[squid-users] Re: about the squid.....transparent...!!!

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 24 Apr 2002 08:16:04 +0200

So what iptables rules did you install?

The following will print all needed information about what you have set up:

  iptables -t nat -L -v -n
  iptables -t filter -L -v -n
  ip addr

Regards
Henrik

정진웅 wrote:
> I really thank for your answer.
>
> The problem happened because of this iptables transparent setting up.
> If so the resolution is not to exist.
>
> We tried to do the experiment with a current version of the iptables.
> (iptables-1.2.6a version) But there was result the same.
>
> We want the something, We want to know the solution method.
>
>
>
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@marasystems.com]
> Sent: Tuesday, April 23, 2002 11:51 PM
> To: 정진웅
> Cc: Squid Users
> Subject: Re: about the squid.....transparent...!!!
>
> I suspect your iptables ruleset is disturbing Squid when Squid tries to
> talk to it's redirectors on the loop back interface (127.0.0.1). Quite
> likely also disturbs Squid when Squid tries to fetch the content.
>
> Or your redirect_program is not working correctly.
>
> Regards
> Henrik
>
> Á¤Áø¿õ wrote:
> > First we give thanks at the reply.
> >
> > To solve short yeongujiman problem. We write the text in this way.
> >
> > >We need a little more information on your problem to be able to help
> >
> > you.
> >
> > squid version 2.4STABLES
> > iptables version 1.2.5-3
> >
> > >1. What error do you experience?
> >
> > A web contents is not opened to the be normal when use the
> > transparent facility.
> > The access.log is piled up so that it is simple ( or not
> > piled up )
> > And then, cache.log was continuously updated ( like the
> > below file - cache.log )
> > Squid processor is continuously restart.
> >
> > >2. Is it specific to accessing some sites, or all?
> >
> > We are applied to all site.
> >
> > >3. How have you configured Squid?
> >
> > See the below file - /etc/squid/squid.conf
> >
> > >4. Is there any relevant information in cache.log or access.log?
> >
> > # vi /var/log/squid/cache.log
> >
> > 2002/04/23 18:09:05| WARNING: redirector #1 (FD 21) exited
> > 2002/04/23 18:09:06| WARNING: redirector #2 (FD 22) exited
> > 2002/04/23 18:09:06| WARNING: redirector #3 (FD 23) exited
> > 2002/04/23 18:09:06| WARNING: redirector #4 (FD 24) exited
> > 2002/04/23 18:09:06| storeDirWriteCleanLogs: Starting...
> > 2002/04/23 18:09:06| WARNING: Closing open FD 31
> > 2002/04/23 18:09:06| Finished. Wrote 84 entries.
> > 2002/04/23 18:09:06| Took 0.0 seconds (65015.5 entries/sec).
> > FATAL: Too few redirector processes are running
> > Squid Cache : Terminated abnormally.
> > CPU Usage: 0.120 seconds = 0.010 user + 0.110 sys
> > Maximum Resident Size: 0 KB
> > Page faults with physical i/o: 339
> > Memory usage for squid via mallinfo():
> > total space in arena: 2378 KB
> > Ordinary blocks: 2358 KB 3 blks
> > Small blocks: 0 KB 0 blks
> > Holding blocks: 176 KB 1 blks
> > Free Small blocks: 0 KB
> > Free Ordinary blocks: 20 KB
> > Total in use: 2534 KB 107%
> > Total free: 20 KB 1%
> > 2002/04/23 18:09:09| Starting Squid Cache for i686-pc-linux-gnu.
> > ..
> > 2002/04/23 18:09:09| Process ID 16930
> > 2002/04/23 18:09:09| With 1024 file descriptors available
> > 2002/04/23 18:09:09| helperOpenServers: Starting 16 'diskd' processes
> > 2002/04/23 18:09:09| helperOpenServers: Starting 5 'squidguardl'
> > processes
> > 2002/04/23 18:09:09| Unlinkd pipe opened on FD 29
> > 2002/04/23 18:09:09| Swap maxSize 102400 KB, estimated 7876 objects
> > 2002/04/23 18:09:09| Target number of buckets: 393
> > 2002/04/23 18:09:09| Using 8192 Store buckets
> > 2002/04/23 18:09:09| Max Mem size: 16384 KB
> > 2002/04/23 18:09:09| Max Swap size: 102400 KB
> > 2002/04/23 18:09:09| Rebuilding storage in /var/spool/squid (CLEAN)
> > 2002/04/23 18:09:09| Using Least Load store dir selection
> > 2002/04/23 18:09:09| Set Current Directory to /var/spool/squid
> > 2002/04/23 18:09:09| Loaded Icons.
> > 2002/04/23 18:09:09| Accepting HTTP connections at 0.0.0.0, port 8080,
> > FD 31.
> > 2002/04/23 18:09:09| Accepting ICP messages at 0.0.0.0, port 3130, FD
> > 32.
> > 2002/04/23 18:09:09| Accepting SNMP messages on port 3401, FD 33.
> > 2002/04/23 18:09:09| WCCP Disabled.
> > 2002/04/23 18:09:09| Ready to serve requests.
> > 2002/04/23 18:09:09| Done reading /var/spool/squid swaplog (84 entries)
> > 2002/04/23 18:09:09| Finished rebuilding storage from disk.
> > 2002/04/23 18:09:09| 84 Entries scanned
> > 2002/04/23 18:09:09| 0 Invalid entries.
> > 2002/04/23 18:09:09| 0 With invalid flags.
> > 2002/04/23 18:09:09| 84 Objects loaded.
> > 2002/04/23 18:09:09| 0 Objects expired.
> > 2002/04/23 18:09:09| 0 Objects cancelled.
> > 2002/04/23 18:09:09| 0 Duplicate URLs purged.
> > 2002/04/23 18:09:09| 0 Swapfile clashes avoided.
> > 2002/04/23 18:09:09| Took 0.4 seconds ( 204.7 objects/sec).
> > 2002/04/23 18:09:09| Beginning Validation Procedure
> > 2002/04/23 18:09:09| Completed Validation Procedure
> > 2002/04/23 18:09:09| Validated 84 Entries
> > 2002/04/23 18:09:09| store_swap_size = 984k
> > 2002/04/23 18:09:10| storeLateRelease: released 0 objects
> >
> >
> >
> > vi /etc/squid/squid.conf
> >
> > hierarchy_stoplist cgi-bin ?
> > acl QUERY urlpath_regex cgi-bin \?
> > no_cache deny QUERY
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl SSL_ports port 443 563
> > acl Safe_ports port 80 # http
> > acl Safe_ports port 21 # ftp
> > acl Safe_ports port 443 563 # https, snews
> > acl Safe_ports port 70 # gopher
> > acl Safe_ports port 210 # wais
> > acl Safe_ports port 1025-65535 # unregistered ports
> > acl Safe_ports port 280 # http-mgmt
> > acl Safe_ports port 488 # gss-http
> > acl Safe_ports port 591 # filemaker
> > acl Safe_ports port 777 # multiling http
> > acl CONNECT method CONNECT
> > http_access allow manager localhost
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow localhost
> > #http_access deny all
> > http_access allow all
> > icp_access allow all
> > http_port 8080
> > httpd_accel_host virtual
> > httpd_accel_port 80
> > httpd_accel_with_proxy on
> > httpd_accel_uses_host_header on
> >
> > On Monday 22 April 2002 03:09, A¢´A©ª¢¯o wrote:
> > > Hello.
> > > There is many suffering in sultry weather.
> > > Different no.
> > > We discovered the bug while we are using the squid.
> > >
> > >
> > > Bug : 2.4STABLES Version.
> > > The error happens when it uses a transparent facility.
> > >
> > >
> > > The solution plan :
> > >
> > > We sent the while day with much time but we could not
> > > find the plan to solve.
> > > Therefore we send the mail in this way.
> > > To solve the problem, We send the text in this way
> >
> > though
> >
> > > we are short Engilsh.
> > >
> > >
> > >
> > >
> > >
> > >
> > > The scenario.
> > >
> > > To apply a transparent facility to the privatel network.
> > > We added a next's content to a next's file.
> > >
> > >
> > > 1. /etc/squid/squid.conf
> > >
> > > ...
> > > http_port 8080
> > > httpd_accel_host virtual
> > > httpd_accel_port 80
> > > httpd_accel_with_proxy on
> > > httpd_accel_uses_host_header on
> > > ...
> > >
> > > 2. We made a "C" class private network
> > >
> > > # ifconfig
> > >
> > > eth0
> > >
> > > eth1
> > > inet addr:192.168.10.1 Bcast:192.168.34.255
> > > Mask:255.255.255.0
> > > UP BROADCAST RUNNING MULTICAST MTU:1500
> > > Metric:1
> > >
> > >
> > >
> > >
> > > 3. We used an iptables command.
> > >
> > > iptalbes -t nat -A PREROUTING -p tcp -d !
> > > squid-servier- IP --dport 80 -j REDIRECT --to-port 8080
> > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > >
> > >
> > > A problem occurrence .
> > >
> > > Computers can not use Internet properly in private
> > > network. We could use the squid without the inconvenience when we
> > > do not use this facility.
> > > This problem thinks that we are a squid bug.
> > > We want to know the method to solve this problem.
Received on Wed Apr 24 2002 - 00:16:17 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:39 MST