Re: [squid-users] transparent caching and missing icmp redirects?

2014-03-10 Thread Per Jessen
Per Jessen wrote: > Presumably I am not the only one with a transparent caching setup. I > have recently upgraded our firewall to openSUSE 13.1, including a > newer kernel. With this, transparent caching has pretty much stopped > working. For large complex pages, such as an on-line newspaper wh

[squid-users] transparent caching and missing icmp redirects?

2014-03-10 Thread Per Jessen
Presumably I am not the only one with a transparent caching setup. I have recently upgraded our firewall to openSUSE 13.1, including a newer kernel. With this, transparent caching has pretty much stopped working. For large complex pages, such as an on-line newspaper where a page will draw on sev

Re: [squid-users] transparent caching

2012-03-20 Thread Amos Jeffries
On 21.03.2012 05:32, Eliezer Croitoru wrote: On 20/03/2012 18:23, Zhu, Shan wrote: Hi, all, I have a fundamental question that, after studying books and on-line documents, I still cannot answer it myself. That is, when configuring Squid for transparent caching, why do we need to forward HTT

Re: [squid-users] transparent caching

2012-03-20 Thread Iojan Sebastian
On 3/20/2012 1:23 PM, Zhu, Shan wrote: Hi, all, I have a fundamental question that, after studying books and on-line documents, I still cannot answer it myself. That is, when configuring Squid for transparent caching, why do we need to forward HTTP from Port 80 to Port 3128? What makes it nec

Re: [squid-users] transparent caching

2012-03-20 Thread Eliezer Croitoru
On 20/03/2012 18:23, Zhu, Shan wrote: Hi, all, I have a fundamental question that, after studying books and on-line documents, I still cannot answer it myself. That is, when configuring Squid for transparent caching, why do we need to forward HTTP from Port 80 to Port 3128? What makes it nece

[squid-users] transparent caching

2012-03-20 Thread Zhu, Shan
Hi, all, I have a fundamental question that, after studying books and on-line documents, I still cannot answer it myself. That is, when configuring Squid for transparent caching, why do we need to forward HTTP from Port 80 to Port 3128? What makes it necessary? If we just let Squid to listen o

Re: [squid-users] Transparent caching proxy, ASA-Squid3

2011-05-25 Thread Amos Jeffries
On 18/05/11 01:50, bmm-mailinglist wrote: A little kick here if you don't mind, as there were no more replies so far. I have unfortunately not been abe to get my setup to work. Any suggestions, as before, are welcome. Regards, Bart "bmm-mailinglist" 26-4-2011 9:31>>> I'm sorry for the dela

[squid-users] Transparent caching proxy, ASA-Squid3

2011-05-17 Thread bmm-mailinglist
A little kick here if you don't mind, as there were no more replies so far. I have unfortunately not been abe to get my setup to work. Any suggestions, as before, are welcome. Regards, Bart >>> "bmm-mailinglist" 26-4-2011 9:31 >>> I'm sorry for the delay; I had a bad case of Easter holidays.

Re: [squid-users] Transparent caching proxy, ASA-Squid3

2011-04-26 Thread bmm-mailinglist
I'm sorry for the delay; I had a bad case of Easter holidays. The network setup is as such; the ASA is in the network management VLAN, the Squid proxy is in the server VLAN. The VLANs are routed on a Cisco 3750, on the ASA's inside interface. Is this a problem? I tried looking for information on

Re: [squid-users] Transparent caching proxy, ASA-Squid3

2011-04-22 Thread Eliezer Croitoru
What is your network setup? What is the position of each device related to the other on the network? both of them on the same network? Eliezer On 22/04/2011 11:43, bmm-mailinglist wrote: Hi all, I am a new Squid user. I like Squid's ease of setup and -use. Unfortunately, I've hit a sna

[squid-users] Transparent caching proxy, ASA-Squid3

2011-04-22 Thread bmm-mailinglist
Hi all, I am a new Squid user. I like Squid's ease of setup and -use. Unfortunately, I've hit a snag. For the past week or so, I have been trying to get a transparent caching proxy going between our Cisco ASA 5510 firewall (with 8.3(2) software) and a fresh Squid 3 install on an Ubuntu 10.04 L

Re: [squid-users] Transparent caching : using non default http port

2006-11-18 Thread Henrik Nordstrom
lör 2006-11-18 klockan 22:22 +0100 skrev Andrew Miehs: > I do not understand why one wouldn't use > > acl accelerated_list dst 1.2.3.4 > > Shouldnt this only allow squid ONLY to try to connect to here, just > in case > someone makes a mess of the cache_peer lines? http_access is on the req

Re: [squid-users] Transparent caching : using non default http port

2006-11-18 Thread Andrew Miehs
I do not understand why one wouldn't use acl accelerated_list dst 1.2.3.4 Shouldnt this only allow squid ONLY to try to connect to here, just in case someone makes a mess of the cache_peer lines? As for which http_headers they send - who cares... Or am I missing something... Andrew

Re: [squid-users] Transparent caching : using non default http port

2006-11-17 Thread Henrik Nordstrom
fre 2006-11-17 klockan 14:24 -0900 skrev Chris Robertson: > http_port 2000 # Make squid listen on port 2000* Almost. Accelerator mode also needs at least one of defaultsite=your.main.website vhost > cache_peer 1.2.3.4 parent 2000 0 no-query originserver > acl accelerated_server dst 1.2.3.4

Re: [squid-users] Transparent caching : using non default http port

2006-11-17 Thread Chris Robertson
Mohan wrote: Chris, that worked... well sorta.. I am seeing these messages in my access logs and on the browser I see "Invalid Request" . Could be missing some acl stuff ? 1163809785.556 3 10.169.155.217 TCP_DENIED/400 1638 GET error:invalid-request - NONE/- text/html 1163809796.231

Re: [squid-users] Transparent caching : using non default http port

2006-11-17 Thread Mohan
Chris, that worked... well sorta.. I am seeing these messages in my access logs and on the browser I see "Invalid Request" . Could be missing some acl stuff ? 1163809785.556 3 10.169.155.217 TCP_DENIED/400 1638 GET error:invalid-request - NONE/- text/html 1163809796.231 38 10.169.155.2

Re: [squid-users] Transparent caching : using non default http port

2006-11-17 Thread Henrik Nordstrom
fre 2006-11-17 klockan 12:52 -0800 skrev Mohan: > I am using squid 2.6 and I > need to setup transparent caching for a webserver running on a port > other than 80. We have a webserver running on port 2000 . I have spent > quite a number of hours trying to figure out in changing this default > setti

Re: [squid-users] Transparent caching : using non default http port

2006-11-17 Thread Chris Robertson
Mohan wrote: Chris Robertson wrote on 11/17/2006, 2:30 PM: > Mohan wrote: > > I am using squid 2.6 and I > > need to setup transparent caching for a webserver running on a port > > other than 80. We have a webserver running on port 2000 . I have spent > > quite a number of hours trying to f

Re: [squid-users] Transparent caching : using non default http port

2006-11-17 Thread Mohan
Chris, Thanks for responding. As you can see I am still confused between the two. I thought in 2.6 Reverse proxy was replaced by InterceptionProxy. Did I get that wrong ? I probably did! How are the two different ? I need to be able to install a cache proxy alongside my webserver to cache s

Re: [squid-users] Transparent caching : using non default http port

2006-11-17 Thread Chris Robertson
Mohan wrote: I am using squid 2.6 and I need to setup transparent caching for a webserver running on a port other than 80. We have a webserver running on port 2000 . I have spent quite a number of hours trying to figure out in changing this default setting. Is there a way to change this ? Fir

[squid-users] Transparent caching : using non default http port

2006-11-17 Thread Mohan
I am using squid 2.6 and I need to setup transparent caching for a webserver running on a port other than 80. We have a webserver running on port 2000 . I have spent quite a number of hours trying to figure out in changing this default setting. Is there a way to change this ?

Re: [squid-users] Transparent Caching with Cisco PIX

2006-11-03 Thread Rainer Schweitzer
On Fri, 2006-11-03 at 04:20 +0300, Andrew Pantyukhin wrote: Tanks for all replies! I'll try that wccp thing. (next week) I'll post a working config, if it will work :-) Greetings, Rainer. > On 11/1/06, Rainer Schweitzer <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Some of the cisco cracks may ha

Re: [squid-users] Transparent Caching with Cisco PIX

2006-11-02 Thread Adrian Chadd
On Fri, Nov 03, 2006, Andrew Pantyukhin wrote: > On 11/3/06, Adrian Chadd <[EMAIL PROTECTED]> wrote: > >On Fri, Nov 03, 2006, Andrew Pantyukhin wrote: > >> > >> Pix 7.x supports wccp. I don't know of any solution > >> for squid + pix 6.x. > > > >Do you have it working? I'd love to see a working > >

Re: [squid-users] Transparent Caching with Cisco PIX

2006-11-02 Thread Andrew Pantyukhin
On 11/3/06, Adrian Chadd <[EMAIL PROTECTED]> wrote: On Fri, Nov 03, 2006, Andrew Pantyukhin wrote: > > Pix 7.x supports wccp. I don't know of any solution > for squid + pix 6.x. Do you have it working? I'd love to see a working configuration for this. We don't presently use Pix 7.x, but we use

Re: [squid-users] Transparent Caching with Cisco PIX

2006-11-02 Thread Adrian Chadd
On Fri, Nov 03, 2006, Andrew Pantyukhin wrote: > > Pix 7.x supports wccp. I don't know of any solution > for squid + pix 6.x. Do you have it working? I'd love to see a working configuration for this. Thanks, Adrian

Re: [squid-users] Transparent Caching with Cisco PIX

2006-11-02 Thread Andrew Pantyukhin
On 11/1/06, Rainer Schweitzer <[EMAIL PROTECTED]> wrote: Hi, Some of the cisco cracks may have an advice for me? I want to set up a transparent proxy and I want the PIX to redirect all webtraffic (i.e. dest. port 80) from the LAN-users to the Proxy in the DMZ. Maybe the Firewall software 7 offer

[squid-users] Transparent Caching with Cisco PIX

2006-11-01 Thread Rainer Schweitzer
Hi, Some of the cisco cracks may have an advice for me? I want to set up a transparent proxy and I want the PIX to redirect all webtraffic (i.e. dest. port 80) from the LAN-users to the Proxy in the DMZ. Maybe the Firewall software 7 offers a good solution? I know, this problem is more cisco-relat

Re: [squid-users] Transparent caching problem

2006-03-16 Thread Henrik Nordstrom
tor 2006-03-16 klockan 12:46 -0800 skrev Kamel A. Baba: > Thanks Henrik. That fixed my problem > I have 1 more question though. Which would you say is more efficient: > using the ip_wccp mod or the GRE interface. Any recommendation? No noticeable difference in performance, but the ip_gre works bet

Re: [squid-users] Transparent caching problem

2006-03-16 Thread Kamel A. Baba
Thanks Henrik. That fixed my problem! I have 1 more question though. Which would you say is more efficient: using the ip_wccp mod or the GRE interface. Any recommendation? Thanks, Kamel --- Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > ons 2006-03-15 klockan 14:03 -0800 skrev Kamel A. > Baba: >

Re: [squid-users] Transparent caching problem

2006-03-15 Thread Henrik Nordstrom
ons 2006-03-15 klockan 14:03 -0800 skrev Kamel A. Baba: > [34:1632] -A PREROUTING -i gre0 -p tcp -m tcp --dport > 80 -j DNAT --to-destination 127.0.0.1:8080 > COMMIT Don't DNAT to 127.0.0.1, DNAT to a real IP address.. The loopback address is special, and the kernel will silently drop any traffi

Re: [squid-users] Transparent caching problem

2006-03-15 Thread Kamel A. Baba
> Then most likely your NAT rules are not correct. > > Or you have rp_filter or similar enabled causing the > packets to be > immediately discarded. > > Or other firewalling rules discarding the traffic. > > iptables-save -c [EMAIL PROTECTED] ~]# iptables-save -c # Generated by iptables-save

Re: [squid-users] Transparent caching problem

2006-03-15 Thread Henrik Nordstrom
ons 2006-03-15 klockan 09:22 -0800 skrev Kamel A. Baba: > Daniel, > > Thanks for your help. > I tried what you suggested. However, I am getting the > same results as before. The traffic is actually being > redirected to DG/squid and being decapsulated but > still DG cannot see the traffic. Then m

Re: [squid-users] Transparent caching problem

2006-03-15 Thread Kamel A. Baba
Henrik, I see that you're very active in helping people on this list. I am pretty sure everyone appreciates that. Would you be able to help in fixing my problem functionality wwise first? Thanks in advance. Kamel --- Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > tis 2006-03-14 klockan 23:26 -0

Re: [squid-users] Transparent caching problem

2006-03-15 Thread Kamel A. Baba
Daniel, Thanks for your help. I tried what you suggested. However, I am getting the same results as before. The traffic is actually being redirected to DG/squid and being decapsulated but still DG cannot see the traffic. I did a tcpdump while trying to access dell.com (143.166.224.178) and here's

Re: [squid-users] Transparent caching problem

2006-03-15 Thread Daniel EPEE LEA
Everyone, I ran out of file descriptors after putting this config for 1 minute on a high volume network. I'll improve it with iptables REDIRECT and load gre module at startup. Much Regards, Dan On 3/15/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > ons 2006-03-15 klockan 16:56 +0545 skrev

RE: [squid-users] Transparent caching problem

2006-03-15 Thread Henrik Nordstrom
ons 2006-03-15 klockan 08:16 -0500 skrev Shoebottom, Bryan: > This would work, but will give you some errors on boot as the gre module > won't be loaded before you start the network. As the distribution doesn't support GRE there should not be any system defined network configuration for the gre i

RE: [squid-users] Transparent caching problem

2006-03-15 Thread Shoebottom, Bryan
2006 5:31 AM To: Daniel EPEE LEA Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Transparent caching problem tis 2006-03-14 klockan 23:26 -0800 skrev Daniel EPEE LEA: > [EMAIL PROTECTED] network-scripts]# cat ifcfg-gre0 > DEVICE=gre0 > BOOTPROTO=static > IPADD

RE: [squid-users] Transparent caching problem

2006-03-15 Thread Shoebottom, Bryan
sers@squid-cache.org Subject: RE: [squid-users] Transparent caching problem Hello Daniel Epee Lea, Regarding: 2- for ip tables -A PREROUTING -s My_Network/20 -d ! My_Network/20 - i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination my_cache_server_IP:3128 If the http

RE: [squid-users] Transparent caching problem

2006-03-15 Thread Henrik Nordstrom
ons 2006-03-15 klockan 16:56 +0545 skrev arabinda: > If the http traffic is very high, is it possible that DNAT can be a bottle > neck? If you run out of iptables/netfilter conntrack entries then performance will go down the drain. This gets logged in the kernel syslog messages if it happens.. R

RE: [squid-users] Transparent caching problem

2006-03-15 Thread arabinda
] Sent: Wednesday, March 15, 2006 1:11 PM To: Ryan Sumida Cc: Kamel A. Baba; squid-users@squid-cache.org Subject: Re: [squid-users] Transparent caching problem Kamel, I used 1- For gre tunned, after loading ip_gre module at startup, I have this gre interface. You can copie it exactly the IP address

Re: [squid-users] Transparent caching problem

2006-03-15 Thread Henrik Nordstrom
tis 2006-03-14 klockan 23:26 -0800 skrev Daniel EPEE LEA: > [EMAIL PROTECTED] network-scripts]# cat ifcfg-gre0 > DEVICE=gre0 > BOOTPROTO=static > IPADDR=172.16.1.6 > NETMASK=255.255.255.252 > ONBOOT=yes > IPV6INIT=no Eum.. for security reasons it's recommended to make the WCCP GRE interface a poi

Re: [squid-users] Transparent caching problem

2006-03-14 Thread Daniel EPEE LEA
Kamel, I used 1- For gre tunned, after loading ip_gre module at startup, I have this gre interface. You can copie it exactly the IP address in there doesn't matter. [EMAIL PROTECTED] network-scripts]# cat ifcfg-gre0 DEVICE=gre0 BOOTPROTO=static IPADDR=172.16.1.6 NETMASK=255.255.255.252 ONBOOT=

Re: [squid-users] Transparent caching problem

2006-03-14 Thread Ryan Sumida
fine now but I'm not sure why. I'll figure it out later. Ryan "Kamel A. Baba" <[EMAIL PROTECTED]> 03/14/2006 02:35 PM To squid-users@squid-cache.org cc Kamel Baba <[EMAIL PROTECTED]> Subject [squid-users] Transparent caching problem Hi, This is kin

[squid-users] Transparent caching problem

2006-03-14 Thread Kamel A. Baba
Hi, This is kind of driving me crazy. I've been trying to get transparent caching to work for the last 2 days without success. I am only posting to get help after I read so much on this and I think I quite understand what needs to be done but still DG/SQUID do not see the traffic. Ok, so I have

Re: [squid-users] transparent caching with squid + CISCO CSS 11000

2004-05-12 Thread fclaire
Hi, Thanks a lot for helping, Henrik. I've installed a TPROXY patched squid-2.5.STABLE5 on a Linux with a 2.4.25 cttproxy patched kernel. Now the only problem I have is to be able to run squid as root. Setting: cache_effective_user root cache_effective_group root Don't work and squid gives the

Re: [squid-users] transparent caching with squid + CISCO CSS 11000

2004-04-27 Thread Henrik Nordstrom
On Tue, 27 Apr 2004 [EMAIL PROTECTED] wrote: > I'd like to know if it's possible to make transparent caching with squid and > CISCO CSS 11000 device. I need to have the squid server making the HTTP > request using the client IP address as source (IP spoofing). Look for TPROXY and it's related Sq

[squid-users] transparent caching with squid + CISCO CSS 11000

2004-04-27 Thread fclaire
Hi, I'd like to know if it's possible to make transparent caching with squid and CISCO CSS 11000 device. I need to have the squid server making the HTTP request using the client IP address as source (IP spoofing). The equivalent for this feature with Cisco cache engine 500 is the command: http

RE: [squid-users] transparent caching problem

2003-10-08 Thread John Hally
PM To: John Hally Cc: '[EMAIL PROTECTED]' Subject: Re: [squid-users] transparent caching problem On Wed, 2003-10-08 at 02:54, John Hally wrote: > Hello, > > I'm having a really weird problem where I get refused requests when browsing > any sites on the intranet, but Internet

Re: [squid-users] transparent caching problem

2003-10-07 Thread Robert Collins
On Wed, 2003-10-08 at 02:54, John Hally wrote: > Hello, > > I'm having a really weird problem where I get refused requests when browsing > any sites on the intranet, but Internet browsing is fine. As soon as I pull > the redirect off of the router interface, the ability to browse the intranet > r

[squid-users] transparent caching problem

2003-10-07 Thread John Hally
Hello, I'm having a really weird problem where I get refused requests when browsing any sites on the intranet, but Internet browsing is fine. As soon as I pull the redirect off of the router interface, the ability to browse the intranet returns. Has anyone else experienced this? Thanks in adva

Re: [squid-users] Transparent Caching

2003-03-20 Thread Henrik Nordstrom
es something similar? > > -Original Message- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 19, 2003 10:52 AM > To: Bryan Waters > Cc: [EMAIL PROTECTED] > Subject: Re: [squid-users] Transparent Caching > > ons 2003-03-19 klockan 17.48 skrev

RE: [squid-users] Transparent Caching

2003-03-19 Thread Bryan Waters
: Wednesday, March 19, 2003 10:52 AM To: Bryan Waters Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Transparent Caching ons 2003-03-19 klockan 17.48 skrev Bryan Waters: > I have two questions... > > 1) is there a step-by-step guide to configuring transparent caching for > squid on linux? The

Re: [squid-users] Transparent Caching

2003-03-19 Thread Henrik Nordstrom
ons 2003-03-19 klockan 17.48 skrev Bryan Waters: > I have two questions... > > 1) is there a step-by-step guide to configuring transparent caching for > squid on linux? The information you need to known can be found both in the Squid FAQ and in the Linux Transparent Proxy howto document. > 2) on

[squid-users] Transparent Caching

2003-03-19 Thread Bryan Waters
I have two questions... 1) is there a step-by-step guide to configuring transparent caching for squid on linux? setting up the ipchains/ipfilter so that it caches all incoming connections...configuring the network, etc. I want to create a linux/squid-based gateway that catches all web-requests a