Re: [squid-users] squid tproxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 24 Sep 2011 17:33:15 +1200

 On Fri, 23 Sep 2011 16:49:24 +0530, benjamin fernandis wrote:
> Hi All,
>
> I am trying to deploy squid with existing network for cache gain and
> tproxy feature.I configured squid properly there is no error.I can
> see
> traffic in access.log and iptables tproxy rule but at end users end
> they are getting squid error page with request time out.
>
> What could be the mistake behind this problem.?
>
> Is there anything remaining in squid?

 It has recently been brought to my attentino that the rp_filter system
 underwent a re-designe in kernel 2.6.32 and what we had in the wiki is
 doing the opposite (strict blocking) of what we wanted (loose checks
 default, none on the interface). Check your rp_filter values they should
 be "2" now where previously we were advising "1", and "0" on the
 interface where TPROXY is happening.

>
> reference : http://wiki.squid-cache.org/Features/Tproxy4
>
>
> squid version: 3.1.15
> os : fedora 15
>
>
> Squid in network:
>
> ROUTER ------------> PBR CONFIGURATION ( FOR port 80 traffic
> pass to squid from bandwith shapper , for port 80 traffic pass
> internet to squid)
> |
> |
> SWITCH
> | |
> | | -----SQUID BOX
> |
> BANDWITH
> SHAPPER
> |
> |
> END USERS
>
>
>
> Kindly guide me to solve this abnormal problem.
>
>
> Thanks,
> Benjamin
Received on Sat Sep 24 2011 - 05:33:19 MDT

This archive was generated by hypermail 2.2.0 : Sun Sep 25 2011 - 12:00:02 MDT