[squid-users] SSLBUMP?
Hi Does sslBump Decrypt the https sites normally? or it just make CONNECT request as GET requests. What are the advantages of using sslBump? Regards senthil
[squid-users] bridge +tproxy
Hi I have setup squid +tproxy in bridge mode.The bridge works fine for the clients in the same subnet. If we connect clients in different subnet the requests gets to the squid and the squid cannot reply.Each subnet has different gateway Internet-router--squid(bridge)-Router---client In access log we can see TCP/MISS 504. I can ping all the subnet client ip's from squid If i add route add -net dev br0 the traffic of other subnets does not get redirected to squid usr/local/sbin/iptables -t mangle -N DIVERT /usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1 /usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128 Ebtables for redirecting ebtables -t broute -I BROUTING --ip-source -i eth0 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -I BROUTING --ip-source -i eth1 -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP please Advise me Thanks Senthil
[squid-users] url rewrite
Hi Is there any possibility to pass urlpath rewritten urls to particular cache_peer in reverse proxy The urlpath rewritten is done using perl script .only path in url is re written Three identical web servers are running at different ip and the url path is rewritten for some requests only . only the rewritten requests has to be passed to particular web server. Eg client(example.com/squid)-->reverse proxy->webserver1 or webserver2(example.com/squid) (no rewrite needed) client (example.com/squirm)___>revere proxy->webserevr3(example.com/squid) (squirm url path is rewritten as squid) Regards senthil
Re: [squid-users] Rewrite url and reverse proxy
Thank you very much Here is my setup I have three web servers running at three different ip's (content in that are same) the server name is squid.example.com and squid is running as reverse proxy. Three web server ip's are 172.16.1.48,172.16.1.49.172.16.1.50. I used perl script as url_rewrite program which replaces the string "other" in the url as "squid" ie if url request is other.example.com it is rewrite as squid.example.com The url request which are rewrite by url_rewrite program has to be made only it reaches the 172.16.1.48 web server. The url requests that are not needed url rewrite are to be passed to 172.16.1.49 web server or 172.16.1.50 web server. Eg: the url request is squid.example.com which does not need url rewrite Regards senthil Henrik Nordström wrote: mån 2010-08-02 klockan 15:45 +0530 skrev senthilkumaar2021: Hi All, I am using squid as reverse proxy.i have three identical web servers.(content in each web server is same) the ip's are 172.16.1.48,172.16.1.49,172.16.1.50 I used url rewrite perl script to redirect requests from other.example.com to redirect as squid.example.com. How to configure cache_peer so that redirected requests are passed to 172.16.1.49 ip and the direct requests to 172.16.1.49 and 172.16.1.50 Not entirely sure what you mean by redirected or direct requests. If you have three identical web servers then set up three cache_peer lines, one for each server, and use peer selection algorithms such as round-robin to decide which server gets the request. Do not use URL rewriters to rewrite the URL. Regards Henrik
[squid-users] Rewrite url and reverse proxy
Hi All, I am using squid as reverse proxy.i have three identical web servers.(content in each web server is same) the ip's are 172.16.1.48,172.16.1.49,172.16.1.50 I used url rewrite perl script to redirect requests from other.example.com to redirect as squid.example.com. If i a request comes from other.example.com it has to be redirected and it must reach 172.16.1.48 ip and if the request squid.example.com comes from client it is not rediected and it must reach eitrher 172.16.1.49 or 172.16.1.50 i think redirected requests are same as directed requests after passing to url_rewrite program How to configure cache_peer so that redirected requests are passed to 172.16.1.49 ip and the direct requests to 172.16.1.49 and 172.16.1.50 Regards senthil
Re: [squid-users] Regarding Reverse proxy and Persistent connection
Thank you very much So enabling client and server persistent connections does not perform maintaining connection to particular cache_peer is it so? Regards senthil Amos Jeffries wrote: senthilkumaar2021 wrote: Hi All, I want to setup a reverse proxy for a web server.There are two web servers which has the same content. cache_peer parent 172.16.1.48 80 0 origin-server cache_peer parent 172.16.1.49 80 0 origin-server When client requests a web page if the server 172.16.1.49 serves the first request i want all the connections to be with same server not with 172.16.1.48 Is it possible by enabling client_persistent connections on and server_persistent_connections on? If so if i use round-robin in cache_peer also it works round-robin is the opposite of what you want. Use the source-hash selection method. This 'pinns' each particular client IP to a particular parent proxy. The downside is that traffic levels are unbalanced, but it does guarantee that as long as your parent proxies are unchanged and alive each client is sent out via a fixed parent. Amos
[squid-users] Regarding Reverse proxy and Persistent connection
Hi All, I want to setup a reverse proxy for a web server.There are two web servers which has the same content. cache_peer parent 172.16.1.48 80 0 origin-server cache_peer parent 172.16.1.49 80 0 origin-server When client requests a web page if the server 172.16.1.49 serves the first request i want all the connections to be with same server not with 172.16.1.48 Is it possible by enabling client_persistent connections on and server_persistent_connections on? If so if i use round-robin in cache_peer also it works Regards senthil
Re: [squid-users] Wccp using L2
Thank you very much Just by changing the assignment method,forwarding method,return method in squid.conf *L2+Mask worked perfectly *with No tunnel. Regards senthil Amos Jeffries wrote: senthilkumaar2021 wrote: Hi, We are running Squid Tproxy with wccp .For wccp we had used GRE+HASH assignment. Squid Has been running fine.But the load on router is high.So we plan to Use L2 Redirect with mask assignment. We have established gre tunnel with router identifier.In order to change GRE to L2 assignment.It is necessary to change assignment values in squid.conf other than this any changes to be made on router side. whether gre tunnel is also needed for L2 also? GRE and L2 are the tunnel transport protocols. So to take a semi-wild guess...no. GRE tunnel should not be required to transport via L2 redirect. Amos
[squid-users] Wccp using L2
Hi, We are running Squid Tproxy with wccp .For wccp we had used GRE+HASH assignment. Squid Has been running fine.But the load on router is high.So we plan to Use L2 Redirect with mask assignment. We have established gre tunnel with router identifier.In order to change GRE to L2 assignment.It is necessary to change assignment values in squid.conf other than this any changes to be made on router side. whether gre tunnel is also needed for L2 also? Regards senthil
Re: [squid-users] c-icap vs Havp
Thank you very much Matus UHLAR and Henrik Henrik K wrote: On Thu, Jun 24, 2010 at 08:39:07AM +0200, Matus UHLAR - fantomas wrote: On 24.06.10 10:05, senthilkumaar2021 wrote: In order to use Anti virus scanning with Squid proxy which one is suitable whether C-ICAP with ClamAV or HAVP with ClamAv.We are having request rate around 300-350 re/sec.Which one will handle more requests with ease?We have made some basic tests and it seems c-icap will handle more requests. then it's apparently true. and I found that more feasdible than using any kind of parent caches for squid HAVP is not very optimized in it's architecture, sadly no one has time to improve it. ICAP certainly is the easier choice and more manageable for such rates. For lesser rates HAVP does have it's advantages. http://www.squid-cache.org/mail-archive/squid-users/201003/0400.html
[squid-users] Tproxy working
Hi Could any one explain how tproxy works and how requested is processed with an example. Thanks and regards senthilkumar
[squid-users] c-icap vs Havp
Hi In order to use Anti virus scanning with Squid proxy which one is suitable whether C-ICAP with ClamAV or HAVP with ClamAv.We are having request rate around 300-350 re/sec.Which one will handle more requests with ease?We have made some basic tests and it seems c-icap will handle more requests. Thanks senthilkumar
Re: [squid-users] Squid + Tproxy + Bridge on Kernel 2.6.34 - Workaround
Hi The tproxy setup in bridge mode worked well as per in wiki squid till the kernel version 2.6.30.xx When we tested tproxy in bridge mode for kernels greater than 2.6.33.xx(2.6.34 also). The tproxy was not working.when the following workaround was used the tproxy was working fine. # ip rule add dev fwmark 1 lookup 100 example # ip rule add dev eth0 fwmark 1 lookup 100 NOTE : Repeat the above for each interface except " lo " and also echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter echo 1 > /proc/sys/net/ipv4/conf/all/forwarding echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects echo 1 > /proc/sys/net/ipv4/conf/eth0/send_redirects We suspect the problem was not in squid and it is related to net filter. Regards senthil Amos Jeffries wrote: On Tue, 15 Jun 2010 13:37:48 -0500, Luis Daniel Lucio Quiroz wrote: Le mardi 25 mai 2010 23:21:39, senthilkumaar2021 a écrit : Hi, Squid + Tproxy + Bridge Setup on latest kernel - version 2.6.34 I had followed all the steps that had given in the http://wiki.squid-cache.org/Features/Tproxy4 Kernel - 2.6.34 iptable - 1.4.8 ebtable - 2.0.9-1 But clients were unable to browse and no errors in cache.log. Error - Network Unreachable. The error had returned by browser not squid proxy. Workaround :- After adding the following rules, clients are able to browse. # ip rule add dev fwmark 1 lookup 100 example # ip rule add dev eth0 fwmark 1 lookup 100 NOTE : Repeat the above for each interface except " lo " Source - https://lists.balabit.hu/pipermail/tproxy/2010-January/001212.html Based on the above source this issue had identified on kernel version - 2.6.32. But still not yet fixed. I have CC ed this mail to netfilter mailing lists also. Hope this helps Thanks, Senthil I was about to ask if this is fixed in 2.6.33+ or shall i stay in 2.6.31.x >From the Squid side; I have not seen any concrete evidence that this problem was anything more than a configuration mixup. This "fix" is to configure routing tables so that packets the bridge stack sends to the routing stacks (ebtables ... -j DROP) actually get routed to Squid. Our wiki demo uses 127.0.0.1 and the lo interface, it seems like the reporter was using a global IP and only had to configure a global interfaces' routing. The other two older reporters have been suspiciously silent on the lists since the same bridge/router interaction was mentioned. Amos
[squid-users] Squid + Tproxy + Bridge on Kernel 2.6.34 - Workaround
Hi, Squid + Tproxy + Bridge Setup on latest kernel - version 2.6.34 I had followed all the steps that had given in the http://wiki.squid-cache.org/Features/Tproxy4 Kernel - 2.6.34 iptable - 1.4.8 ebtable - 2.0.9-1 But clients were unable to browse and no errors in cache.log. Error - Network Unreachable. The error had returned by browser not squid proxy. Workaround :- After adding the following rules, clients are able to browse. # ip rule add dev fwmark 1 lookup 100 example # ip rule add dev eth0 fwmark 1 lookup 100 NOTE : Repeat the above for each interface except " lo " Source - https://lists.balabit.hu/pipermail/tproxy/2010-January/001212.html Based on the above source this issue had identified on kernel version - 2.6.32. But still not yet fixed. I have CC ed this mail to netfilter mailing lists also. Hope this helps Thanks, Senthil
[squid-users] kernel panic
Hi I am getting the following kernel panic error in kernel 2.6.30.5 while running the squid t proxy in bridge mode I have used the following iptables and ebtables rules The panic occurs once in 10 -15 hrs iptable and ebtables are iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 ebtables -t broute -A BROUTING -i $CLIENT_IFACE -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -A BROUTING -i $INET_IFACE -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP [] ? nf_nat_fn+0x138/0x14e [iptable_nat] [] ? nf_nat_in+0x2f/0x6e [iptable_nat] [] ? br_nf_pre_routing_finish+0x0/0x2c4 [bridge] [] br_nf_pre_routing_finish+0x50/0x2c4 [bridge] [] ? br_nf_pre_routing_finish+0x0/0x2c4 [bridge] [] ? nf_hook_slow+0x68/0xc8 [] ? br_nf_pre_routing_finish+0x0/0x2c4 [bridge] [] br_nf_pre_routing+0x5a8/0x5c7 [bridge] [] nf_iterate+0x48/0x85 [] ? br_handle_frame_finish+0x0/0x154 [bridge] [] nf_hook_slow+0x68/0xc8 [] ? br_handle_frame_finish+0x0/0x154 [bridge] [] br_handle_frame+0x1b1/0x1db [bridge] [] netif_receive_skb+0x316/0x434 [] napi_gro_receive+0x6e/0x83 [] e1000_receive_skb+0x5c/0x65 [e1000e] [] e1000_clean_rx_irq+0x1e1/0x28f [e1000e] [] e1000_clean+0x99/0x24a [e1000e] [] ? _spin_unlock_irqrestore+0x2c/0x43 [] net_rx_action+0xb8/0x1b4 [] __do_softirq+0x99/0x152 [] call_softirq+0x1c/0x30 [] do_softirq+0x52/0xb9 [] irq_exit+0x53/0x8d [] do_IRQ+0x135/0x157 [] ret_from_intr+0x0/0x2e [] ? mwait_idle+0x9e/0xc7 [] ? mwait_idle+0x95/0xc7 [] ? atomic_notifier_call_chain+0x13/0x15 [] ? enter_idle+0x27/0x29 Please help me in fixing the issue Regards senthil [] ? cpu_idle+0x68/0xb1
[squid-users] kernel support 2.6.3 for tproxy
Hi. I am using squid 2.7stable 6 as tproxy in bridge mode with the help of tpxoxy 4 patch It was working fine with kernel 2.6.30 and i upgraded kernel to 2.6.33 I found that ebtables and iptables not redirecting request to the squid I have compiled kernel with tproxy support Did any one tried the tproxy with latest kernel I followed document as in wiki squid. Regards senthil
Re: [squid-users] squid 64bit compile
Hi, Operating system is 64 bit.I tried kernel 2.6.28.5 and 2.6.30.5 .The squid is running fine from morning till evening but during peak hours it is causing kernel panic .I actually dono reason why this happens i tried all possible ways. let me know your problem in detail so that it can help me in finding out my issue. Regards senthil sameer khan wrote: senthil what kernel are u using ? is it causing kernel panic after certain memory usage ( i m guessing it is causing after 3.5GB memory) thanks for reply Date: Tue, 11 May 2010 16:24:03 +0530 From: senthilkumaar2...@gmail.com To: squid-users@squid-cache.org Subject: Re: [squid-users] squid 64bit compile I also also using squid 2.7stable 6 on 64 bit but it causing kernel panic regards senthil sameer khan wrote: hello ppl; is there a special way of compiling 64 squid; i dont see any configure options for 64bit compile. i have compiled it but it seems it is possibly causing kernel panic. i m using squid 2.7stable6 , kernel 2.6.31.13 , 64bit debian lenny. any help will be much appreciated. thanks. _ http://clk.atdmt.com/UKM/go/195013117/direct/01/ _ http://clk.atdmt.com/UKM/go/195013117/direct/01/ We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now
Re: [squid-users] squid 64bit compile
I also also using squid 2.7stable 6 on 64 bit but it causing kernel panic regards senthil sameer khan wrote: hello ppl; is there a special way of compiling 64 squid; i dont see any configure options for 64bit compile. i have compiled it but it seems it is possibly causing kernel panic. i m using squid 2.7stable6 , kernel 2.6.31.13 , 64bit debian lenny. any help will be much appreciated. thanks. _ http://clk.atdmt.com/UKM/go/195013117/direct/01/
[squid-users] Reg kernal panic in tproxy bridge setup
Hi All, I have installed squid2.7 stable 6 version of squid with tproxy4 patch and using squid in bridge mode. The tproxy is working well and i followed document as per wiki squid My connection is about 100 Mbps and i receiving 400 re/sec and during peak hours it may increase upto 500 My system has 8GB ram and it crashes (kernel panic)everyday at the evening time only I tried kernel 2.6.28.5 and 2.6.30.5 but the same kernel panic error occurs. I think request rate is not a problem and whether there is any limit on the traffic that is handled by squid? Whether bridge does not support that much traffic for squid? please provide me suitable solution Thank you R.senthilkumar
Re: [squid-users] Multicast
Thank you very much I found the following option to be configured in squid to send multicast icp queries cache_peer 224.9.9.9 multicast 0 3130 ttl=64 224.9.9.9 is a sample multicast group address. whether 224.9.9.9 is a ip of squid? Inorder to use 224.9.9.9 or any other address does any configuration to be made in our network other than squid Regards senthil Amos Jeffries wrote: On Thu, 08 Apr 2010 08:49:07 +0530, senthilkumaar2021 wrote: Hi What is the use of multicast option in squid ? How to configure squid to multicast messages and receive multicast messages? In order to configure multicast whether any configuration is needed in other than squid http://wiki.squid-cache.org/Features/MultiCast Amos
[squid-users] Multicast
Hi What is the use of multicast option in squid ? How to configure squid to multicast messages and receive multicast messages? In order to configure multicast whether any configuration is needed in other than squid Regards senthil
[squid-users] Multicast
Hi Consider a situation where many squid are running and it is necessary to establish caching hierarchy among all squid servers. If parent sibling cache_peer option is used it is necessary to define all squid server in cache_peer option of all running squid servers. whether it is possible to specify all the available squid caching servers in cache_peer options as single entry using multicast ip. If i want to configure multicast in squid means what are the steps to be followed to configure squid as multicast server and multicast client Kindly educate me on the multicast option in squid Regards senthil
[squid-users] error in redirector
Hi All, I tried to configure squirm with squid to redirect address I am getting the following error in the cache.log and not able to browse any sites 2010/03/29 18:29:06| helperHandleRead: unexpected reply on channel -1 from url_rewriter #1 '' My squid.conf look like this url_rewrite_program /usr/local/squirm/bin/squirm url_rewrite_children 10 url_rewrite_concurrency 302 Help me in solving this issue Regards senthil
[squid-users] Multiple domain authentication and active directory group authentication
Hi All, I am using squid2.7stable6 and my clients are windows machines. I want to make squid to authenticate to two different active directory servers whether it is possible. I am having different security groups in each active directory and i want to block websites on the basis of groups. which authentication helper should be used for this. please provide me a suitable solution. Regards senthil
[squid-users] Regarding Ntlm authentication
Hi All, I am using squid 2.7 stable7 and i configured ntlm authentication to authenticate against active directory I followed steps as in wiki squid The squid.conf is as follows auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl AuthorizedUsers proxy_auth REQUIRED http_access allow AuthorizedUsers When i set direct proxy in firefox it asks for a username and password .The initial windows has realm as "" when i give user name and password it asks again then i select cancel means another window asks me a password in this realm is "The site says: "Squid proxy-caching web server" " when i give user name and password i can able to browse. When i use the same in internet explorer it asks for password continuously but no success Why two different prompt appear for user name and password and why it is not working in IE. Kindly help me Regards senthil
[squid-users] Reg wccp+Tproxy
Hi All, I have configured squid+wccp+Tproxy i followed the document as in squid cache i.e., in the following http://wiki.squid-cache.org/Features/Tproxy4 I have tested wccp with transparent proxy it was working fine But when using wccp with Tproxy the request can be seen in access log but no browse in browse In the show ip wccp,We can see 80 service packets gets redirected but not _90 service packets _I have applied all the ip wccp rules ,90 service does not getting redirected packets I have tested tproxy in bridge mode it was working fine Kindly help me with configuration for router and the squid Regards senthil
Re: [squid-users] Icap+clam Av
Thank you very much In http://c-icap.sourceforge.net/install.html i am not able to find more explanation Kindy help me Henrik Nordström wrote: mån 2010-03-15 klockan 15:08 +0530 skrev senthilkumaar2021: Squid got an invalid ICAP OPTIONS response from service icap://127.0.0.1:1344/response; error: unsupported status code of OPTIONS response That URL is not a valid c-icap URL for the clamav service. Just as HTTP URLs ICAP URLs are also unique to their servicces. The examples in the wiki is just meant as illustration and is not specific to the clamav service of c-icap. There was a good guide on the c-icap site on how to install c-icap and matching squid configuration snippets, but I can not find it now.. trying Google. And yes it's still on the site just not linked in the new menu or moved over to the wiki yet.. http://c-icap.sourceforge.net/install.html Regards Henrik
[squid-users] Icap+clam Av
Hi All, I have installed Icap +Clam AV with squid squid3.0 stable24 I followed documentation in http://wiki.squid-cache.org/Features/ICAP I am getting following error in cache.log Squid got an invalid ICAP OPTIONS response from service icap://127.0.0.1:1344/response; error: unsupported status code of OPTIONS response essential ICAP service is down after an options fetch failure: icap://127.0.0.1:1344/response [down,!valid] And in the browser i am getting following errors ICAP protocol error. The system returned: [No Error] This means that some aspect of the ICAP communication failed. Some possible problems are: The ICAP server is not reachable. An Illegal response was received from the ICAP server. Please guide me in configuring squid+icap+clamAV Thanking you Regards senthil
[squid-users] Regarding squid +Tproxy+Bridge
Hi All We are using squid + Tproxy in Bridging mode .Is there any possibility to bypass traffic when squid stops or if the squid unable to handle request.We are using bridge since we can't able to configure tproxy with wccp .Kindly do me needful Thanks and Regards
[squid-users] Reg wccp
Hi All Thank u very much for the reply Amos Jeffries wrote: On Thu, 4 Mar 2010 12:48:56 +1100, "Michael Bowe" wrote: -Original Message- From: Michael Bowe [mailto:mb...@pipeline.com.au] From: senthilkumaar2021 [mailto:senthilkumaar2...@gmail.com] wccp2_service_info 80 protocol=tcp flags=dst_ip_hash priority=240 ports=80 wccp2_service_info 90 protocol=tcp flags=src_ip_hash,ports_source priority=240 ports=80 (for router ip replaced the gateway ip of the squid machine) I think you have the hash stuff wrong, isn't service 80 meant to be src_ip_hash and service 90 meant to be dst_ip_hash? Interesting, there seems to be conflicting advice in the wiki This page here http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY shows it (from Steve Wilton): 80 src_ip_hash 90 dst_ip_hash,ports_source And then further down the page shows it: 80 dst_ip_hash 90 src_ip_hash,ports_source And this page http://wiki.squid-cache.org/Features/Tproxy4 shows it (from Steve Wilton): 80 dst_ip_hash 90 src_ip_hash,ports_source On my busy TPROXY4 clusters we have it: 80 src_ip_hash 90 dst_ip_hash,ports_source Hmm, which way is actually correct? Michael. AFAIK they are arbitrary tag labels. If anyone can confirm/deny that with certainty it would be a help. The wiki needs updating to be consistent shortly anyway. Thanks for noticing that. Amos
[squid-users] Reg authentication
Hi all can any one tell me the differnce between the following authentications 1.kerberos authentication 2.Ntlm 3.Windows Active directory Thank you Reagrds senthil
[squid-users] Regarding authentication with domain
Hi All, I have configured samba to authenticate one domain controller when we reboot one domain controller all users losing to authenticate.We have two more domain controllers whether we can make squid to authenticate with these additional domain controllers also. what are the steps have to be taken to do so. We are using squid 2.6 stable 19 . Regards senthil
[squid-users] Regarding wccp
Hi All, I need to configure squid +Tproxy+ wccp I followed the document as if in the squid cache wccp2_router $ROUTERIP wccp2_forwarding_method gre wccp2_return_method gre wccp2_service dynamic 80 wccp2_service dynamic 90 wccp2_service_info 80 protocol=tcp flags=dst_ip_hash priority=240 ports=80 wccp2_service_info 90 protocol=tcp flags=src_ip_hash,ports_source priority=240 ports=80 (for router ip replaced the gateway ip of the squid machine) I have used following ip tables iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 1 > /proc/sys/net/ipv4/ip_forward set net.ipv4.forwarding = 1 I created tunnel using the router identifier ip address. I have made all the configuration in router such as enabling the 80 and 90 service when i apply redirect in and out for service 80 and 90 . I am not able to get any packets redirected to 90 service only 80 service gets redirected . Is there any problem in squid with the above values what tests can be done in the squid machine to check whether configuration in squid are ok Thanks and Regards senthil
[squid-users] Regarding ntlm authentication
Hi All I configured ntlm authentication in squid using samba server as a medium connect to active directory. When we open browser squid asks for a password it authenticates when i give user name and password and when i give domainame/username password means it does not authenticate I am using samba 3.4 and squid 2.7 stable 7 I need to make authentication using domainname/username password Regards senthil
Re: [squid-users] Error compiling squid 3.0 stable4
Amos Jeffries wrote: senthilkumaar2021 wrote: Hi All, When i compile squid 3.0 stable 4 i getting the following error logfile.cc: In function ‘Logfile* logfileOpen(const char*, size_t, int)’: logfile.cc:105: error: invalid conversion from ‘const char*’ to ‘char*’ logfile.cc:108: error: invalid conversion from ‘const char*’ to ‘char*’ make[3]: *** [logfile.o] Error 1 make[3]: Leaving directory `/home/senthil/Downloads/squid-3.0.STABLE9/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/senthil/Downloads/squid-3.0.STABLE9/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/home/senthil/Downloads/squid-3.0.STABLE9/src' make: *** [all-recursive] Error 1 I am using fedora 12 Help me in solving the error Thankyou Regards senthil Do you mean 3.0.STABLE24 ? ( note the *2* / 3.0.24 ) or actually 3.0.STABLE4 ? ( 3.0.4 ) Amos Thanks It is actually 3.0.STABLE4 (3.0.4) Regards senthil
[squid-users] Error compiling squid 3.0 stable4
Hi All, When i compile squid 3.0 stable 4 i getting the following error logfile.cc: In function ‘Logfile* logfileOpen(const char*, size_t, int)’: logfile.cc:105: error: invalid conversion from ‘const char*’ to ‘char*’ logfile.cc:108: error: invalid conversion from ‘const char*’ to ‘char*’ make[3]: *** [logfile.o] Error 1 make[3]: Leaving directory `/home/senthil/Downloads/squid-3.0.STABLE9/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/senthil/Downloads/squid-3.0.STABLE9/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/home/senthil/Downloads/squid-3.0.STABLE9/src' make: *** [all-recursive] Error 1 I am using fedora 12 Help me in solving the error Thankyou Regards senthil
