Re: [squid-users] Re: transparent (intercepting?) without wccp, options?

From: Amos Jeffries <>
Date: Sat, 07 Jul 2012 13:52:59 +1200

On 7/07/2012 2:42 a.m., Eliezer Croitoru wrote:
> On 7/6/2012 5:16 AM, Ezequiel Birman wrote:
>>>>>>> "Eliezer" == Eliezer Croitoru writes:
>> > On 7/5/2012 4:48 AM, Ezequiel Birman wrote:
> <SNIP>
>> > dont worry! i dont know anyone that masters linux and got it all
>> > from books he didnt bout :)
>> XD I meant, of course, the two squid books, Begginer's Guide and
>> advanced. Anyway, if i get this right maybe I'll write a tutorial
>> myself.
> it's nice to read these books but most of what you need to know is
> just out there waiting for you to read.

Pretty much. The squid wiki is a digital conversion of the definitive
guide which has been kept more up to date (but not yet perfect, help
wanted). The beginners guide is a compilation built on the wiki and
other tutorials.

> #i use conntrack to flush the old sessions so all the new ones will be
> redirected to squid.
> conntrack -F

This need to be noted as quite dangerous. It will force all existing
connections into the NEW state and pass them through Squid
*immediately*. Which will result in Squid rejecting all the invalid
half-completed HTTP transactions.
  New connections will go through TPROXY and get conntrack records
associated with it anyway, without need of a flush.
  Idle HTTP connections are the exception here. The next packet Squid
sees is valid HTTP so they are not rejected.

> #i have used a router so i needed to flush the routes cache
> ip -s route flush cache
> #end
> ELiezer
Received on Sat Jul 07 2012 - 01:53:11 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 07 2012 - 12:00:01 MDT