RE: [squid-users] Transparent caching problem from Shoebottom, Bryan on 2006-03-15 (squid-users)

From: Shoebottom, Bryan <BShoebottom@dont-contact.us>
Date: Wed, 15 Mar 2006 08:11:39 -0500

Hey,

I use redirect as opposed to dnat:

/sbin/iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 3128

Thanks,
Bryan

-----Original Message-----
From: arabinda [mailto:arabinda@pbn.net.np]
Sent: March 15, 2006 6:12 AM
To: 'Daniel EPEE LEA'; squid-users@squid-cache.org
Subject: RE: [squid-users] Transparent caching problem

Hello Daniel Epee Lea,

Regarding:
2- for ip tables -A PREROUTING -s My_Network/20 -d !
My_Network/20
- i gre0 -p tcp -m tcp --dport 80 -j DNAT --to-destination
my_cache_server_IP:3128

If the http traffic is very high, is it possible that DNAT can be a
bottle
neck? Coz I have tried something like this and I could not find any
performance improvement by using proxy. Rather the performance degraded.
May
be something in squid configuration is wrong.

Please suggest. Thanks.

Regards
Devel.

-----Original Message-----
From: Daniel EPEE LEA [mailto:epeelea@gmail.com]
Sent: Wednesday, March 15, 2006 1:11 PM
To: Ryan Sumida
Cc: Kamel A. Baba; squid-users@squid-cache.org
Subject: Re: [squid-users] Transparent caching problem

Kamel,

I used

1- For gre tunned, after loading ip_gre module at startup, I have
this gre interface.
You can copie it exactly the IP address in there doesn't matter.

[root@cachedla network-scripts]# cat ifcfg-gre0
DEVICE=gre0
BOOTPROTO=static
IPADDR=172.16.1.6
NETMASK=255.255.255.252
ONBOOT=yes
IPV6INIT=no

and

2- for ip tables
-A PREROUTING -s My_Network/20 -d ! My_Network/20 -i gre0 -p tcp -m
tcp --dport 80 -j DNAT --to-destination my_cache_server_IP:3128

This is where I was mistaken, after doing this it worked!!

3- Make sure your /etc/sysctl.conf is allright too
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 0

For more details on IP tables and GRE, please check these links ;)
http://www.reub.net/node/3

http://www.squid-cache.org/mail-archive/squid-users/200510/0027.html

Hope this helps,

--
--------------------------
Daniel Epee Lea
-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006
 
-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006

Received on Wed Mar 15 2006 - 06:12:48 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST