Hi,
I am trying to setup a transparent proxy with Squid 3.5.12 on Ubuntu Server
16.04.1, but I cannot get it working. When a client tries to connect to the
web, the connection always times out.
Hopefully, someone has an idea what's going.
uname-r:
4.4.0-45-generic
sysct:
net.ipv4.ip_forward=1
On Wed, 2016-08-24 at 19:09 +0500, Garri Djavadyan wrote:
> On Mon, 2016-08-22 at 16:46 +0500, Garri Djavadyan wrote:
> >
> > Hello Squid users,
> >
> > Can anyone explain, why Squid doesn't cache the objects with max-
> > age
> > values below 60 seconds? For example:
> >
> > $ http_proxy="127.0
NOTE: please post in English. translate.google.com can be used if you need.
On 26/10/2016 11:17 a.m., Yurian Gonzalez wrote:
[Google translaton of the original]
> I have a problem with squid3.4: The situation is:
>
> I have a web application that writes into several files for example:
>
> ip_l
On 26/10/2016 2:26 a.m., Heiler Bemerguy wrote:
> These firefox updates takes weeks to be really cached.. it won't cache
> if more than 1 person is trying to download at the same time.. but WHY
> does this happen?
> I've filled a bug report about this *TCP_SWAPFAIL_MISS*, but it seems no
> one is i
On 26/10/2016 5:26 a.m., Eliezer Croitoru wrote:
> Hey Henry,
>
> It's not about RFC at all from my point of view.
> It's very simple to setup the system in a way that will work as you want but
> with Let say Ubuntu 16.04 or Debian 8(latest).
> These are very stable in my environment and if you n
You referred to some assumptions that we might have on a linux system but the
question from my side is:
What for example?
Disk Space?
Libraries?
Etc..
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: s
Some addition:
I activated some squid-debugging, and noticed:
2016/10/25 10:06:36.340 kid1| 84,5| helper.cc(1167) GetFirstAvailable:
GetFirstAvailable: Running servers 1
2016/10/25 10:06:36.340 kid1| helperOpenServers: Starting 10/20
'delay_generate_204.sh' processes
2016/10/25 10:06:36.462 kid1|
On 10/25/2016 01:28 PM, KR wrote:
> How do I reference a virtual hdd partition /dev/sdb1" in squid.conf
> to be used for the rock cache?
You do not reference a partition. You reference a regular file system
directory [on that partition], just like with any other cache_dir type.
Eventually, rock
Greetings,
I'm running Ubuntu inside a VM.
How do I reference a virtual hdd partition /dev/sdb1" in squid.conf to be used
for the rock cache? /hdd1 or /ssd2 do not seem to work.
Thanks,
KR
___
squid-users mailing list
squid-users@lists.squid-cache.o
Tengo un problema con squid3.4:
La situación es:
Tengo una aplicación web que escribe en varios archivos por ejemplo:
ip_lan.txt -> ip de las PC subred LAN
mac_lan.txt -> mac de las PC subred LAN
estos archivos son usados por squid3 para permitir el acceso, de tal
manera que cada vez que la ap
Hey Henry,
It's not about RFC at all from my point of view.
It's very simple to setup the system in a way that will work as you want but
with Let say Ubuntu 16.04 or Debian 8(latest).
These are very stable in my environment and if you need some help with the
design I would be able to assist you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
25.10.2016 21:45, Andrea Venturoli пишет:
> On 10/25/16 16:43, Yuri Voinov wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Wireshark? :)
>
> No good: I don't trust MS not to change them the next day.
You. But you is not the
On 10/25/16 16:43, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Wireshark? :)
No good: I don't trust MS not to change them the next day.
In my environment this not required.
Neither in mine, but some customer insists on using this Skype crap and
while the Windows
Hi Eliezer,
Please list it as "realted software" on the wiki.
On Tue, Oct 25, 2016 at 3:53 PM, Eliezer Croitoru wrote:
> Inspired by Francesco Chemolli delayer at:
> http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/src/acl/external/d
> elayer/ext_delayer_acl.pl.in
>
> I wrote a delaye
Inspired by Francesco Chemolli delayer at:
http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/src/acl/external/d
elayer/ext_delayer_acl.pl.in
I wrote a delayer in golang:
http://wiki.squid-cache.org/EliezerCroitoru/GoLangDelayer
The binaries for the helper are at:
http://ngtech.co.il/squid
I am working on these but it involves a huge CDN and it might not work for
everyone.
Later tonight I will try to see how it goes.
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users [mailto:s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Wireshark? :)
No, I have no IP list. In my environment this not required.
25.10.2016 20:41, Andrea Venturoli пишет:
> On 10/25/16 16:26, Yuri Voinov wrote:
>
>> You LAN settings is too restrictive. AFAIK you require to permit traffic
>> to skype
From what I have seen it relies on p2p network to coordinate the FW port
piercing,
This haven't changed for a very long time to my knowledge.
However it relies heavily on the Skype Infrastructure.
For example if you would want to block skype you will just need to block their
coordination infrast
On 10/25/16 16:26, Yuri Voinov wrote:
You LAN settings is too restrictive. AFAIK you require to permit traffic
to skype servers directly from your clients. Without proxy.
Any hint on how to identify those server?
Any IP list?
bye & Thanks
av.
_
Hey,
As Amos suggested you should use Policy based routing and not DNAT.
The main reason for that is since it's breaking the Interception layer which
squid relies on for fallback scenarios.
I can write the logic for this pretty fast but you should first understand that
your setup is wrong in a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
25.10.2016 20:35, Eliezer Croitoru пишет:
> Hey Nicolas,
>
> I know that it should work but it will request all sort of weird
CONNECT requests to other parties.
> Skype is designed to work as a p2p network and there for might not
work as expected
Hey Nicolas,
I know that it should work but it will request all sort of weird CONNECT
requests to other parties.
Skype is designed to work as a p2p network and there for might not work as
expected in your environment.
I will try myself to test it and see how if and how it works in a very specifi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
You LAN settings is too restrictive. AFAIK you require to permit traffic
to skype servers directly from your clients. Without proxy.
Because of Skype voice traffic is non-HTTP(S). And proxy can't know how
to handle it.
25.10.2016 20:25, Nicolas
Amos, thanks for the tips!
any idea about my skype problem?
regards
On 10/25/2016 08:13 AM, Amos Jeffries wrote:
On 25/10/2016 5:19 a.m., Nicolas Valera wrote:
Hi Yuri, thanks for the answer!
we don't have the squid in transparent mode in this network.
the squid configuration is very basic. h
Hi Eliezer, thanks for the answer!
On 10/24/2016 02:03 PM, Eliezer Croitoru wrote:
Just to understand the scenario:
You have let say 1 client on network 192.168.0.0/24
You have a proxy at 192.168.0.200
The client doesn’t have a gateway in the network IE cannot run dns queries
or pings to the int
These firefox updates takes weeks to be really cached.. it won't cache
if more than 1 person is trying to download at the same time.. but WHY
does this happen?
I've filled a bug report about this *TCP_SWAPFAIL_MISS*, but it seems no
one is interested.. lol RockStore BTW
*acl fullDLext urlpath_
On 25/10/2016 4:48 a.m., erdosain9 wrote:
> By the way...
>
> When i get this error
>
> 2016/10/24 12:13:36 kid1| ipcacheParse: No Address records in response to
> 'client.wns.windows.com'
> 2016/10/24 12:13:36 kid1| ipcacheParse: No Address records in response to
> 'client.wns.windows.com'
> 2
On 25/10/2016 5:19 a.m., Nicolas Valera wrote:
> Hi Yuri, thanks for the answer!
>
> we don't have the squid in transparent mode in this network.
> the squid configuration is very basic. here is the conf:
>
> -
> http_port 12
Would any of you Cisco experts know how to use ABF to route only http to a
Squid server? ☺
https://supportforums.cisco.com/document/145271/abf-acl-based-forwarding-asr9k
We’ve tested intercept on a Mikrotik successfully by marking http traffic and
sending it through to a different rout
On 25/10/2016 6:35 p.m., Garri Djavadyan wrote:
>
> So, HEAD request _can_ be used as a reliable source for object
> revalidation. How the 'can' should it be interpreted? RFC2119 [2] does
> not specifies that.
>
>
> AIUI, that exact case leaves two choices:
>
> * Implement something like 'reval
30 matches
Mail list logo
