Search squid archive
Re: Re: transparent (intercepting?) without wccp, options?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 7/3/2012 5:05 AM, Ezequiel Birman wrote:
you need also bind because the clients will query the server and not squid.. squid has an internal dns cache."Eliezer" == Eliezer Croitoru <eliezer@xxxxxxxxxxxx> writes:> hey there Ezequiel, the Cisco RV042 is a nice product but.. 100 > users on this device might not be the problem. i think that the > main problem is the wan connections them-self. if it's a cable > line with 6 and 3 Mbps bandwidth is the problem and not routing. > 100 users means that each user gets about 9 Kbps if will be > divided equally. in the case that most of your bandwidth usage is > http the squid can help you. i would first make a basic analysis > of the network traffic and make sure what is consuming the speed. > instead of doing some tricks and replacing the RV02 i would start > with linux bridge between the switch and the RV042. I think you are right, and since upload speeds are even slower that must be the culprit. > you can use this box to analyze the network traffic and with just > 2 nics. also you can block p2p using ipp2p iptables module and > use squid+trpoxy to serv cache content. > i have used this setup with ubuntu before and it made the effect!. > today ubuntu 12.04 LTS will give you everything you need. if you > want you can add snmp and other tools for graphing and other > stuff.. > with squid as bridge you do not need to bother yourself with the > wan settings\load balancing and setting the linux box as dhcp or > routing stuff. what i would recommend for you in this kind of > setup is to make the squid box as dns server(cache and forward > dns). From what I gather, squid is capable of caching DNS right? or will I need bind too?
this is a good way to start but it wont be a transparent proxy but a "nat" proxy but it can be good for your needs as anyway you have nat in the RV042.> using this setup you can test settings very easily on part of the > clients or test computer. > for network usage analysis you can use ntop, it also gives p2p and > other protocols detection. I am trying it right now, nice! > so the setup i propose is not from your list: > 5) wan1---+--------+ +------------+ | > RV042 |---|squid\bridge|--switch-+--[lan clients] > wan2---+--------+ +------------+ > - RV042 = LB and wan gatway. - squid = brdige + NTOP + p2p > block\throttling + http cache Thanks, I am giving it a try. I'll start by following http://wiki.squid-cache.org/ConfigExamples/Intercept/DebianWithRedirectorAndReporting
tproxy will ggive you the benefit of some graphing tools with a more accurate vision on your clients requests.which seems similar to what i am trying to achive. If I am mistaken, please let me know. and also most of http://wiki.squid-cache.org/Features/Tproxy4
update me Regards, Eliezer
> things you should consider about pfsense and ClearOS: - they do > have nice web interface but lack updated software. - they take up > from your machine more then you need. - they leave you in the big > cloud of "what to h### happen when i did apply???" > about accessing the squid in this setup the box is behind nat so > it's ok and if you will every decide that you want the squid to > take over the RV042 LB and dhcp you can just use iptables to block > access to squid port or bind squid only to local net port and > of-course the basic way of acls to allow only local users access. > about content filtering: i prefer to use squidguard and not > danshguardian. there always the option of using some icap server > such as qlprpxy. > about cache: i have composed a nice method to cache youtube and > some other dynamic content video sites using icap and squid. (now > working on embedding filtering in my icap server based on public > blacklists.) May be I'll try that after basic http :) > it's a nice project you have there. > i will be happy to talk with you about it. > Regards, Eliezer > -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for > Nonprofit organizations eliezer <at> ngtech.co.il Thanks for sharing your insights.
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il
[Linux Audio Users] [Photo] [Yosemite News] [Samba] [Video Projectors] [Video Devices] [Big List of Linux Books] [LCD TVs] [Webcams] [Linux USB]