Henrik Nordstrom wrote:
> On Monday 04 August 2003 07.52, Larry M. Smith wrote:
>
>>I am trying to set up Squid 2.5-STABLE3 as a transparent proxy with
>>a Cisco 7204 VXR (running IOS 12.2(6))and am running across a
>>maddening problem - works in test network, doesn't work in
>>production network.
>
>
>>will show the redirected packet counter incrementing, access.log is
>>logging client accesses, cache.log shows no abnormalities, and
>
>
>>barely breaking a sweat (squid taking < 1% of CPU), but the clients
>>never get pages and eventually time out. Did a sniff of the
>
>
> Have you instructed your router to not intercept Squid's own traffic?
>
> Same thing in the interception rules on your Squid server? (but if you
> disable the interception on the Cisco I don't think this is the
> problem..)
>
The sniff of the network activity showed that Squid never (well, almost
never) put anything back onto the network wire that would have been
intercepted.
>
>>The only difference between the production and test networks (other
>>than client load) is the production network is redirecting off of
>>atm1/0 while the test network is redirecting off of fa0/0 (and the
>>requisite addressing/configuration changes). I don't believe that
>>to be cause of the functionality problem as in the production
>>network I do see the packets being redirected to Squid.
>
>
> If you see traffic in access.log then the redirection is working.
>
> If you have enabled interception and then normal proxying does not
> work then the interception is intercepting too much, preventing the
> proxy itself from doing what it should. Remember that the proxy is
> just a HTTP client like any other in the eye of interception rules
> and if the proxy uses the same router as your clients then rules is
> needed to instruct the router on what to do with the traffic.
>
How would one go about testing this, and would should I be looking for
in the logs.
> A very good test when verifying networing, interception rules etc is
> to start by verifying that browsing directly from the proxy server
> without using the proxy always works. For this purpose you can use
> lynx/wgetor even squidclient (just remember to specify host and port
> options to squidclient, or else it assumes you want to ask the
> proxy..). If browsing from the proxy server does not work then there
> is networking errors and proxying via the same can not work until the
> networking errors are corrected.
>
Again in the test WCCP environment everything works, when we put a few
hundred clients onto Squid it fails.
Received on Tue Aug 05 2003 - 10:29:51 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:43 MST