Re: work squid in solaris 2.6 as transparent proxy

On Wed, Jul 08, 1998 at 08:36:23PM +0000, Leigh Porter wrote:
> Michael Fuhr wrote:
>
> > I set up Squid with IP Filter[1] and transproxy[2] on Solaris 2.6 but
> > had trouble with connections hanging. Has anyone else had similar
> > trouble? I'm going to see how OpenBSD performs with the same setup.
>
> What kind of overhead does transproxy have? I see it will start a process
> per
> a connection, how does this fare on Solaris with potentially thousands of
> them
> open ;-)

I haven't been able to see what kind of overhead transproxy will impose
because of the trouble with hanging connections, but I'm definitely
concerned about performance as I expect to see over a million hits per
day on this system. The problem with stuck connections seems to be my
build of IP Filter on Solaris 2.6 -- I set up my test machine without
transproxy (i.e., I configured IP Filter to forward packets to port
3128 and set up Squid as an accelerator) but the problem persisted.
I still plan on giving OpenBSD a shot.

> I was using Squid with transparrent proxying on a Linux box quite a while
> ago without the need for transproxy (Squid sat in port 80 it's self with
> everything
> thrown at it directly by IPfw). Would this work on Solaris (Still using a
> Cisco to
> policy-route port 80 to the cache)?

This will work as long as you have some mechanism like IP Filter to
forward the packets to Squid. I'm still not sure why I was seeing
stuck sessions but it was far too frequent to use in production.

The only reason I considered using transproxy was to support ancient
browsers that don't send the HTTP Host: header -- for those cases
transproxy will take the original destination address and build a proxy
request like "GET http://192.172.226.146/ HTTP/1.0". Unfortunately we
still have a few old browsers around, but I'm hoping we can find and
upgrade them so I won't have to worry about it.

-- 
Michael Fuhr
http://www.fuhr.net/~mfuhr/