Re: [squid-users] squid tproxy

Hi Amos,

One input from my side.

Current network is ISP network and they having BGP routed public ip
pool.So does it has any conflict with them.?

Because traffic comes into tproxy iptables rules means marking dones
is good but requests are not coming into squid access.log.

Best Regards,
Benjamin

On Sun, Sep 25, 2011 at 6:43 PM, benjamin fernandis
<benjo11111_at_gmail.com> wrote:
>  Hi Amos,
>
> Thanks for your kind response.As per your reply ,i set rp_filter value 2
> .But no luck.
>
> And then i tried for bridge mode in that i can see traffic in tproxy
> iptables rules, but i m not getting requests in squid access.log
>
> my os : fedora 15 64 bit
> kernel:  2.6.40.4-5.fc15.x86_64
> squid : Squid Cache: Version 3.1.15
>
>
> As per your before suggestions, i used latest kernel and latest squid
> version.But still same issue i  am facing.Please please guide me to
> solve this problem.
>
> Regards,
> Benjamin
>
>
>
> On Sat, Sep 24, 2011 at 11:03 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On Fri, 23 Sep 2011 16:49:24 +0530, benjamin fernandis wrote:
>>>
>>> Hi All,
>>>
>>> I am trying to deploy squid with existing network for cache gain and
>>> tproxy feature.I configured squid properly there is no error.I can see
>>> traffic in access.log and iptables tproxy rule but at end users end
>>> they are getting squid error page with request time out.
>>>
>>> What could be the mistake behind this problem.?
>>>
>>> Is there anything remaining in squid?
>>
>> It has recently been brought to my attentino that the rp_filter system
>> underwent a re-designe in kernel 2.6.32 and what we had in the wiki is doing
>> the opposite (strict blocking) of what we wanted (loose checks default, none
>> on the interface). Check your rp_filter values they should be "2" now where
>> previously we were advising "1", and "0" on the interface where TPROXY is
>> happening.
>>
>>
>>>
>>> reference : http://wiki.squid-cache.org/Features/Tproxy4
>>>
>>>
>>> squid version: 3.1.15
>>> os : fedora 15
>>>
>>>
>>> Squid in network:
>>>
>>>     ROUTER   ------------> PBR CONFIGURATION  ( FOR port 80 traffic
>>> pass to squid from bandwith shapper , for port 80 traffic pass
>>> internet to squid)
>>>          |
>>>          |
>>>       SWITCH
>>>        |  |
>>>        |  | -----SQUID BOX
>>>        |
>>>    BANDWITH
>>>     SHAPPER
>>>        |
>>>        |
>>> END USERS
>>>
>>>
>>>
>>> Kindly guide me to solve this abnormal problem.
>>>
>>>
>>> Thanks,
>>> Benjamin
>>
>>
>
Received on Mon Sep 26 2011 - 05:07:44 MDT