Per Jessen wrote:
> Presumably I am not the only one with a transparent caching setup. I
> have recently upgraded our firewall to openSUSE 13.1, including a
> newer kernel. With this, transparent caching has pretty much stopped
> working. For large complex pages, such as an on-line newspaper wh
Presumably I am not the only one with a transparent caching setup. I
have recently upgraded our firewall to openSUSE 13.1, including a newer
kernel. With this, transparent caching has pretty much stopped
working. For large complex pages, such as an on-line newspaper where a
page will draw on sev
On 21.03.2012 05:32, Eliezer Croitoru wrote:
On 20/03/2012 18:23, Zhu, Shan wrote:
Hi, all,
I have a fundamental question that, after studying books and on-line
documents, I still cannot answer it myself.
That is, when configuring Squid for transparent caching, why do we
need to forward HTT
On 3/20/2012 1:23 PM, Zhu, Shan wrote:
Hi, all,
I have a fundamental question that, after studying books and on-line documents,
I still cannot answer it myself.
That is, when configuring Squid for transparent caching, why do we need to
forward HTTP from Port 80 to Port 3128? What makes it nec
On 20/03/2012 18:23, Zhu, Shan wrote:
Hi, all,
I have a fundamental question that, after studying books and on-line documents,
I still cannot answer it myself.
That is, when configuring Squid for transparent caching, why do we need to
forward HTTP from Port 80 to Port 3128? What makes it nece
Hi, all,
I have a fundamental question that, after studying books and on-line documents,
I still cannot answer it myself.
That is, when configuring Squid for transparent caching, why do we need to
forward HTTP from Port 80 to Port 3128? What makes it necessary? If we just let
Squid to listen o
On 18/05/11 01:50, bmm-mailinglist wrote:
A little kick here if you don't mind, as there were no more replies so far.
I have unfortunately not been abe to get my setup to work. Any suggestions, as
before, are welcome.
Regards,
Bart
"bmm-mailinglist" 26-4-2011 9:31>>>
I'm sorry for the dela
A little kick here if you don't mind, as there were no more replies so far.
I have unfortunately not been abe to get my setup to work. Any suggestions, as
before, are welcome.
Regards,
Bart
>>> "bmm-mailinglist" 26-4-2011 9:31 >>>
I'm sorry for the delay; I had a bad case of Easter holidays.
I'm sorry for the delay; I had a bad case of Easter holidays.
The network setup is as such; the ASA is in the network management VLAN, the
Squid proxy is in the server VLAN.
The VLANs are routed on a Cisco 3750, on the ASA's inside interface.
Is this a problem? I tried looking for information on
What is your network setup?
What is the position of each device related to the other on the network?
both of them on the same network?
Eliezer
On 22/04/2011 11:43, bmm-mailinglist wrote:
Hi all,
I am a new Squid user. I like Squid's ease of setup and -use. Unfortunately,
I've hit a sna
Hi all,
I am a new Squid user. I like Squid's ease of setup and -use. Unfortunately,
I've hit a snag.
For the past week or so, I have been trying to get a transparent caching proxy
going between our Cisco ASA 5510 firewall (with 8.3(2) software) and a fresh
Squid 3 install on an Ubuntu 10.04 L
lör 2006-11-18 klockan 22:22 +0100 skrev Andrew Miehs:
> I do not understand why one wouldn't use
>
> acl accelerated_list dst 1.2.3.4
>
> Shouldnt this only allow squid ONLY to try to connect to here, just
> in case
> someone makes a mess of the cache_peer lines?
http_access is on the req
I do not understand why one wouldn't use
acl accelerated_list dst 1.2.3.4
Shouldnt this only allow squid ONLY to try to connect to here, just
in case
someone makes a mess of the cache_peer lines?
As for which http_headers they send - who cares...
Or am I missing something...
Andrew
fre 2006-11-17 klockan 14:24 -0900 skrev Chris Robertson:
> http_port 2000 # Make squid listen on port 2000*
Almost. Accelerator mode also needs at least one of
defaultsite=your.main.website
vhost
> cache_peer 1.2.3.4 parent 2000 0 no-query originserver
> acl accelerated_server dst 1.2.3.4
Mohan wrote:
Chris, that worked... well sorta.. I am seeing these messages in my
access logs and on the browser I see "Invalid Request" . Could be
missing some acl stuff ?
1163809785.556 3 10.169.155.217 TCP_DENIED/400 1638 GET
error:invalid-request - NONE/- text/html
1163809796.231
Chris, that worked... well sorta.. I am seeing these messages in my
access logs and on the browser I see "Invalid Request" . Could be
missing some acl stuff ?
1163809785.556 3 10.169.155.217 TCP_DENIED/400 1638 GET
error:invalid-request - NONE/- text/html
1163809796.231 38 10.169.155.2
fre 2006-11-17 klockan 12:52 -0800 skrev Mohan:
> I am using squid 2.6 and I
> need to setup transparent caching for a webserver running on a port
> other than 80. We have a webserver running on port 2000 . I have spent
> quite a number of hours trying to figure out in changing this default
> setti
Mohan wrote:
Chris Robertson wrote on 11/17/2006, 2:30 PM:
> Mohan wrote:
> > I am using squid 2.6 and I
> > need to setup transparent caching for a webserver running on a port
> > other than 80. We have a webserver running on port 2000 . I have spent
> > quite a number of hours trying to f
Chris,
Thanks for responding. As you can see I am still confused between the
two. I thought in 2.6 Reverse proxy was replaced by InterceptionProxy.
Did I get that wrong ? I probably did!
How are the two different ? I need to be able to install a cache proxy
alongside my webserver to cache s
Mohan wrote:
I am using squid 2.6 and I
need to setup transparent caching for a webserver running on a port
other than 80. We have a webserver running on port 2000 . I have spent
quite a number of hours trying to figure out in changing this default
setting. Is there a way to change this ?
Fir
I am using squid 2.6 and I
need to setup transparent caching for a webserver running on a port
other than 80. We have a webserver running on port 2000 . I have spent
quite a number of hours trying to figure out in changing this default
setting. Is there a way to change this ?
On Fri, 2006-11-03 at 04:20 +0300, Andrew Pantyukhin wrote:
Tanks for all replies!
I'll try that wccp thing. (next week)
I'll post a working config, if it will work :-)
Greetings, Rainer.
> On 11/1/06, Rainer Schweitzer <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > Some of the cisco cracks may ha
On Fri, Nov 03, 2006, Andrew Pantyukhin wrote:
> On 11/3/06, Adrian Chadd <[EMAIL PROTECTED]> wrote:
> >On Fri, Nov 03, 2006, Andrew Pantyukhin wrote:
> >>
> >> Pix 7.x supports wccp. I don't know of any solution
> >> for squid + pix 6.x.
> >
> >Do you have it working? I'd love to see a working
> >
On 11/3/06, Adrian Chadd <[EMAIL PROTECTED]> wrote:
On Fri, Nov 03, 2006, Andrew Pantyukhin wrote:
>
> Pix 7.x supports wccp. I don't know of any solution
> for squid + pix 6.x.
Do you have it working? I'd love to see a working
configuration for this.
We don't presently use Pix 7.x, but we use
On Fri, Nov 03, 2006, Andrew Pantyukhin wrote:
>
> Pix 7.x supports wccp. I don't know of any solution
> for squid + pix 6.x.
Do you have it working? I'd love to see a working configuration for this.
Thanks,
Adrian
On 11/1/06, Rainer Schweitzer <[EMAIL PROTECTED]> wrote:
Hi,
Some of the cisco cracks may have an advice for me?
I want to set up a transparent proxy and I want
the PIX to redirect all webtraffic (i.e. dest. port 80)
from the LAN-users to the Proxy in the DMZ.
Maybe the Firewall software 7 offer
Hi,
Some of the cisco cracks may have an advice for me?
I want to set up a transparent proxy and I want
the PIX to redirect all webtraffic (i.e. dest. port 80)
from the LAN-users to the Proxy in the DMZ.
Maybe the Firewall software 7 offers a good solution?
I know, this problem is more cisco-relat
tor 2006-03-16 klockan 12:46 -0800 skrev Kamel A. Baba:
> Thanks Henrik. That fixed my problem
> I have 1 more question though. Which would you say is more efficient:
> using the ip_wccp mod or the GRE interface. Any recommendation?
No noticeable difference in performance, but the ip_gre works bet
Thanks Henrik. That fixed my problem!
I have 1 more question though. Which would you say is
more efficient: using the ip_wccp mod or the GRE
interface. Any recommendation?
Thanks,
Kamel
--- Henrik Nordstrom <[EMAIL PROTECTED]>
wrote:
> ons 2006-03-15 klockan 14:03 -0800 skrev Kamel A.
> Baba:
>
ons 2006-03-15 klockan 14:03 -0800 skrev Kamel A. Baba:
> [34:1632] -A PREROUTING -i gre0 -p tcp -m tcp --dport
> 80 -j DNAT --to-destination 127.0.0.1:8080
> COMMIT
Don't DNAT to 127.0.0.1, DNAT to a real IP address..
The loopback address is special, and the kernel will silently drop any
traffi
> Then most likely your NAT rules are not correct.
>
> Or you have rp_filter or similar enabled causing the
> packets to be
> immediately discarded.
>
> Or other firewalling rules discarding the traffic.
>
> iptables-save -c
[EMAIL PROTECTED] ~]# iptables-save -c
# Generated by iptables-save
ons 2006-03-15 klockan 09:22 -0800 skrev Kamel A. Baba:
> Daniel,
>
> Thanks for your help.
> I tried what you suggested. However, I am getting the
> same results as before. The traffic is actually being
> redirected to DG/squid and being decapsulated but
> still DG cannot see the traffic.
Then m
Henrik,
I see that you're very active in helping people on
this list. I am pretty sure everyone appreciates that.
Would you be able to help in fixing my problem
functionality wwise first?
Thanks in advance.
Kamel
--- Henrik Nordstrom <[EMAIL PROTECTED]>
wrote:
> tis 2006-03-14 klockan 23:26 -0
Daniel,
Thanks for your help.
I tried what you suggested. However, I am getting the
same results as before. The traffic is actually being
redirected to DG/squid and being decapsulated but
still DG cannot see the traffic.
I did a tcpdump while trying to access dell.com
(143.166.224.178) and here's
Everyone,
I ran out of file descriptors after putting this config for 1 minute
on a high volume network. I'll improve it with iptables REDIRECT and
load gre module at startup.
Much Regards,
Dan
On 3/15/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
> ons 2006-03-15 klockan 16:56 +0545 skrev
ons 2006-03-15 klockan 08:16 -0500 skrev Shoebottom, Bryan:
> This would work, but will give you some errors on boot as the gre module
> won't be loaded before you start the network.
As the distribution doesn't support GRE there should not be any system
defined network configuration for the gre i
2006 5:31 AM
To: Daniel EPEE LEA
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Transparent caching problem
tis 2006-03-14 klockan 23:26 -0800 skrev Daniel EPEE LEA:
> [EMAIL PROTECTED] network-scripts]# cat ifcfg-gre0
> DEVICE=gre0
> BOOTPROTO=static
> IPADD
sers@squid-cache.org
Subject: RE: [squid-users] Transparent caching problem
Hello Daniel Epee Lea,
Regarding:
2- for ip tables -A PREROUTING -s My_Network/20 -d !
My_Network/20
- i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination
my_cache_server_IP:3128
If the http
ons 2006-03-15 klockan 16:56 +0545 skrev arabinda:
> If the http traffic is very high, is it possible that DNAT can be a bottle
> neck?
If you run out of iptables/netfilter conntrack entries then performance
will go down the drain. This gets logged in the kernel syslog messages
if it happens..
R
]
Sent: Wednesday, March 15, 2006 1:11 PM
To: Ryan Sumida
Cc: Kamel A. Baba; squid-users@squid-cache.org
Subject: Re: [squid-users] Transparent caching problem
Kamel,
I used
1- For gre tunned, after loading ip_gre module at startup, I have
this gre interface.
You can copie it exactly the IP address
tis 2006-03-14 klockan 23:26 -0800 skrev Daniel EPEE LEA:
> [EMAIL PROTECTED] network-scripts]# cat ifcfg-gre0
> DEVICE=gre0
> BOOTPROTO=static
> IPADDR=172.16.1.6
> NETMASK=255.255.255.252
> ONBOOT=yes
> IPV6INIT=no
Eum.. for security reasons it's recommended to make the WCCP GRE
interface a poi
Kamel,
I used
1- For gre tunned, after loading ip_gre module at startup, I have
this gre interface.
You can copie it exactly the IP address in there doesn't matter.
[EMAIL PROTECTED] network-scripts]# cat ifcfg-gre0
DEVICE=gre0
BOOTPROTO=static
IPADDR=172.16.1.6
NETMASK=255.255.255.252
ONBOOT=
fine now but I'm not sure why. I'll figure it out later.
Ryan
"Kamel A. Baba" <[EMAIL PROTECTED]>
03/14/2006 02:35 PM
To
squid-users@squid-cache.org
cc
Kamel Baba <[EMAIL PROTECTED]>
Subject
[squid-users] Transparent caching problem
Hi,
This is kin
Hi,
This is kind of driving me crazy. I've been trying to
get transparent caching to work for the last 2 days
without success.
I am only posting to get help after I read so much on
this and I think I quite understand what needs to be
done but still DG/SQUID do not see the traffic.
Ok, so I have
Hi,
Thanks a lot for helping, Henrik.
I've installed a TPROXY patched squid-2.5.STABLE5 on a Linux with a 2.4.25
cttproxy patched kernel.
Now the only problem I have is to be able to run squid as root.
Setting:
cache_effective_user root
cache_effective_group root
Don't work and squid gives the
On Tue, 27 Apr 2004 [EMAIL PROTECTED] wrote:
> I'd like to know if it's possible to make transparent caching with squid and
> CISCO CSS 11000 device. I need to have the squid server making the HTTP
> request using the client IP address as source (IP spoofing).
Look for TPROXY and it's related Sq
Hi,
I'd like to know if it's possible to make transparent caching with squid and
CISCO CSS 11000 device. I need to have the squid server making the HTTP
request using the client IP address as source (IP spoofing).
The equivalent for this feature with Cisco cache engine 500 is the command:
http
PM
To: John Hally
Cc: '[EMAIL PROTECTED]'
Subject: Re: [squid-users] transparent caching problem
On Wed, 2003-10-08 at 02:54, John Hally wrote:
> Hello,
>
> I'm having a really weird problem where I get refused requests when
browsing
> any sites on the intranet, but Internet
On Wed, 2003-10-08 at 02:54, John Hally wrote:
> Hello,
>
> I'm having a really weird problem where I get refused requests when browsing
> any sites on the intranet, but Internet browsing is fine. As soon as I pull
> the redirect off of the router interface, the ability to browse the intranet
> r
Hello,
I'm having a really weird problem where I get refused requests when browsing
any sites on the intranet, but Internet browsing is fine. As soon as I pull
the redirect off of the router interface, the ability to browse the intranet
returns. Has anyone else experienced this?
Thanks in adva
es something similar?
>
> -Original Message-
> From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 19, 2003 10:52 AM
> To: Bryan Waters
> Cc: [EMAIL PROTECTED]
> Subject: Re: [squid-users] Transparent Caching
>
> ons 2003-03-19 klockan 17.48 skrev
: Wednesday, March 19, 2003 10:52 AM
To: Bryan Waters
Cc: [EMAIL PROTECTED]
Subject: Re: [squid-users] Transparent Caching
ons 2003-03-19 klockan 17.48 skrev Bryan Waters:
> I have two questions...
>
> 1) is there a step-by-step guide to configuring transparent caching for
> squid on linux?
The
ons 2003-03-19 klockan 17.48 skrev Bryan Waters:
> I have two questions...
>
> 1) is there a step-by-step guide to configuring transparent caching for
> squid on linux?
The information you need to known can be found both in the Squid FAQ and
in the Linux Transparent Proxy howto document.
> 2) on
I have two questions...
1) is there a step-by-step guide to configuring transparent caching for
squid on linux? setting up the ipchains/ipfilter so that it caches all
incoming connections...configuring the network, etc. I want to create a
linux/squid-based gateway that catches all web-requests a
54 matches
Mail list logo