LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Squid SMP + Tproxy Failure
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-07-2016, 01:20 AM   #1
azu
LQ Newbie
 
Registered: Aug 2016
Posts: 1

Rep: Reputation: Disabled
Squid SMP + Tproxy Failure

Hello everyone,
This config below works perfectly but my clients are getting squid ip address instead of their own public address so i added follow_x_forwarded_for allow localhost in backend.conf according to this post http://www.squid-cache.org/mail-arch...1308/0299.html
then i started getting errors
Code:
Frontend log -> kid1| temporary disabling (Forbidden) digest from localhost
backend log -> 0 :: TCP_DENIED/403 4180 GET http://backend-kid2:4002/squid-internal-periodic/store_digest - HIER_NONE/- text/html
(Client Public ip) -> XXX.XXX.XX.XX TCP_MISS/200 610 GET http://pagead2.googlesyndication.com/activeview? - HIER_DIRECT/216.58.199.162 image/gif
(Client Public ip) -> XXX.XXX.XX.XX TCP_MISS/200 610 GET http://pagead2.googlesyndication.com/activeview? - HIER_DIRECT/216.58.199.162 image/gif
but still clients were getting squid server ipaddress so i tried adding
http_port localhost:300${process_number}
http_port localhost:400${process_number} tproxy in backend.conf & Found this errors
Code:
Backend cache logs ->
kid3| WARNING: Forwarding loop detected for:
GET /mail-archive/squid-users/201301/0339.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://www.google.co.in
Via: 1.1 frontend.example.com (squid/3.5.12), 1.1 backend-kid3 (squid/3.5.12)
X-Forwarded-For: XXX.XXX.XX.XX, ::1
Cache-Control: max-age=259200
Connection: keep-alive
Host: www.squid-cache.org
Backend access logs ->
XXX.XXX.XX.XX TCP_MISS/403 4456 GET http://www.squid-cache.org/mail-archive/squid-users/201211/0049.html - HIER_NONE/- text/html
XXX.XXX.XX.XX TCP_MISS/403 4456 GET http://www.squid-cache.org/mail-archive/squid-users/201301/0339.html - HIER_NONE/- text/html
XXX.XXX.XX.XX TCP_MISS/403 4567 GET http://www.squid-cache.org/mail-archive/squid-users/201211/0049.html - ORIGINAL_DST/::1 text/html
XXX.XXX.XX.XX TCP_MISS/403 4567 GET http://www.squid-cache.org/mail-archive/squid-users/201301/0339.html - ORIGINAL_DST/::1 text/html
Code:
#################squid.conf################
acl localnet src XXX.XXX.XX.XX/24     (Include squid Ip address also)
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
workers 3
if ${process_number} = 1
include /etc/squid/frontend.conf
else
include /etc/squid/backend.conf
endif
http_access allow localnet
http_access deny all
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
#########################################

################frontend.conf##############
http_port 3128
http_port 3129 tproxy
http_access allow manager localhost
http_access deny manager
cache_peer localhost parent 4002 0 carp login=PASS name=backend-kid2 no-tproxy
cache_peer localhost parent 4003 0 carp login=PASS name=backend-kid3 no-tproxy
cache_mem 512 MB
access_log /var/log/squid/frontend.access.log
cache_log /var/log/squid/frontend.cache.log
visible_hostname frontend.example.com
#########################################

################backend.conf##############
http_port localhost:400${process_number}
cache_dir aufs /cache5/squid${process_number} 50000 128 256 min-size=10485760
maximum_object_size 512 MB
cache_mem 4 MB
visible_hostname backend-kid${process_number}
access_log /var/log/squid/backend${process_number}.access.log
cache_log /var/log/squid/backend${process_number}.cache.log
http_access allow localhost
#########################################
Setup Links used:
http://wiki.squid-cache.org/Features/Tproxy4
http://wiki.squid-cache.org/ConfigEx...SmpCarpCluster

Ubuntu Linux 16.04
squid 3.5.12-1 ubuntu7.2 amd64
Bridge mode+Tproxy4

Any help appreciated.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid TPROXY firask317 Linux - Server 4 07-18-2013 12:38 PM
how to enable tproxy mode in squid ?? dr.x Linux - Server 6 02-09-2013 07:09 PM
Tproxy squid issues fahadabdillahi Linux - Server 0 12-17-2010 10:19 AM
Squid, TPROXY and SquidGuard toure32 Linux - Server 3 08-09-2010 09:47 AM
2.6.27.5-smp Generic + Nvidia (*.run) Driver = Failure orbit Slackware 6 11-11-2008 03:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:34 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration