Hello Henrik,
I reinstalled the Squid yesterday.
Now, when I set the browser to use proxy, it works and chaches
the pages fine. But, when I put the rules to forward the packets
from port 80 to port 3128 it stop caching.
Executing ipfw show I can see that the packets are matching the
rule and the navegation works.
I think the squid could not be treating the packet that backs
to the client.
My ipfw has the follow rules:
=============================
add pass all from any to any via lo0
add deny all from any to 127.0.0.0/8
add deny all from 127.0.0.0/8 to any
#
add pass tcp from <My_Net1>/24 to any 3128 in via xl0
add pass tcp from <My_Net2>/24 to any 3128 in via xl0
add deny tcp from any to me 3128 via xl0
#
add allow all from me to any
add fwd 127.0.0.1,3128 tcp from <My_Net1>/24 to any 80 via xl0
add fwd 127.0.0.1,3128 tcp from <My_Net2>/24 to any 80 via xl0
#
add pass tcp from any to any established
#
add pass udp from any to any 53
add pass udp from any 53 to any
#
add deny tcp from any to any 135-139,1243,2583,5742,12345,12346,27374,31337 in
add deny udp from any to any 135-139,1243,2583,5742,12345,12346,27374,31337 in
add deny tcp from any to any 20034 in
add deny udp from any to any 20034 in
#
add deny log tcp from any to me in via xl0
add deny log udp from any to me in via xl0
#
add pass ip from any to any
Where xl0 is the interface with public IP and xl1 is the internet
without any IP address (just for bridge)
I'm using FreeBSD-4.6-PRERELEASE and Squid-2.4-STABLE6 compiled
with options:
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
--localstatedir=${PREFIX}/squid \
--enable-storeio="ufs diskd null" \
--enable-removal-policies="lru heap" \
The last lines in access.log with browser seted to use proxy is:
media/xbox_nba_245x30.gif - DIRECT/129.33.0.40 image/gif
1021583011.422 301 200.215.110.4 TCP_MISS/200 778 GET http://origin.nba.com/media/gotmilk_header_logo.gif - DIRECT/129.33.0.40 image/gif
1021583011.550 316 200.215.110.4 TCP_MISS/200 1549 GET http://origin.nba.com/media/sportsline_header_logo.gif - DIRECT/129.33.0.40 image/gif
1021583011.605 1087 200.215.110.4 TCP_MISS/200 1881 GET http://stats.surfaid.ihost.com/sacdc.js - DIRECT/129.42.30.230 application/x-javascript
1021583012.173 568 200.215.110.4 TCP_MISS/302 582 GET http://stats.surfaid.ihost.com/rc/images/uc.GIF? - DIRECT/129.42.30.230 text/html
1021583012.735 560 200.215.110.4 TCP_MISS/200 424 GET http://stats.surfaid.ihost.com/images/uc.GIF - DIRECT/129.42.31.230 image/gif
The laste lines in cache.log after I start squid is:
2002/05/17 09:25:36| Starting Squid Cache version 2.4.STABLE6 for i386-portbld-freebsd4.6...
2002/05/17 09:25:36| Process ID 34430
2002/05/17 09:25:36| With 7408 file descriptors available
2002/05/17 09:25:36| Performing DNS Tests...
2002/05/17 09:25:36| Successful DNS name lookup tests...
2002/05/17 09:25:36| DNS Socket created on FD 4
2002/05/17 09:25:36| Adding nameserver 200.215.110.5 from /etc/resolv.conf
2002/05/17 09:25:36| Adding nameserver 200.215.110.18 from /etc/resolv.conf
2002/05/17 09:25:36| Unlinkd pipe opened on FD 9
2002/05/17 09:25:36| Swap maxSize 8192000 KB, estimated 630153 objects
2002/05/17 09:25:36| Target number of buckets: 31507
2002/05/17 09:25:36| Using 32768 Store buckets
2002/05/17 09:25:36| Max Mem size: 16384 KB
2002/05/17 09:25:36| Max Swap size: 8192000 KB
The server is working as bridge with two ethernet interfaces where
only has a public IP just for maintenance.
In ipfw, when forward packets is done to localhost, ipfw doesn't
change the origin IP, so the packets are supposed to back with the
header unchanged.
Do you know where is my error?
Thank's a lot,
Ronan
On Fri, 17 May 2002 09:04:07 +0200
"Squid Support (Henrik Nordstrom)" <hno@marasystems.com> wrote:
> What do you get in access.log?
>
> Anything of relevance in cache.log?
>
> Regards
> Henrik
>
>
> On Thursday 16 May 2002 13:48, Ronan Lucio wrote:
> > Hi All,
> >
> > I sent this messages some time ago and I didn't receive any
> > answer. I known it's a difficult trouble but does anybody
> > know what can do the squid not cache?
> >
> > []
> > Ronan
> >
> > On Wed, 15 May 2002 08:45:08 -0300
> >
> > Ronan Lucio <ronanl@melim.com.br> wrote:
> > > Hi friends,
> > >
> > > I'm sorry if this question had already answered in this mailing
> > > list, but I didn't find any answer in the list history... :-/
> > >
> > > I have installed squid as transparent proxy in my net.
> > > Everething seems working fine but yesterday I saw that
> > > the cache dir isn't growing.
> > >
> > > Squid seems working fine but not caching the pages.
> > >
> > >
> > > I use FreeBSD-4.6-PRERELEASE and I have compiled the kernet with
> > > the options:
> > >
> > > options MSGMNB=8192 # max # of byte in a queue
> > > options MSGMNI=40 # numbers of message queue
> > > identifiers options MSGSEG=512 # number of message
> > > segments per queue options MSGSSZ=64 # size of a
> > > message segment options MSGTQL=2048 # max messages in
> > > system
> > >
> > > options SHMSEG=16 # max shared mem id's per process
> > > options SHMMNI=32 # max shared mem id's per system
> > > options SHMMAX=2097152 # max shared memory segment size
> > > (bytes) options SHMALL=4096 # max amount of shared
> > > memory (pages)
> > >
> > >
> > > I installed squid via FreeBSD ports that compiled with
> > > paremeters:
> > >
> > > CONFIGURE_ARGS= --bindir=${PREFIX}/sbin
> > > --sysconfdir=${PREFIX}/etc/squid \
> > > --localstatedir=${PREFIX}/squid \
> > > --enable-storeio="ufs diskd null" \
> > > --enable-removal-policies="lru heap" \
> > >
> > >
> > > In ipfw I added the lines below:
> > >
> > > add allow all from <MyServer_IP> to any
> > > add fwd 127.0.0.1,3128 tcp from <MyNet_IP>/24 to any 80 via xl0
> > >
> > > If I execute a ipfw show, the amount of packets that passed
> > > through this rules seems working fine.
> > >
> > >
> > > My squid.conf has the lines below:
> > >
> > > icp_port 0
> > > hierarchy_stoplist cgi-bin ?
> > > acl QUERY urlpath_regex cgi-bin \?
> > > no_cache deny QUERY
> > > cache_mem 64 MB
> > > maximum_object_size 8192 KB
> > > cache_dir diskd /cache 8000 16 256 Q1=64 Q2=72
> > > quick_abort_min 128 KB
> > > quick_abort_max 128 KB
> > > quick_abort_pct 50
> > > acl all src 0.0.0.0/0.0.0.0
> > > acl manager proto cache_object
> > > acl localhost src 127.0.0.1/255.255.255.255
> > > acl SSL_ports port 443 563
> > > acl Safe_ports port 80 # http
> > > acl Safe_ports port 21 # ftp
> > > acl Safe_ports port 443 563 # https, snews
> > > acl Safe_ports port 70 # gopher
> > > acl Safe_ports port 210 # wais
> > > acl Safe_ports port 1025-65535 # unregistered ports
> > > acl Safe_ports port 280 # http-mgmt
> > > acl Safe_ports port 488 # gss-http
> > > acl Safe_ports port 591 # filemaker
> > > acl Safe_ports port 777 # multiling http
> > > acl CONNECT method CONNECT
> > >
> > > acl MyIPs src 200.215.110.0/255.255.255.0
> > > http_access allow MyIPs
> > > http_access deny all
> > >
> > > acl PURGE method purge
> > > http_access allow purge localhost
> > > http_access deny purge
> > >
> > > acl non_anonymous_ftp url_regex -i ftp://[^/@]*@
> > > http_access deny non_anonymous_ftp
> > >
> > > http_access allow manager localhost
> > > http_access deny manager
> > > http_access deny !Safe_ports
> > > http_access deny CONNECT !SSL_ports
> > > http_access deny all
> > >
> > > icp_access allow all
> > > cache_mgr root@melim.com.br
> > > httpd_accel_host virtual
> > > httpd_accel_with_proxy on
> > > httpd_accel_uses_host_header on
> > > append_domain .melim.com.br
> > > log_icp_queries off
> > > buffered_logs on
> > >
> > >
> > > Does anybody know what am I doing wrong?
> > >
> > > Thank's
> > > Ronan
>
> --
> MARA Systems AB, Giving you basic free Squid support
> Your source of advanced web reverse proxying solutions
> http://www.marasystems.com/products/
>
Received on Fri May 17 2002 - 06:33:58 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:09 MST