On 10.0.0.24
root@ISN-PHC-CACHE:/home/support # netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address(state)
tcp4 0 52 10.0.0.24.22 96.255.8.226.50911
ESTABLISHED
tcp4 0 0 *.3129
And dont forget that cache must be warmed up first, before it can cause
increase HIT-ratio.
14.03.15 6:45, Alberto Perez пишет:
Thanks a lot Yuri,
I made some merge with my config and some of this options, I will see
now how HIT rate it goes, my squid run so limited of bandwidth that I
need t
Thanks a lot Yuri,
I made some merge with my config and some of this options, I will see now
how HIT rate it goes, my squid run so limited of bandwidth that I need to
be as much aggressive as I can caching the content.
Thanks again for sharing, very appreciated
Alberto
On Fri, Mar 13, 2015 at 4:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is know-how to himself. ;)
To be serious,
you must carefully play with refresh_pattern(s), and some squid.conf
parameters (and also with store ID feature) to get higher HIT ratio.
Just for example (this is NOT complete config! No responsibility
Can you share more details about "Agressive dynamic content caching
requires some special tweaks" I am very interested.
Thanks
On 3/13/15, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
>
> 13.03.15 23:33, Amos Jeffries пишет:
>> On 14/03/2015 5:47 a.m., Monah Baki wr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
13.03.15 23:33, Amos Jeffries пишет:
> On 14/03/2015 5:47 a.m., Monah Baki wrote:
>
>
>
>> half_closed_clients off quick_abort_min 0 KB quick_abort_max 0
>> KB vary_ignore_expire on reload_into_ims on memory_pools off
>> cache_mem 4096 MB visible
On 14/03/2015 5:47 a.m., Monah Baki wrote:
> half_closed_clients off
> quick_abort_min 0 KB
> quick_abort_max 0 KB
> vary_ignore_expire on
> reload_into_ims on
> memory_pools off
> cache_mem 4096 MB
> visible_hostname isn-phc-cache
> minimum_object_size 0 bytes
> maximum_object_size 512 MB
> ma
It's working now, all I did is rem'd the following:
# half_closed_clients off
# quick_abort_min 0 KB
# quick_abort_max 0 KB
# vary_ignore_expire on
# reload_into_ims on
# memory_pools off
# cache_mem 4096 MB
# # memory_cache_shared on
visible_hostname isn-phc-cache
minimum_object_size 0 bytes
maxi
On 14/03/2015 6:15 a.m., Antony Stone wrote:
> On Friday 13 March 2015 at 17:47:44 (EU time), Monah Baki wrote:
>>
>> http_access allow localhost manager
>> http_access deny manager
>>
>> #http_access deny to_localhost
>>
>> http_access allow localnet
>> http_access allow localhost
>
> You've got
On Friday 13 March 2015 at 17:47:44 (EU time), Monah Baki wrote:
> acl localnet src 10.0.0.0/8# RFC1918 possible internal network
> acl localnet src 172.16.0.0/12# RFC1918 possible internal network
> acl localnet src 192.168.0.0/16# RFC1918 possible internal network
> acl localnet src
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
acl localnet src 172.16.0.0/12# RFC1918 possi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
13.03.15 21:58, Monah Baki пишет:
> Hi All,
>
> Installed squid on CentOS 6.6 and it's working, but mY access.log
> shows all TCP_MISS and no TCP_HIT. The following config:
>
> squid.conf # Squid normally listens to port 3128 http_port 3128
> http
Hi All,
Installed squid on CentOS 6.6 and it's working, but mY access.log shows all
TCP_MISS and no TCP_HIT. The following config:
squid.conf
# Squid normally listens to port 3128
http_port 3128
http_port 3129 intercept
iptables
# Generated by iptables-save v1.4.7 on Fri Mar 13 16:04:02 2015
I forgot to paste my pf.conf
# rdr pass inet proto tcp from 10.0.0.9/32 to any port 80 -> 10.0.0.24 port
3128
# nat on bge0 inet from any to port 80 -> bge0
rdr pass inet proto tcp from 10.0.0.23 to any port 80 -> 10.0.0.24 port 3129
# pass on bge0 inet proto tcp from bge0 to bge0 port 3128
# blo
Thanks Amos and everyone who helped me,
Will revert to client to check his Cisco device, I been banging my head for
days now troubleshooting the proxy.
He's running an old cisco hardware and IOS too.
On Sat, Mar 7, 2015 at 8:24 AM, Amos Jeffries wrote:
> On 8/03/2015 1:09 a.m., Monah Baki wro
On 8/03/2015 1:09 a.m., Monah Baki wrote:
> Forgot to paste my test.
>
> Basically from my squid server:
> root@ISN-PHC-CACHE:/cache/squid/bin # ./squidclient -h www.cnn.com -H
> 'Host: www.cnn.com\n' -p 80
> HTTP/1.1 302 Found
> Server: Varnish
> Retry-After: 0
> Content-Length: 0
> Location: htt
Forgot to paste my test.
Basically from my squid server:
root@ISN-PHC-CACHE:/cache/squid/bin # ./squidclient -h www.cnn.com -H
'Host: www.cnn.com\n' -p 80
HTTP/1.1 302 Found
Server: Varnish
Retry-After: 0
Content-Length: 0
Location: http://edition.cnn.com80
Accept-Ranges: bytes
Date: Sat, 07 Mar 2
Hi Amos,
Thanks for the assist. So basically from my end, the squid proxy which I am
responsible for, I shouldn't concentrate on changing any of it's
configuration, but instead tell them to try to solve on their end?
If yes, what are we looking at, their router setup?
Thanks
On Fri, Mar 6, 2015
On 6/03/2015 1:19 a.m., Monah Baki wrote:
> Hi all, can anyone verify if this is correct, need to make ure that users
> will be able to access the internet via the squid.
>
> Running FreeBSD with a single interface with Squid-3.5.2
>
> Policy based routing on Cisco with the following:
>
>
> int
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep.
I don't see any inconsistencies.
06.03.15 0:14, Monah Baki пишет:
> So from my proxy server, everything looks good?
>
>
>
> On Thu, Mar 5, 2015 at 1:12 PM, Yuri Voinov
> wrote:
>
> Looks good too.
>
> Damn.
>
> Will think.
>
> Need to ru
So from my proxy server, everything looks good?
On Thu, Mar 5, 2015 at 1:12 PM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Looks good too.
>
> Damn.
>
> Will think.
>
> Need to run some external checks.
>
> 06.03.15 0:10, Monah Baki пишет:
> > root@ISN-PHC-CACHE:/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Looks good too.
Damn.
Will think.
Need to run some external checks.
06.03.15 0:10, Monah Baki пишет:
> root@ISN-PHC-CACHE:/home/support # pfctl -s nat No ALTQ support in
> kernel ALTQ related functions disabled rdr pass inet proto tcp from
> 10.0.0
root@ISN-PHC-CACHE:/home/support # pfctl -s nat
No ALTQ support in kernel
ALTQ related functions disabled
rdr pass inet proto tcp from 10.0.0.0/8 to any port = http -> 10.0.0.24
port 3129
On Thu, Mar 5, 2015 at 1:08 PM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can you run pfctl -s nat state on proxy box?
06.03.15 0:05, Monah Baki пишет:
> Ok let me ask the client tomorrow to run telnet 10.0.0.24 80 from
> a workstation
>
> Thanks for he help Yuri
>
> On Thu, Mar 5, 2015 at 1:02 PM, Yuri Voinov
> wrote:
>
Ok let me ask the client tomorrow to run telnet 10.0.0.24 80 from a
workstation
Thanks for he help Yuri
On Thu, Mar 5, 2015 at 1:02 PM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Sorry, I'm wrong. Netstat on host can't show redirected listeners.
>
> Need to check i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry, I'm wrong. Netstat on host can't show redirected listeners.
Need to check it externally.
05.03.15 23:59, Monah Baki пишет:
> On 10.0.0.24
>
> root@ISN-PHC-CACHE:/home/support # netstat -an Active Internet
> connections (including servers) Pro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good.
I don't see any 80 port listens.
This is root of problem.
PF does not work.
05.03.15 23:59, Monah Baki пишет:
> On 10.0.0.24
>
> root@ISN-PHC-CACHE:/home/support # netstat -an Active Internet
> connections (including servers) Proto Recv-Q Se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- From your PC run telnet 10.0.0.24 80. You've seen if TCP socket opens.
05.03.15 23:10, Monah Baki пишет:
> How can I confirm, I have access only to the BSD box
>
> Thanks
>
> On Thu, Mar 5, 2015 at 11:12 AM, Yuri Voinov
> wrote:
>
> Does 80 port
How can I confirm, I have access only to the BSD box
Thanks
On Thu, Mar 5, 2015 at 11:12 AM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Does 80 port outside BSD-box listens?
>
> 05.03.15 21:25, Monah Baki пишет:
> > root@ISN-PHC-CACHE:/cache/squid/bin # tcpdump -n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Does 80 port outside BSD-box listens?
05.03.15 21:25, Monah Baki пишет:
> root@ISN-PHC-CACHE:/cache/squid/bin # tcpdump -n -e -ttt -i pflog0
> tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose
> output suppressed, use -v or -vv for
root@ISN-PHC-CACHE:/cache/squid/bin # tcpdump -n -e -ttt -i pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size
65535 bytes
capability mode sandbo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hm. No.
We not checked only OS.
Does your BSD really loads PF module?
05.03.15 21:16, Monah Baki пишет:
> Not sure why the client is running old hard/soft ware, could it be
> cause of the hardware? Is FreeBSD an issue, should I switch to
> linux?
>
Not sure why the client is running old hard/soft ware, could it be cause of
the hardware? Is FreeBSD an issue, should I switch to linux?
On Thu, Mar 5, 2015 at 10:14 AM, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Wow, 7600!
>
> But why is so antique iOS?! Current is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wow, 7600!
But why is so antique iOS?! Current is 15.4
05.03.15 21:09, Monah Baki пишет:
> PORT STATE SERVICE VERSION 23/tcp open telnet Cisco IOS
> telnetd MAC Address: 88:5A:92:63:77:81 (Cisco) Device type: router
> Running: Cisco IOS 12.X OS
PORT STATE SERVICE VERSION
23/tcp open telnet Cisco IOS telnetd
MAC Address: 88:5A:92:63:77:81 (Cisco)
Device type: router
Running: Cisco IOS 12.X
OS CPE: cpe:/h:cisco:7600_router cpe:/o:cisco:ios:12.2
OS details: Cisco 7600 router (IOS 12.2)
Network Distance: 1 hop
TCP Sequence Prediction: Dif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
10.0.0.23 is your host? And 10.0.0.24 is proxy box?
05.03.15 20:15, Monah Baki пишет:
> '--prefix=/cache/squid' '--enable-follow-x-forwarded-for'
> '--with-large-files' '--enable-ssl' '--disable-ipv6'
> '--enable-esi' '--enable-kill-parent-hack' '--e
'--prefix=/cache/squid' '--enable-follow-x-forwarded-for'
'--with-large-files' '--enable-ssl' '--disable-ipv6' '--enable-esi'
'--enable-kill-parent-hack' '--enable-snmp' '--with-pthreads'
'--with-filedescriptors=65535' '--enable-cachemgr-hostname=hostname'
'--enable-storeio=ufs,aufs,diskd,rock' '-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This looking good too.
Stupid question:
With witch interception option squid builed?
I.e, squid -v?
05.03.15 18:19, Monah Baki пишет:
> Hi all, can anyone verify if this is correct, need to make ure that
> users will be able to access the internet
>> port 80 -> 10.0.0.24 port 3129
> >>>>
> >>>> Which port configured in Squid as intercept?
> >>>>
> >>>> 3129?
> >>>>
> >>>> and 3128 is forwarding?
> >>>>
> >>>> 05.03.15 1
uot;
> > from the squid when he tries www.cnn.com
> >
> > Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G
> > LTE network. Original Message From: Yuri Voinov Sent: Thursday,
> > March 5, 2015 8:22 AM To: squid-users@lists.squid-cache.org
>
>>>> 3129?
>>>>
>>>> and 3128 is forwarding?
>>>>
>>>> 05.03.15 19:36, monahb...@gmail.com пишет:
>>>>>>> Yes that's what I followed and user is getting a
>>>>>>> "access denied" from the
and 3128 is forwarding?
> >
> > 05.03.15 19:36, monahb...@gmail.com пишет:
> >>>> Yes that's what I followed and user is getting a "access
> >>>> denied" from the squid when he tries www.cnn.com
> >>>>
> >>>>
LTE network. Original Message From: Yuri Voinov Sent:
>>>> Thursday, March 5, 2015 8:22 AM To:
>>>> squid-users@lists.squid-cache.org Subject: Re: [squid-users]
>>>> squid intercept config
>>>>
>>>>
> http://wiki.squid-cache.org/Config
> March 5, 2015 8:22 AM To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] squid intercept config
>
> http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute
>
>
http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf
>
> 05.03.15 1
ers@lists.squid-cache.org
Subject: Re: [squid-users] squid intercept config
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute
http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf
05.03.15 18:19, Monah Baki пишет:
> Hi all,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute
http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf
05.03.15 18:19, Monah Baki пишет:
> Hi all, can anyone verify if this is correct, need to make ure that
> users wi
Hi all, can anyone verify if this is correct, need to make ure that users
will be able to access the internet via the squid.
Running FreeBSD with a single interface with Squid-3.5.2
Policy based routing on Cisco with the following:
interface GigabitEthernet0/0/1.1
encapsulation dot1Q 1 native
47 matches
Mail list logo
