Re: [squid-users] Re: transparent (intercepting?) without wccp, options?

From: Eliezer Croitoru <>
Date: Sat, 07 Jul 2012 06:02:28 +0300

On 7/7/2012 4:52 AM, Amos Jeffries wrote:
>> #i use conntrack to flush the old sessions so all the new ones will be
>> redirected to squid.
>> conntrack -F
> This need to be noted as quite dangerous. It will force all existing
> connections into the NEW state and pass them through Squid
> *immediately*. Which will result in Squid rejecting all the invalid
> half-completed HTTP transactions.
> New connections will go through TPROXY and get conntrack records
> associated with it anyway, without need of a flush.
> Idle HTTP connections are the exception here. The next packet Squid
> sees is valid HTTP so they are not rejected.
thanks for the note good.
indeed you are right and i have another script that i have used to FLUSH
only specific criteria session's but it was really meant only as an
init\startup script so no harm should be done there unless the admin is
really into reconfigure the server every couple minutes.

>> #i have used a router so i needed to flush the routes cache
>> ip -s route flush cache
>> #end
>> ELiezer

Eliezer Croitoru
IT consulting for Nonprofit organizations
eliezer <at>
Received on Sat Jul 07 2012 - 03:02:39 MDT

This archive was generated by hypermail 2.2.0 : Sat Jul 07 2012 - 12:00:01 MDT