <[EMAIL PROTECTED]> | To: "Awie" <[EMAIL PROTECTED]>; "Squid-users" <[EMAIL PROTECTED]> | Sent: Friday, September 12, 2003 5:26 PM | Subject: Re: [squid-users] WCCP issue | | | > Awie, | > | > Better to change IOS as you was running before. There must be something | > wrong with IOS or WCCP module. If wccp module is working f9 then better to | > change IOS. | > | > -- | > | > Best Regs, | > Masood Ahmad Shah | > System Administrator | > | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > | * * * * * * * * * * * * * * * * * * * * * * * * | > | Fibre Net (Pvt) Ltd. Lahore, Pakistan | > | Tel: +92-42-6677024 | > | Mobile: +92-300-4277367 | > | http://www.fibre.net.pk | > | * * * * * * * * * * * * * * * * * * * * * * * * | > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | > Unix is very simple, but it takes a genius to understand the simplicity. | > (Dennis Ritchie) | > | > - Original Message - | > From: "Awie" <[EMAIL PROTECTED]> | > To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>; "Squid-users" | > <[EMAIL PROTECTED]> | > Sent: Friday, September 12, 2003 1:55 PM | > Subject: Re: [squid-users] WCCP issue | > | > | > | Masood, | > | | > | Seems the problem because of CEF issue. My router has IOS version | > 12.1.(3)T | > | that pretty old (as my friend at Cisco said), perhaps having problem | with | > IP | > | GRE as stated in the FAQ below: | > | | > | *** | > | | > | IOS 12.x problems | > | Some people report problems with WCCP and IOS 12.x. They see truncated | or | > | fragmented GRE packets arriving at the cache. Apparently it works if you | > | disable Cisco Express Forwarding for the interface: | > | | > | conf t | > | ip cef # some systems may already have 'ip cef global' | > | int Ethernet 0/0 (or int FastEthernet 0/0 or other internal | > interface) | > | no ip route-cache cef | > | CTRL Z | > | | > | This may well be fixed in later releases of IOS. | > | | > | *** | > | | > | Now, I use route map instead WCCP and run normally, but I still want to | > use | > | WCCP. As it is save and better than route map. | > | | > | Your advise please. | > | | > | Thx & Rgds, | > | | > | Awie | > | | > | - Original Message - | > | From: "Masood Ahmad Shah" <[EMAIL PROTECTED]> | > | To: "Awie" <[EMAIL PROTECTED]>; "Squid-users" | > <[EMAIL PROTECTED]> | > | Sent: Friday, September 12, 2003 1:33 PM | > | Subject: Re: [squid-users] WCCP issue | > | | > | | > | > no by default squid enable wccp ... so no need to compile with wccp | > | support. | > | > if you want to disable wccp then you can put --disable-wccp. | > | > There is some
Re: [squid-users] swuid / worm weirdness
Brad, Better to place access list on your wccp router. It will redirect only your networks packet. I'm sure it will help. You can also parse access.log with simple perl script and blcok IPs on your squid box. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Brad Groshok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 13, 2003 7:27 AM Subject: [squid-users] swuid / worm weirdness | This topic has kind of been touched on here in the last few days. | | Running squid2.5stable3 on Redhat9 | Transparent mode from a cisco 7206VXR WCCP1 | | I was just tailing access.log | and noticed a particular ip address accessing what appeared to be random | IP addresses. (customer using that ip address prolly hit with one of the | latest worms) | | So I figgured I'd cut access from that customer till we can contact them | and get their system cleaned up. | | Changed their password so they could not get logged back in. | Then disconnected their DSL connection to our network. | | So at this point we don't have anybody using this particular address. | | Still tailing squid access.log | Its still showing that IP address making requests to random ip addresses. | 10 min later!!! | | 15 min later still a couple requests here and there, Not as frequent, but | they are still showing up in access.log. | And guaranteed nobody is connected to that port/ip address. | (Sample access.log below) | | Is it possible that these worms are causing our squid boxes to get this | far behind in processing request. Taking over 10 min to get caught up once | the offending source is disconnected? | | | | Sample access.log: | | 1063418773.024 240213 x.x.x.x TCP_MISS/504 1353 GET | http://219.30.176.25/ - NONE/- text/html | 1063418773.024 240305 x.x.x.x TCP_MISS/504 1351 GET | http://210.90.151.3/ - NONE/- text/html | 1063418774.524 240173 x.x.x.x TCP_MISS/504 1353 GET | http://220.71.37.187/ - NONE/- text/html | 1063418774.524 240240 x.x.x.x TCP_MISS/504 1355 GET | http://128.90.223.113/ - NONE/- text/html | 1063418774.524 241519 x.x.x.x TCP_MISS/504 1353 GET | http://211.37.25.196/ - NONE/- text/html | 1063418775.128 240807 x.x.x.x TCP_MISS/504 1355 GET | http://211.114.62.254/ - NONE/- text/html | 1063418776.770 240180 x.x.x.x TCP_MISS/504 1355 GET | http://196.46.173.122/ - NONE/- text/html | 1063418776.770 244050 x.x.x.x TCP_MISS/504 1355 GET | http://202.123.179.21/ - NONE/- text/html | 1063418777.010 245607 x.x.x.x TCP_MISS/504 1353 GET | http://61.214.68.198/ - NONE/- text/html | 1063418777.010 246002 x.x.x.x TCP_MISS/504 1355 GET | http://219.101.249.35/ - NONE/- text/html | 1063418778.101 240098 x.x.x.x TCP_MISS/504 1355 GET | http://211.50.237.107/ - NONE/- text/html | 1063418778.101 240096 x.x.x.x TCP_MISS/504 1353 GET | http://211.28.206.68/ - NONE/- text/html | 1063418781.003 239995 x.x.x.x TCP_MISS/504 1355 GET | http://211.204.118.87/ - NONE/- text/html | 1063418781.003 239995 x.x.x.x TCP_MISS/504 1355 GET | http://134.128.67.113/ - NONE/- text/html | | | |
Re: [squid-users] FQDN requests only
imposible without hacking squid code -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Nauman Malik" <[EMAIL PROTECTED]> To: "Henrik Nordstrom" <[EMAIL PROTECTED]> Cc: "squid" <[EMAIL PROTECTED]> Sent: Tuesday, September 16, 2003 3:07 PM Subject: [squid-users] FQDN requests only Can we configure our Squid to allow requests only for fully qualified domain names. And deny all requests made for IP addresses. Regards, Nauman.
Re: [squid-users] FQDN requests only
hmm really very strange ... if you are blocking IPs via regex .then always keep in mind squid internal dns will resolve FQDN to IP it will match again this IP with regex becoz now you are going to access internet . so I'm sure it will not work. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Hegedus, Ervin" <[EMAIL PROTECTED]> To: "Nauman Malik" <[EMAIL PROTECTED]> Cc: "squid" <[EMAIL PROTECTED]> Sent: Tuesday, September 16, 2003 3:43 PM Subject: Re: [squid-users] FQDN requests only | hello, | | > Can we configure our Squid to allow requests only for fully qualified domain names. And deny all requests made for IP addresses. | | hmm.. | | may be - try to play with regexp's: | | acl ipreg urlpath_regex ^https?://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*/.*$ | ... | http_access deny ipreg | | | or something like this. | | | | airween |
Re: [squid-users] Problem with Filedescriptors
Add the following to your /etc/system file to increase your maximum file descriptors per process: set rlim_fd_max = 4096 Next you should re-run the configure script in the top directory so that it finds the new value. If it does not find the new limit, then you might try editing include/autoconf.h and setting #define DEFAULT_FD_SETSIZE by hand. Note that include/autoconf.h is created from autoconf.h.in every time you run configure. Thus, if you edit it by hand, you might lose your changes later on. If you have a very old version of Squid (1.1.X), and you want to use more than 1024 descriptors, then you must edit src/Makefile and enable $(USE_POLL_OPT). Then recompile squid. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Gustavo" <[EMAIL PROTECTED]> To: "Squid Users" <[EMAIL PROTECTED]> Sent: Friday, September 19, 2003 1:52 AM Subject: [squid-users] Problem with Filedescriptors | I've had installed the Squid Cache: Version 2.5.STABLE2-20030411 pon = | Solaris 8 Server and iva have this error messages in the cache.log=20 | | 2003/09/18 15:15:09| WARNING! Your cache is running out of = | filedescriptors | | This error stop the squid services and i must to restart it = | againg...any idea about the solution? | | thanks=20 | | | |
Re: [squid-users] Connection limiting in Redhat
of course you can block IP, ports, protocol, and even flags (syn, ack, fin) etcc too via iptables. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: "Awie (Redirected by "Nauman Malik" <[EMAIL PROTECTED]>)" <[EMAIL PROTECTED]> To: "squid" <[EMAIL PROTECTED]> Sent: Saturday, September 20, 2003 4:09 PM Subject: [squid-users] Connection limiting in Redhat (Redirected by "Nauman Malik" <[EMAIL PROTECTED]>) hello Is it possible to limit tcp connections from one single IP to a certain limit in Redhat Linux. So that connections get blocked at OS level, instead squid has to block undesired sessions. IPTABLES may help?
Re: [squid-users] RE: WCCP for Squid (WindowsNT)
hmm really very strange... always keep in mind if you want to compile squid source on Windows it's just kidding. you will have to work with source from scratch. you will have to put all libs which squid need @ the compiling time. in your borland compiler.:) if you want to use wccp squid by default have support to servce wccp.? as you are doing CCIE so you should know how wccp work. wccp router send wccp packet capsulated packet to OS. where os decapsulate these packtes this is what wccp module or ip_gre do. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 21, 2003 8:24 PM Subject: [squid-users] RE: WCCP for Squid (WindowsNT) | | > Hi All, | > | > I downloaded squid yesterday for the first time as I am doing my CCIE and | > WCCP could be in the exam? | > | > Thing is, I have squid running but in the squid.conf file when I want to | > enable my home router, it says | > "this option is only available if Squid is rebuilt with the --enable-wccp | > option" | > | > So do I need to do a compile on some code to enable this option as it | > sounds? | > | > Many thx indeed, and if there is a free C compiler for windows, could you | > recommend (otherwise I will have to find a Unic/Linus box) | > | > Many thx | > | > Ken | | | | For more information about Barclays Capital, please | visit our web site at http://www.barcap.com. | | | Internet communications are not secure and therefore the Barclays | Group does not accept legal responsibility for the contents of this | message. Although the Barclays Group operates anti-virus programmes, | it does not accept responsibility for any damage whatsoever that is | caused by viruses being passed. Any views or opinions presented are | solely those of the author and do not necessarily represent those of the | Barclays Group. Replies to this email may be monitored by the Barclays | Group for operational or business reasons. | | | |
Re: [squid-users] disk space over limit, why?
1> Better to check your disk space where you cache_dir fall with df -h. 2> After editing cache_dir send SIGHUP sginal to your squid process to read conf file again. 3> which 2.5 version u using for squid. 4> Also check your logs regarding squid or other application may be they fall same par...ion where you squid cache_dir live. may be they are filling your space. Best Regds, Masood Ahmad Shah Nexlinx http://nexlinx.net.pk http://weblogs.com.pk/jahil - Original Message - From: "Siew Wing Loon" <[EMAIL PROTECTED]> To: "Elsen Marc" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, March 21, 2004 9:58 AM Subject: RE: [squid-users] disk space over limit, why? > i am using slackware 9.1 and squid 2.5 > > even though i grow it to 200MB...still same > > > --- Elsen Marc <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > Hi, > > > > > > I did not change the setting as below: - > > > > > > # cache_dir ufs /var/lib/squid/cache 100 16 256 > > > > > > But why I still get this messages below: - > > > > > > 2004/03/19 12:18:23| WARNING: Disk space over > > limit: > > > 186980 KB > 102400 KB > > > 2004/03/19 12:18:34| WARNING: Disk space over > > limit: > > > 177324 KB > 102400 KB > > > 2004/03/19 12:18:45| WARNING: Disk space over > > limit: > > > 171924 KB > 102400 KB > > > > > > Regards, > > > Siew > > > > > > > Squid version ? > > > > M. > > > > > __ > Do you Yahoo!? > Yahoo! Finance Tax Center - File online. File on time. > http://taxes.yahoo.com/filing.html
Re: [squid-users] Problems with browsing https sites!
squid is simply http proxy...if your https sites are not working better to check your gateway... Best Regds, Masood Ahmad Shah Nexlinx http://nexlinx.net.pk http://weblogs.com.pk/jahil - Original Message - From: "Muthukumar" <[EMAIL PROTECTED]> To: "Sridhar M.N." <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, March 22, 2004 12:25 PM Subject: Re: [squid-users] Problems with browsing https sites! > > > > I'm using squid 2.4 Stable version and > > SquidGuard-1.2.0 with BerkeleyDB version 2X. > > Everything is working like a charm but the problem > > I've started facing of late is, whenever somebody > > tries to access a http site with secure connection, > > Are you getting error because of https only? on the resolvation of > ip-address. > > > for example https://www.whatever.com I get the error > >While trying to > > retrive the URL:http:443 The following > > error was encountered Unable > > to determine the IP address from the hostname for > > http > > what is ur setting squid.conf settings? > Give the log entries of access.log and cache.log? > > Regards, > Muthukumar. >
