Re: [squid-users] TPROXY Squid Error.

From: Info OoDoO <info_at_oodoo.co.in>
Date: Tue, 8 Jul 2014 23:48:05 +0530

+Eliezer

Thanks,
Ganesh J

On Tue, Jul 8, 2014 at 11:46 PM, Info OoDoO <info_at_oodoo.co.in> wrote:
> Sorry for the other mail chain. it was opened accidentally yesterday.
>
> Thanks for the response.
>
> please find the required data below.
>
> http://pastebin.com/Abs3QmMe --> cache.log
>
> http://pastebin.com/eS94BHHu --> TCP Dump.
>
> I was able to see the site logged in access.log with http code 504,
> Gateway Timed Out. so i thought the packets are sent to squid.
>
> For your kind attention, i have not installed Squid 3.1.10 from YUM. I
> have Compiled and installed from the source with the following
> options.
>
> http://pastebin.com/jFhzd3qj
>
>
> Thanks,
> Ganesh J
>
>
>
> On Tue, Jul 8, 2014 at 10:44 PM, Nyamul Hassan <nyamul_at_gmail.com> wrote:
>> Ok. Good so far. I saw you opened another email about this. Please
>> keep related discussions in one single thread. We had similar TProxy
>> issues around 7-8 days ago. From your emails, it seems you are
>> running CentOS 6.5, just like we are. The difference is that you are
>> using Squid 3.1 which is available in CentOS yum. We installed the
>> same on our CentOS, and confirmed that Squid 3.1 is working with
>> TProxy. So, I think this is a routing / iptables issue.
>>
>> In that email, you mentioned that Squid is receiving the packets? How
>> are you determining this?
>>
>> Also, can you enable:
>> debug_options ALL,1 89,9 17,3
>> in your squid.conf? This will print a bunch of debug messages in
>> cache.log when you try to browse through proxy.
>>
>> Also, before you start browsing, run this command:
>> tcpdump -n -nn -e -i any dst port 80
>> That should allow you to see some packet header data.
>>
>> Now, try to browse from client, and pastebin the output of both
>> cache.log & tcpdump.
>>
>> Regards
>> HASSAN
>>
>>
>> On Tue, Jul 8, 2014 at 4:54 PM, Info OoDoO <info_at_oodoo.co.in> wrote:
>>> Thanks Hassan,
>>> Yes I have the following settings done.
>>>
>>> Please see the details in the pastebin
>>>
>>> http://pastebin.com/YzKDSV7J --> Find Results.
>>>
>>> http://pastebin.com/XhZYiDxm -->sysctl.conf
>>>
>>> Thanks,
>>> Ganesh J
>>>
>>>
>>> On Tue, Jul 8, 2014 at 2:29 PM, Nyamul Hassan <nyamul_at_gmail.com> wrote:
>>>> tcpdump shows traffic flowing both ways, which is good. We also need
>>>> to have the following settings:
>>>>
>>>> # sysctl.conf
>>>> net.ipv4.ip_forward = 1
>>>> net.ipv4.conf.default.rp_filter = 0
>>>> net.ipv4.conf.all.rp_filter = 0
>>>> net.ipv4.conf.eth0.rp_filter = 0
>>>> net.ipv4.conf.eth1.rp_filter = 0
>>>>
>>>> The last two lines are for my specific system where I have two NICs.
>>>> Feel free to modify on your own. After changing the file running
>>>> "sysctl -p" usually works. To check if it did, please run the
>>>> following commands:
>>>>
>>>> find /proc/sys/net/ipv4/ -iname rp_filter
>>>> find /proc/sys/net/ipv4/ -iname rp_filter -exec cat {} +
>>>>
>>>> The first shows all the rp_filter in your system.
>>>> The second shows if they are indeed set to 0 as needed.
>>>>
>>>> Please do a pastebin for both sysctl.conf and the outputs of the find commands.
>>>>
>>>> Regards
>>>> HASSAN
>>>>
>>>>
>>>> On Tue, Jul 8, 2014 at 2:34 PM, Info OoDoO <info_at_oodoo.co.in> wrote:
>>>>> Thanks Hassan,
>>>>>
>>>>> I have covered all the steps except the WCCP Configuration, Coz i dont
>>>>> use WCCP Router. I tried discovering for Routing loop and was unable
>>>>> to find any, Could you please help me How to Find a Routing loop.
>>>>>
>>>>> Here is my Squid Conf and my TCPdump sample.
>>>>>
>>>>> http://pastebin.com/aJskfywx --> TCPdump
>>>>> http://pastebin.com/b9u24rEC --> Squid Conf
>>>>>
>>>>> Thanks,
>>>>> Ganesh J
>>>>>
>>>>>
>>>>> On Tue, Jul 8, 2014 at 2:55 AM, Nyamul Hassan <nyamul_at_gmail.com> wrote:
>>>>>> Did you check the possibility of a routing loop as described in the
>>>>>> troubleshooting section of the TProxy wiki page? In fact, can you
>>>>>> check that you have covered all the steps mentioned in that section?
>>>>>>
>>>>>> Regards
>>>>>> HASSAN
>>>>>>
>>>>>> On Tue, Jul 8, 2014 at 2:37 AM, Info OoDoO <info_at_oodoo.co.in> wrote:
>>>>>>> Thanks Hassan,
>>>>>>>
>>>>>>> Now the request are passing through Squid but Failing with "110
>>>>>>> Connection Timed Out" Error.
>>>>>>>
>>>>>>> When I use transparent Mode its working fine. Any Idea..!!
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Ganesh J
>>>>>>> Thanks,
>>>>>>> OodoO Fiber,
>>>>>>> +91 8940808080
>>>>>>> www.oodoo.co.in
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 8, 2014 at 1:16 AM, Nyamul Hassan <nyamul_at_gmail.com> wrote:
>>>>>>>> Hi Ganesh,
>>>>>>>>
>>>>>>>> In your "basic data" pastebin, seems like the "ip rule" and "ip route"
>>>>>>>> rules are missing.
>>>>>>>>
>>>>>>>> Please see if running the following commands helps the situation:
>>>>>>>> * echo 100 squidtproxy >> /etc/iproute2/rt_tables
>>>>>>>> * ip rule add fwmark 1 lookup 100
>>>>>>>> * ip route add local default dev lo table 100
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> HASSAN
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jul 8, 2014 at 1:15 AM, Nyamul Hassan <nyamul_at_gmail.com> wrote:
>>>>>>>>> Can you also pastebin your squid.conf?
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> HASSAN
>>>>>>>>>
>>>>>>>>> On Tue, Jul 8, 2014 at 12:53 AM, collect oodoo <collect_at_oodoo.co.in> wrote:
>>>>>>>>>> I have configured squid with the options in the below paste ..
>>>>>>>>>> http://pastebin.com/jFhzd3qj
>>>>>>>>>> I packets are being forwarded from the cache box to internet and i'm
>>>>>>>>>> able to see the Client Public address instaed of squid Box Public
>>>>>>>>>> Address..
>>>>>>>>>> the Issue here is the requests are not being forwarded by or through Squid..
>>>>>>>>>> I'm unable to view any log for the request on access.log.
>>>>>>>>>> If i use the same squid in transparent mode then I'm able to view the
>>>>>>>>>> requests forwarded and logged on access.log but it shows Squid Box
>>>>>>>>>> Public IP address.
>>>>>>>>>> Can some body Help me on this..
>>>>>>>>>> My basic Data of Machine is
>>>>>>>>>>
>>>>>>>>>> http://pastebin.com/TdnhnJtx
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Ganesh J
Received on Tue Jul 08 2014 - 18:18:13 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 09 2014 - 12:00:06 MDT