Re: [squid-users] squid-users@squid-cache.org
On 13.09.11 09:23, spaceman wrote: Subject: [squid-users] squid-users@squid-cache.org Please, use better topic Firstly i would like to apologize to my poor english and less indentation, too much spaces make your mail hardly readable. I want to load balance two isp connection with one linux squid proxy server.Load balancing and failover is ok using shorewall firewall.My network setup is here [...] eth1 is for A internet connection It can only use Parent-A upstream parent proxy server eth2 is for B internet connection It can only use Parent-B upstream parent proxy server [...] Now i want to set up squid proxy server. My problem is that each internet connection has seperate parent proxy.They can only use their corresponding Parent proxy server. should be no probem - you can just define two parent proxies and disable direct access to the network. So i want to route,match or map A internet gateway request to Parent-A upstream parent proxy server and B internet gateway request to Parent-B upstream parent proxy server. in fact, you don't have to map anything, just use those two proxies. I think i must be use cache_peer cache_peer_access tcp_outgoing_address is squid running on the machine with multiple interfaces? I tink that in such case you don't need to define tcp_outgoing_address, the OS can take care of that. but no sure i have test so many times but fails fails in what way? What is the problem or error message? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One World. One Web. One Program. - Microsoft promotional advertisement Ein Volk, ein Reich, ein Fuhrer! - Adolf Hitler
[squid-users] squid-users@squid-cache.org
Dear Sir or Madam, Firstly i would like to apologize to my poor english I want to load balance two isp connection with one linux squid proxy server.Load balancing and failover is ok using shorewall firewall.My network setup is here eth0 is for LAN eth1 is for A internet connection It can only use Parent-A upstream parent proxy server eth2 is for B internet connection It can only use Parent-B upstream parent proxy server I user Fedora Core 10 and Shorewall Firewall (www.shorewall.net) . Shorewall automatically load balance and failover outgoing internet gateway. Now i want to set up squid proxy server. My problem is that each internet connection has seperate parent proxy.They can only use their corresponding Parent proxy server. So i want to route,match or map A internet gateway request to Parent-A upstream parent proxy server and B internet gateway request to Parent-B upstream parent proxy server. I think i must be use cache_peer cache_peer_access tcp_outgoing_address but no sure i have test so many times but fails Any help would be great.With best regards
[squid-users] squid-users@squid-cache.org
Good afternoon, I have been working on a new squid/Smart Filter/tproxy setup for our campus and have run into a few problems. One is that I am using squid-2.5-stable-9 because of SmartFilter (our campus wide filter) being finicky on what version of squid that I am running. Another note is I need to have Tproxy because the squid server is in between our users and a packeteer, so I need for the packeteer to see the IP of the request so users can be put into their own bucket for priority. The packeteer won't transparent proxy, so I get all the same ip which means I can't create different rules on the proxy server. That means I need to do some work on the firewall to create allow all rules, this just complicates things greatly. current setup = users - firewall with tproxy - packeteer - squid server with SmartFilter (which also defeats some of the rules in the SmartFilter because of the same ip of the packeteer) - firewall - Internet What I want to do = users - squid/tproxy/smartfilter - packeteer - firewall - Internet This way I can slim down the firewall rules for allow all access and less lag going thru because it's more of a strait shot then a loop. I got this patch, http://www.squid-cache.org/mail-archive/squid-dev/200510/0161.htm and I have tried to install it on my Red Hat EL4 server, to no avail. I found myself having to manually install the patch, with it still producing many errors (H and C files not matching up/incorrect syntax). It also is using X-forward which I don't want to use. I would really like to get this running correctly, within the limits I have (with only being able to run a few versions of squid). Thank you, Jay
Re: [squid-users] squid-users@squid-cache.org
ons 2006-03-15 klockan 13:41 -0500 skrev Jay Desjardins: I got this patch, http://www.squid-cache.org/mail-archive/squid-dev/200510/0161.htm and I have tried to install it on my Red Hat EL4 server, to no avail. I found myself having to manually install the patch, with it still producing many errors (H and C files not matching up/incorrect syntax). It also is using X-forward which I don't want to use. How far have you got in applying the patch? Have you got the kernel TPROXY support working? Only having Squid patched with TPROXY support isn't of much use unless you have the netfilter TPROXY patch in the kernel which the Squid TPROXY support relies upon... Changing the Squid TPROXY patch to use the actual client IP is simple, mainly a matter of dropping the HRD_X_FORWARDED_FOR section and using request-client_addr instead of the request-xfwd_ip when setting the outgoing IP.. I would really like to get this running correctly, within the limits I have (with only being able to run a few versions of squid). Note that by running a Smart Filter modified Squid you effectively terminate any support from the Squid developers should you run into any problems... we simply cannot support tracking problems in Squids having such heavy proprietary modifications where we can not see the changes. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
