Hi!
I have this wierd problem... and I am not sure where the problem really
is...
We are trying to set up squid as a transparent (intercepting) proxy. We are
using a Cabletron-Smart Switch Router 2000 to intercept http traffic and
redirect it to our squid, this seems to work fine. When we enable
redirecting in the router browsing works fine, when we kill squid browsing
stops.. This makes me think redirecting in the router works...
I am not entirely sure that I have the kernel configured correctly, if
someone could tell me what I have to check it would be appreciated.
Some information about the system is found below..
Thanks in advance
Andreas Lidberg
I am running squid 2.4STABLE1 on RedHat 7.0
System: PIII 500Mhz, 256Mb mem, 9Gb SCSI
Ipchains is set up with the following rules..
eth0 is public, router redirects to eth0, (squid goes out on eth0 too)
eth1 is local, only used for administration locally
# Default policies:
${FW} -P input REJECT # Incoming policy: reject (quick error)
${FW} -P output ACCEPT # Output policy: accept
${FW} -P forward DENY # Forwarding policy: deny
# Input Rules:
# Local Ethernet-interface:
# Redirect to Squid proxy server:
${ADD} input -p tcp -d 0/0 80 -i eth0 -j REDIRECT 3128
# Allow comm to and from DNS
${ADD} input -p all -s [dns1-ip] -d 0/0 -i eth0 -j ACCEPT
${ADD} input -p all -s [dns2-ip] -d 0/0 -i eth0 -j ACCEPT
# Allow ping from Router (otherwise router will not redirect)
${ADD} input -p icmp -s [router-ip] -i eth0 -j ACCEPT
# Allow everything else
${ADD} input -p all -s 0/0 -i eth0 -j ACCEPT
# Loopback-interface (local access, eg, to local nameserver):
${ADD} input -j ACCEPT -s localhost/32 -d localhost/32
# Accept packets from local network:
${ADD} input -i eth1 -j ACCEPT
Someone might recognize the above script... itīs originally from the FAQ..
Thanks to Leon Brooks
I can see on the counters (doing ipcahins --list -v) that something goes in
and out but nothing gets redirected to squid.
Chain input (policy REJECT: 4676 packets, 624777 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
0 0 REDIRECT tcp ------ 0xFF 0x00 eth0
anywhere anywhere any -> www => squid
56 9123 ACCEPT all ------ 0xFF 0x00 eth0
[dns1] anywhere n/a
6 549 ACCEPT all ------ 0xFF 0x00 eth0
[dns2] anywhere n/a
0 0 ACCEPT icmp ------ 0xFF 0x00 eth0
[router] anywhere any -> any
3278 383K ACCEPT all ------ 0xFF 0x00 eth0
anywhere anywhere n/a
0 0 ACCEPT all ------ 0xFF 0x00 any
[squid] [squid] n/a
21483 4397K ACCEPT all ------ 0xFF 0x00 eth1
anywhere anywhere n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
Chain output (policy ACCEPT: 37481 packets, 17680420 bytes):
cahce.log from recent restart (if it could be a lead)
2001/04/23 10:29:59| Preparing for shutdown after 6 requests
2001/04/23 10:29:59| Waiting 30 seconds for active connections to finish
2001/04/23 10:29:59| FD 8 Closing HTTP connection
2001/04/23 10:30:00| Shutting down...
2001/04/23 10:30:00| FD 10 Closing ICP connection
2001/04/23 10:30:00| Closing unlinkd pipe on FD 9
2001/04/23 10:30:00| storeDirWriteCleanLogs: Starting...
2001/04/23 10:30:00| xrename: renaming /squid/logs/cache_swap_log.00.clean
to /squid/logs/cache_swap_log.00
2001/04/23 10:30:00| Finished. Wrote 620 entries.
2001/04/23 10:30:00| Took 0.0 seconds (493630.6 entries/sec).
CPU Usage: 13.820 seconds = 8.120 user + 5.700 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 370
Memory usage for squid via mallinfo():
total space in arena: 2748 KB
Ordinary blocks: 2711 KB 47 blks
Small blocks: 0 KB 0 blks
Holding blocks: 176 KB 1 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 36 KB
Total in use: 2887 KB 105%
Total free: 36 KB 1%
2001/04/23 10:30:00| 2K Buffer : 3 x 2048 bytes = 6 KB
2001/04/23 10:30:00| acl : 7 x 48 bytes = 1 KB
2001/04/23 10:30:00| acl_access : 9 x 16 bytes = 1 KB
2001/04/23 10:30:00| acl_ip_data : 2 x 16 bytes = 1 KB
2001/04/23 10:30:00| acl_list : 11 x 12 bytes = 1 KB
2001/04/23 10:30:00| HttpReply : 42 x 108 bytes = 5 KB
2001/04/23 10:30:00| HttpHeaderEntry : 294 x 20 bytes = 6 KB
2001/04/23 10:30:00| HttpHdrCc : 42 x 16 bytes = 1 KB
2001/04/23 10:30:00| intlist : 3 x 8 bytes = 1 KB
2001/04/23 10:30:00| MemObject : 42 x 108 bytes = 5 KB
2001/04/23 10:30:00| mem_node : 42 x 12 bytes = 1 KB
2001/04/23 10:30:00| Store Mem Buffer : 42 x 4096 bytes = 168 KB
2001/04/23 10:30:00| StoreEntry : 662 x 48 bytes = 32 KB
2001/04/23 10:30:00| wordlist : 4 x 8 bytes = 1 KB
2001/04/23 10:30:00| ClientInfo : 2 x 236 bytes = 1 KB
2001/04/23 10:30:00| MD5 digest : 662 x 16 bytes = 11 KB
2001/04/23 10:30:00| Short Strings : 407 x 36 bytes = 15 KB
2001/04/23 10:30:00| cbdata : 11 x 24 bytes = 1 KB
2001/04/23 10:30:00| event : 7 x 32 bytes = 1 KB
2001/04/23 10:30:00| LRU policy node : 662 x 12 bytes = 8 KB
2001/04/23 10:30:00| ipcache_entry : 3 x 68 bytes = 1 KB
2001/04/23 10:30:00| memCleanModule: 21 pools are left dirty
2001/04/23 10:30:00| Squid Cache (Version 2.4.STABLE1): Exiting normally.
2001/04/23 10:30:07| Starting Squid Cache version 2.4.STABLE1 for
i686-pc-linux-gnu...
2001/04/23 10:30:07| Process ID 6556
2001/04/23 10:30:07| With 1024 file descriptors available
2001/04/23 10:30:07| Performing DNS Tests...
2001/04/23 10:30:07| Successful DNS name lookup tests...
2001/04/23 10:30:07| DNS Socket created on FD 4
2001/04/23 10:30:07| Adding nameserver 212.112.42.66 from /etc/resolv.conf
2001/04/23 10:30:07| Adding nameserver 212.112.42.67 from /etc/resolv.conf
2001/04/23 10:30:07| Unlinkd pipe opened on FD 9
2001/04/23 10:30:07| Swap maxSize 1048576 KB, estimated 80659 objects
2001/04/23 10:30:07| Target number of buckets: 4032
2001/04/23 10:30:07| Using 8192 Store buckets
2001/04/23 10:30:07| Max Mem size: 16384 KB
2001/04/23 10:30:07| Max Swap size: 1048576 KB
2001/04/23 10:30:07| Rebuilding storage in /squid/cache (CLEAN)
2001/04/23 10:30:07| Using Least Load store dir selection
2001/04/23 10:30:07| Set Current Directory to /squid/cache
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '596'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '521'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '516'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '504'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '492'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '535'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '520'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '542'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '543'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '534'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '528'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '543'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '523'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '525'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '523'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '531'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '521'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '535'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '525'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '536'
2001/04/23 10:30:07| storeCreate: Selected dir '0' for obj size '560'
2001/04/23 10:30:07| Loaded Icons.
2001/04/23 10:30:07| Accepting HTTP connections at 0.0.0.0, port 3128, FD
11.
2001/04/23 10:30:07| Accepting ICP messages at 0.0.0.0, port 3130, FD 12.
2001/04/23 10:30:07| WCCP Disabled.
2001/04/23 10:30:07| Ready to serve requests.
2001/04/23 10:30:08| Done reading /squid/cache swaplog (620 entries)
2001/04/23 10:30:08| xrename: renaming /squid/logs/cache_swap_log.00.new to
/squid/logs/cache_swap_log.00
2001/04/23 10:30:08| Finished rebuilding storage from disk.
2001/04/23 10:30:08| 620 Entries scanned
2001/04/23 10:30:08| 0 Invalid entries.
2001/04/23 10:30:08| 0 With invalid flags.
2001/04/23 10:30:08| 620 Objects loaded.
2001/04/23 10:30:08| 0 Objects expired.
2001/04/23 10:30:08| 0 Objects cancelled.
2001/04/23 10:30:08| 0 Duplicate URLs purged.
2001/04/23 10:30:08| 0 Swapfile clashes avoided.
2001/04/23 10:30:08| Took 0.6 seconds (1053.0 objects/sec).
2001/04/23 10:30:08| Beginning Validation Procedure
2001/04/23 10:30:08| Completed Validation Procedure
2001/04/23 10:30:08| Validated 620 Entries
2001/04/23 10:30:08| store_swap_size = 8800k
2001/04/23 10:30:08| storeLateRelease: released 0 objects
Received on Mon Apr 23 2001 - 07:24:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:26 MST