Hi folks.
This is week two of doing the usual stuff as IT Manager AND trying to
set up a transparent bridge that redirects web requests to the Squid
proxy server as a cache. Squid is running on the bridge machine. We
can't afford another T1 (our third) and have high saturation five or six
hours a day.
I know that this is not the bridge list or the iptables list. So I won't
troll and pester. Just this one plea :)
squid cache.log:
Starting Squid Cache version 2.4.STABLE7 for i686-pc-linux-
gnu...
2003/04/04 16:35:31| Process ID 815
2003/04/04 16:35:31| With 1024 file descriptors available
2003/04/04 16:35:31| Performing DNS Tests...
2003/04/04 16:35:31| Successful DNS name lookup tests...
2003/04/04 16:35:31| DNS Socket created on FD 4
2003/04/04 16:35:31| Adding nameserver 192.168.1.10 from /etc/resolv.conf
2003/04/04 16:35:31| Adding nameserver 192.168.45.10 from /etc/resolv.conf
2003/04/04 16:35:31| Unlinkd pipe opened on FD 9
2003/04/04 16:35:31| Swap maxSize 1024000 KB, estimated 78769 objects
2003/04/04 16:35:31| Target number of buckets: 3938
2003/04/04 16:35:31| Using 8192 Store buckets
2003/04/04 16:35:31| Max Mem size: 32768 KB
2003/04/04 16:35:31| Max Swap size: 1024000 KB
2003/04/04 16:35:31| Rebuilding storage in /var/spool/squid (DIRTY)
2003/04/04 16:35:31| Using Least Load store dir selection
2003/04/04 16:35:31| Set Current Directory to /var/spool/squid
2003/04/04 16:35:31| Loaded Icons.
2003/04/04 16:35:32| Accepting HTTP connections at 0.0.0.0, port 3128,
FD 11.
2003/04/04 16:35:32| Accepting ICP messages at 0.0.0.0, port 3130, FD 12.
2003/04/04 16:35:32| WCCP Disabled.
2003/04/04 16:35:32| Ready to serve requests.
2003/04/04 16:35:32| Done reading /var/spool/squid swaplog (209 entries)
2003/04/04 16:35:32| Finished rebuilding storage from disk.
2003/04/04 16:35:32| 209 Entries scanned
2003/04/04 16:35:32| 0 Invalid entries.
2003/04/04 16:35:32| 0 With invalid flags.
2003/04/04 16:35:32| 209 Objects loaded.
2003/04/04 16:35:32| 0 Objects expired.
2003/04/04 16:35:32| 0 Objects cancelled.
2003/04/04 16:35:32| 0 Duplicate URLs purged.
2003/04/04 16:35:32| 0 Swapfile clashes avoided.
2003/04/04 16:35:32| Took 0.3 seconds ( 646.5 objects/sec).
2003/04/04 16:35:32| Beginning Validation Procedure
2003/04/04 16:35:32| Completed Validation Procedure
2003/04/04 16:35:32| Validated 209 Entries
2003/04/04 16:35:32| store_swap_size = 2052k
2003/04/04 16:35:32| storeLateRelease: released 0 objects
So it has cached some items at some point during my testing, but I just
got the bridge setup. I promise not to complain about RedHat's startup
scripts...
iptables:
# Generated by iptables-save v1.2.6a on Fri Apr 4 16:30:49 2003
*nat
:PREROUTING ACCEPT [73:7814]
:POSTROUTING ACCEPT [3:268]
:OUTPUT ACCEPT [3:268]
[0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 3128
COMMIT
# Completed on Fri Apr 4 16:30:49 2003
# Generated by iptables-save v1.2.6a on Fri Apr 4 16:30:49 2003
*filter
:INPUT ACCEPT [578:43694]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [394:59664]
[0:0] -A INPUT -s 192.168.1.0 -d 192.168.1.47 -i eth0 -p tcp -m tcp
--dport 3128 -m sta
te --state NEW,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Fri Apr 4 16:30:49 2003
eth0 and eth1 have no IP. br0 is the 192.168.1.47 address. Heck:
br0 Link encap:Ethernet HWaddr 00:01:02:46:73:94
inet addr:192.168.1.47 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4713 errors:0 dropped:0 overruns:0 frame:0
TX packets:1233 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:307453 (300.2 Kb) TX bytes:567603 (554.2 Kb)
eth0 Link encap:Ethernet HWaddr 00:E0:7D:7A:92:7C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2144 errors:0 dropped:0 overruns:0 frame:0
TX packets:5155 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:188105 (183.6 Kb) TX bytes:1969417 (1.8 Mb)
Interrupt:10 Base address:0x1000
eth1 Link encap:Ethernet HWaddr 00:01:02:46:73:94
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4945 errors:0 dropped:0 overruns:0 frame:0
TX packets:1614 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1523615 (1.4 Mb) TX bytes:172456 (168.4 Kb)
Interrupt:11 Base address:0xc400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:140 (140.0 b) TX bytes:140 (140.0 b)
[root@poboy fcdstaff]# top | less
ESC[HESC[JESC[m^Otop - 16:54:34 up 29 min, 3 users, load average:
0.00, 0.00, 0.00ESC
top - 16:54:40 up 29 min, 3 users, load average: 0.00, 0.00, 0.00
Tasks: 44 total, 2 running, 42 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.4% user, 0.5% system, 0.0% nice, 99.2% idle
Mem: 125168k total, 49144k used, 76024k free, 4144k buffers
Swap: 512056k total, 0k used, 512056k free, 19812k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ Command
897 root 15 0 788 788 632 R 1.9 0.6 0:00.02 top
1 root 15 0 476 476 424 S 0.0 0.4 0:04.27 init
2 root 15 0 0 0 0 S 0.0 0.0 0:00.00 keventd
3 root 15 0 0 0 0 S 0.0 0.0 0:00.00 kapmd
4 root 34 19 0 0 0 S 0.0 0.0 0:00.00
ksoftirqd_CPU0
5 root 15 0 0 0 0 S 0.0 0.0 0:00.02 kswapd
6 root 25 0 0 0 0 S 0.0 0.0 0:00.00 bdflush
7 root 15 0 0 0 0 S 0.0 0.0 0:00.00 kupdated
8 root 25 0 0 0 0 S 0.0 0.0 0:00.00
mdrecoveryd
65 root 16 0 0 0 0 S 0.0 0.0 0:00.00 khubd
336 root 15 0 576 576 496 S 0.0 0.5 0:00.06 syslogd
340 root 15 0 428 428 376 S 0.0 0.3 0:00.00 klogd
357 rpc 15 0 532 532 460 S 0.0 0.4 0:00.00 portmap
420 root 15 0 1464 1464 1324 S 0.0 1.2 0:00.17 sshd
435 root 15 0 888 888 760 S 0.0 0.7 0:00.01 xinetd
453 root 15 0 2264 2264 1660 S 0.0 1.8 0:00.00 sendmail
463 smmsp 18 0 2048 2044 1556 S 0.0 1.6 0:00.00 sendmail
473 root 18 0 428 428 380 S 0.0 0.3 0:00.01 gpm
482 root 15 0 612 612 536 S 0.0 0.5 0:00.00 crond
560 xfs 15 0 3112 3112 840 S 0.0 2.5 0:00.08 xfs
578 daemon 15 0 520 520 464 S 0.0 0.4 0:00.00 atd
615 root 15 0 0 0 0 S 0.0 0.0 0:00.00 eth0
632 root 16 0 1216 1216 988 S 0.0 1.0 0:00.11 login
633 root 16 0 404 404 356 S 0.0 0.3 0:00.00 mingetty
634 root 16 0 404 404 356 S 0.0 0.3 0:00.00 mingetty
635 root 16 0 404 404 356 S 0.0 0.3 0:00.00 mingetty
636 root 16 0 404 404 356 S 0.0 0.3 0:00.00 mingetty
637 root 16 0 404 404 356 S 0.0 0.3 0:00.00 mingetty
640 fcdstaff 15 0 1404 1404 1112 S 0.0 1.1 0:00.03 bash
680 root 15 0 1004 1004 828 S 0.0 0.8 0:00.00 su
681 root 15 0 1476 1476 1156 S 0.0 1.2 0:00.06 bash
714 root 15 0 2040 2040 1860 S 0.0 1.6 0:00.04 sshd
716 fcdstaff 15 0 2252 2252 2036 S 0.0 1.8 0:00.19 sshd
717 fcdstaff 15 0 1392 1392 1112 S 0.0 1.1 0:00.03 bash
749 root 15 0 1004 1004 828 S 0.0 0.8 0:00.00 su
750 root 15 0 1460 1460 1156 S 0.0 1.2 0:01.13 bash
813 root 17 0 1104 1104 948 S 0.0 0.9 0:00.00 squid
815 squid 15 0 4552 4552 1360 R 0.0 3.6 0:00.07 squid
816 squid 18 0 244 244 208 S 0.0 0.2 0:00.00 unlinkd
823 root 16 0 2040 2040 1860 S 0.0 1.6 0:00.04 sshd
825 fcdstaff 15 0 2264 2264 2032 S 0.0 1.8 0:00.06 sshd
826 fcdstaff 15 0 1412 1412 1124 S 0.0 1.1 0:00.04 bash
859 root 15 0 1004 1004 828 S 0.0 0.8 0:00.01 su
860 root 15 0 1456 1456 1152 S 0.0 1.2 0:00.12 bash
I don't know what else to send right now,
Linux version 2.4.18-14 (bhcompile@stripples.devel.redhat.com) (gcc
version 3.2 2002090
3 (Red Hat Linux 8.0 3.2-7)) #1 Wed Sep 4 13:35:50 EDT 2002
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 0000000007f00000 (usable)
BIOS-e820: 00000000ffb00000 - 0000000100000000 (reserved)
0MB HIGHMEM available.
127MB LOWMEM available.
On node 0 totalpages: 32512
zone(0): 4096 pages.
zone(1): 28416 pages.
zone(2): 0 pages.
Kernel command line: auto BOOT_IMAGE=linux ro
BOOT_FILE=/boot/vmlinuz-2.4.18-14 root=LA
BEL=/
Initializing CPU#0
Detected 548.149 MHz processor.
Speakup v-1.00 CVS: Tue Jun 11 14:22:53 EDT 2002 : initialized
Console: colour VGA+ 80x25
Calibrating delay loop... 1086.73 BogoMIPS
Memory: 123872k/130048k available (1326k kernel code, 4772k reserved,
999k data, 212k i
nit, 0k highmem)
Dentry cache hash table entries: 16384 (order: 5, 131072 bytes)
Inode cache hash table entries: 8192 (order: 4, 65536 bytes)
Mount cache hash table entries: 2048 (order: 2, 16384 bytes)
ramfs: mounted with options: <defaults>
ramfs: max_pages=15611 max_file_pages=0 max_inodes=0 max_dentries=15611
Buffer cache hash table entries: 4096 (order: 2, 16384 bytes)
Page-cache hash table entries: 32768 (order: 5, 131072 bytes)
CPU: Before vendor init, caps: 0383f9ff 00000000 00000000, vendor = 0
CPU: L1 I cache: 16K, L1 D cache: 16K
CPU: L2 cache: 256K
CPU: After vendor init, caps: 0383f9ff 00000000 00000000 00000000
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
CPU: After generic, caps: 0383f9ff 00000000 00000000 00000000
CPU: Common caps: 0383f9ff 00000000 00000000 00000000
CPU: Intel Pentium III (Coppermine) stepping 01
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Checking 'hlt' instruction... OK.
POSIX conformance testing by UNIFIX
mtrr: v1.40 (20010327) Richard Gooch (rgooch@atnf.csiro.au)
mtrr: detected mtrr type: Intel
PCI: PCI BIOS revision 2.10 entry at 0xfb2e0, last bus=1
PCI: Using configuration type 1
PCI: Probing PCI hardware
Unknown bridge resource 2: assuming transparent
PCI: Using IRQ router PIIX [8086/2410] at 00:1f.0
isapnp: Scanning for PnP cards...
isapnp: No Plug & Play device found
speakup: initialized device: /dev/synth, node (MAJOR 10, MINOR 25)
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16)
Starting kswapd
VFS: Diskquotas version dquot_6.5.0 initialized
pty: 2048 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with MANY_PORTS MULTIPORT
SHARE_IRQ SERIAL_PCI
ISAPNP enabled
ttyS0 at 0x03f8 (irq = 4) is a 16550A
ttyS1 at 0x02f8 (irq = 3) is a 16550A
Real Time Clock Driver v1.10e
oprofile: mapping APIC.
oprofile: enabled local APIC. Err code 00000000
oprofile 0.2 loaded, major 254
block: 240 slots per queue, batch=60
Uniform Multi-Platform E-IDE driver Revision: 6.31
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
PIIX4: IDE controller on PCI bus 00 dev f9
PIIX4: chipset revision 2
PIIX4: not 100% native mode: will probe irqs later
ide0: BM-DMA at 0xf000-0xf007, BIOS settings: hda:DMA, hdb:pio
ide1: BM-DMA at 0xf008-0xf00f, BIOS settings: hdc:DMA, hdd:pio
hda: WDC WD205AA, ATA DISK drive
hdc: CD-ROM 48X/TKU, ATAPI CD/DVD-ROM drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
ide1 at 0x170-0x177,0x376 on irq 15
blk: queue c03c0004, I/O limit 4095Mb (mask 0xffffffff)
blk: queue c03c0004, I/O limit 4095Mb (mask 0xffffffff)
hda: 40079088 sectors (20520 MB) w/2048KiB Cache, CHS=9940/64/63, UDMA(66)
ide-floppy driver 0.99.newide
Partition check:
hda: hda1 hda2 hda3
hda1: <openbsd: hda5 hda6 >
Floppy drive(s): fd0 is 1.44M
FDC 0 is a post-1991 82077
NET4: Frame Diverter 0.46
RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
ide-floppy driver 0.99.newide
md: md driver 0.90.0 MAX_MD_DEVS=256, MD_SB_DISKS=27
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP, IGMP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 8192 bind 16384)
Linux IP multicast router 0.06 plus PIM-SM
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
RAMDISK: Compressed image found at block 0
Freeing initrd memory: 66k freed
VFS: Mounted root (ext2 filesystem).
Freeing unused kernel memory: 212k freed
usb.c: registered new driver usbdevfs
usb.c: registered new driver hub
usb-uhci.c: $Revision: 1.275 $ time 13:44:31 Sep 4 2002
usb-uhci.c: High bandwidth mode enabled
PCI: Found IRQ 9 for device 00:1f.2
PCI: Setting latency timer of device 00:1f.2 to 64
usb-uhci.c: USB UHCI at I/O 0xd000, IRQ 9
usb-uhci.c: Detected 2 ports
usb.c: new USB bus registered, assigned bus number 1
hub.c: USB hub found
hub.c: 2 ports detected
usb-uhci.c: v1.275:USB Universal Host Controller Interface driver
usb.c: registered new driver hiddev
usb.c: registered new driver hid
hid-core.c: v1.8.1 Andreas Gal, Vojtech Pavlik <vojtech@suse.cz>
hid-core.c: USB HID support drivers
mice: PS/2 mouse device common for all mice
Adding Swap: 512056k swap-space (priority -1)
ip_tables: (C) 2000-2002 Netfilter core team
NET4: Ethernet Bridge 008 for NET4.0
divert: allocating divert_blk for br0
8139too Fast Ethernet driver 0.9.25
PCI: Found IRQ 10 for device 01:04.0
divert: allocating divert_blk for eth0
eth0: RealTek RTL8139 Fast Ethernet at 0xc88b1000, 00:e0:7d:7a:92:7c, IRQ 10
eth0: Identified 8139 chip type 'RTL-8139B'
device eth0 entered promiscuous mode
PCI: Found IRQ 11 for device 01:05.0
3c59x: Donald Becker and others. www.scyld.com/network/vortex.html
01:05.0: 3Com PCI 3c905B Cyclone 100baseTx at 0xc400. Vers LK1.1.18-ac
divert: allocating divert_blk for eth1
device eth1 entered promiscuous mode
eth0: Setting 100mbps full-duplex based on auto-negotiated partner
ability 45e1.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth0: Promiscuous mode enabled.
eth1: Setting promiscuous mode.
eth1: Setting promiscuous mode.
eth1: Setting promiscuous mode.
eth1: Setting promiscuous mode.
eth1: Setting promiscuous mode.
br0: port 2(eth1) entering listening state
br0: port 1(eth0) entering listening state
br0: port 2(eth1) entering learning state
br0: port 1(eth0) entering learning state
br0: port 2(eth1) entering forwarding state
br0: topology change detected, propagating
br0: port 1(eth0) entering forwarding state
br0: topology change detected, propagating
ip_conntrack (1016 buckets, 8128 max)
Sorry for sending the kitchen sink. I know there has to be something
dumb keeping this from working. tcpdump shows lots of traffic on br0.
Any help would be greatly appreciated. I can't think of any other
pertinent info without making hard drive images.
eth0 is the Realtek connected to the LAN
eth1 is the 3Com connected to the router
Thanks folks.
-- Lincoln Rutledge Information Technology Manager Fairfield County District Library www.fairfield.lib.oh.us Open Source Automation Software - oss4lib.orgReceived on Fri Apr 04 2003 - 15:04:42 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:41 MST