(I didn't pay attention to reply-to ... reposting this to squid-users
in case of further discussion.)
On 2013-06-28 6:20, Amos Jeffries wrote:
On 29/06/2013 12:22 a.m., Rob Sheldon wrote:
I finally got around to writing a howto for recent versions of
OpenBSD/Squid, following my tr
I finally got around to writing a howto for recent versions of
OpenBSD/Squid, following my trouble getting it working:
http://www.associatedtechs.com/library/setting-up-squid-on-openbsd/
Please let me know if there are errors, serious deficiencies, etc. --
I'd rather not contribute to bad docu
On 2013-06-10 17:21, Beto Moreno wrote:
For a large deployments u know that u have a bunch of users that hit a
lot pages per second, and some sites for example they required ports
like 8080, 4578 in the url, is difficult for a sysadm to wait for a
customer to request to open the port 4578 becaus
I feel like a little bit of an idiot now. :-)
I went back to
http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf. I was
getting "connection refused" errors, and assumed that this was because
the target interfaces were rejecting connections for IPs not in their
subnet. (I should kno
On 2013-06-01 23:57, Rob Sheldon wrote:
Assuming I can get this all working somehow, I'll do a solid write-up
of it on our company site. Was the security check added in a sort-of
recent version of Squid? I still find it hard to believe that this has
been broken for other people and
On 2013-06-01 5:03, Amos Jeffries wrote:
On 1/06/2013 11:20 p.m., Rob Sheldon wrote:
So I just turned on host_verify_strict and now I'm getting the 409
error described in the docs.
It looks to me like the problem is the destination rewrite in rdr-to,
but that still doesn't r
On 2013-06-01 4:09, Rob Sheldon wrote:
So an rdr-to rule should cause Squid to be seeing itself as the
destination address...
So I just turned on host_verify_strict and now I'm getting the 409
error described in the docs.
It looks to me like the problem is the destination rewrite in r
On 2013-06-01 2:51, Amos Jeffries wrote:
On 1/06/2013 6:13 p.m., Rob Sheldon wrote:
Can you explain a little more about "non-intercept traffic" vs.
"intercept traffic"? I thought the only difference was whether the
browser sent an absolute URL in the GET request (&
On 2013-05-31 23:13, Rob Sheldon wrote:
I'll re-run the tests using another machine on the network for the
request origin, with the rdr rule on, using a request that should be
obvious in tcpdump and shouldn't be in the Squid cache.
OK. I just set up a fairly careful test enviro
On 2013-05-31 22:18, Amos Jeffries wrote:
On 1/06/2013 11:58 a.m., Rob Sheldon wrote:
I'd rather not futz around with pf anymore for now, since I don't
think that's where the problem is. (Unless Squid for some reason
requires "http_port...intercept" to be passed thro
On 2013-05-31 16:07, Loïc BLOT wrote:
Instead of your ugly:
pass quick on lo0
use:
skip lo0
which is better :)
Thanks, I forgot about skip.
You must redirect trafic on your lan interface directed to any remote
80
to your lan IP:3129 and also allow tcp 3129 on pf
pass out quick on $lan_if pr
On 2013-05-31 5:27, Marko Cupać wrote:
Try setting squid to listen on loopback address:
http_port 127.0.0.1:3128 intercept
Redirect web traffic to loopback address in pf:
pass in quick on $if_int inet proto tcp from 192.168.0.209 to any \
port { www https } rdr-to 127.0.0.1 port 3128
On 2013-05-30 21:34, Loïc BLOT wrote:
Hello Rob,
I use OpenBSD and squid 3.3.4 in production environment, you'll
exactly
what you need here:
http://www.unix-experience.fr/2013/create-a-powerfull-proxy-cache-with-squid-and-openbsd-2/#sthash.9SpWE1kn.dpbs
[2]
Have a nice day
Thanks -- that l
Hi,
I'm a Squid newbie. I have an OpenBSD firewall running pf with multiple
outbound interfaces doing some connection pooling. I'm trying to get
Squid/SquidGuard up and running as a transparent proxy; I've been using
this guide: http://www.kernel-panic.it/openbsd/proxy/proxy4.html
I've run i
14 matches
Mail list logo
