| View previous topic :: View next topic |
| Author |
Message |
keschrich
n00b
Joined: 09 Apr 2002
Posts: 69
Location: Branford, CT
|
 Posted: Wed Jul 20, 2005 2:16 pm Post subject: squid caching problems? |
 |
|
I've recently installed squid on a Linux box, using iptables to enable transparent proxy (the squid daemon is located on the same machine as the
firewall)
For the most part, everything works great, with some exceptions. The first problem I noticed was when I access sites using PHP authentication (such as the sites I run using Drupal). If I browse around a little bit before I logon, and then return to a page I'd previously browsed to, it forgets that I logged on. The opposite happens when I logoff. This is really a pain when I'm fooling with access settings.
Next, my parents both have their start pages set to MSN.com, and they complained that MSN stopped working. Sure enough, when I went to the site, I got a page saying "Why does MSN look like this?" (the same page you would get if you viewed www.msn.com with lynx).
The first problem I think may be an inherrent problem with caching, as the same happens at work (we have MS ISA in the office), so there may be nothing that can be done about that. This problem with MSN seems specific to my location however, and is crucial that it be fixed as none of MSN's services work either. I havn't had a chance to check whether the problem exists in a non-transparent setting, but I am assuming it does- I will verify this tonight.
Before I forget:
Gentoo Linux running kernel 2.6.11
iptables 1.2.11
squid 2.5.STABLE10-rc3
iptables rule I was using:
-t nat -A PREROUTING -i eth0 -d ! 192=2E168=2E1=2E0/24 -j DNAT --to-location 192.168.1.1:3128
Thanks a lot!
Ken |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Wed Jul 20, 2005 2:28 pm Post subject: |
|
|
What have you changed from the default Squid configuration ?
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
keschrich
n00b
Joined: 09 Apr 2002
Posts: 69
Location: Branford, CT
|
| Posted: Wed Jul 20, 2005 4:53 pm Post subject: |
|
|
actually, i'm running squid right out of the box.. since the iptables rules that provide the transparent proxy reside on the same server i didn't even bother to change the acl's..
Ken |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Wed Jul 20, 2005 6:28 pm Post subject: |
|
|
Erm.. by default squid does not give you access from outside the box at all, so you might want to at least set up a default ACL that allows traffic from your LAN interface...
Also, read the squid config file carefully - there are a few things you need to know and/or change when you want to run a transparent proxy.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
keschrich
n00b
Joined: 09 Apr 2002
Posts: 69
Location: Branford, CT
|
| Posted: Thu Jul 21, 2005 3:44 am Post subject: |
|
|
I've found only one option in the squid.conf file which says that it needs to be turned on for transparent proxy, namely "httpd_accel_uses_host_header". I will enable that and see if it makes any difference.
Regarding the ACL, as I mentioned before, the squid daemon runs on the same server as the firewall, which contains a rule forwarding all outgoing web connections to port 3128. Thus, there is no need to enable connections to the proxy from anywhere outside the local machine, as the local machine intercepts all requests and then localhost makes the connection to the squid daemon. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
