Hi, Squid-Users,
On Mon, 7 Feb 2000, Henrik Nordstrom wrote:
|o| > This has been consistent in ALL of our installations and we've used
|o| > different Cisco routers (7200's, 2500's, etc.) and different CIOS versions
|o| > (11.3.x, 12.0.x). We've followed the FAQ and Installation guide to the
|o| > letter. There has to be someone else who's experienced this. Are we doing
|o| > something wrong or is there really a problem with Squid?
|o|
|o| If it works when you configure the browser to use Squid as a
|o| proxy, then there is a problem with how traffic is redirected to
|o| Squid.
Perhaps I should have added that the setup works initially but after a
while (we still haven't determined how long or how much access is
necessary), transparent proxying stops working. All we get are network
timeouts.
|o| If Squid stops to function as a proxy when you install the
|o| redirection then there is for sure a problem with your redirection
|o| rules (probably redirecting Squid back on itself)
I'm pretty sure we've excluded the proxy machine from our re-routing
policy.
|o| What setup are you currently trying?
If it's any help, this is how our router config looks like:
access-list 110 deny tcp {proxy-subnet} {proxy-wildcard-bits} any
access-list 110 permit tcp any any eq www
!
route-map squid-redir permit 10
match ip address 110
set ip next-hop {proxy-address}
!
interface {interface-of-incoming-object-requests}
ip policy route-map squid-redir
Here're the pertinent parts of squid.conf:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
|o| Are you using a plain port policy route, or something fancier?
Plain. Has there been much success using WCCP?
|o| What is the smallest Path MTU used in the path from Squid to the
|o| browser?
Browser to Squid? It varies, but we tried it on a workstation on the same
ethernet switch. Or did you mean between Squid and the object server?
|o| Plain port policy routing will mess up Path MTU discovery. Try
|o| disabling MTU discovery on the proxy by running "echo 1
|o| >/proc/sys/net/ipv4/ip_no_pmtu_disc", or by configururing the
|o| client side network interface to use a very small MTU.
I'll try this and see if it works. Should it be just ICMP "Host
unreachables" that should be redirected?
L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,-
LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / /
LLLLL Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / /
LLLLL mailto:richip@mozcom.com `-'-' `-'-' `-'-' `-'-'
Received on Tue Feb 08 2000 - 06:41:47 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:01 MST