From owner-freebsd-isp  Mon Oct  1 13:40:59 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3])
	by hub.freebsd.org (Postfix) with SMTP id 0B71B37B40A
	for <freebsd-isp@freebsd.org>; Mon,  1 Oct 2001 13:40:53 -0700 (PDT)
Received: (qmail 57610 invoked by uid 501); 1 Oct 2001 20:24:10 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 1 Oct 2001 20:24:10 -0000
Date: Mon, 1 Oct 2001 17:24:09 -0300 (BRT)
From: Paulo Fragoso <paulo@nlink.com.br>
To: <freebsd-isp@freebsd.org>
Subject: Transparent Cache
Message-ID: <20011001165457.Q46251-100000@mirage.nlink.com.br>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Hi,

We have got a transparent proxy using squid, all querys for http servers
are redirect by the natd in the our router (FreeBSD 4.x, Pentium III
933MHz) to our proxy-cache server at port 8888.

Those querys are resend to squid from local port 8888 in the
proxy-server (FreeBSD 4.x, 2x Pentium III 933MHz, SCSI 1010-33 160MB/s, HD
Seagate 18GB SCSI 3 160MB/s) to squid program at port 3128.

Our problem happen some times in the proxy-server, some times it's
logging: (using log_in_vain="YES" in the rc.conf)

Connection attempt to TCP sss.sss.sss.sss:8888 from rrr.rrr.rrr.rrr:1192
Connection attempt to TCP sss.sss.sss.sss:8888 from rrr.rrr.rrr.rrr:1458
Connection attempt to TCP sss.sss.sss.sss:8888 from rrr.rrr.rrr.rrr:1460

where rrr.rrr.rrr.rrr is the router and sss.sss.sss.sss is the
proxy-server.

If there is a firewall rule in the proxy-server, like this:

ipfw add fwd 127.0.0.1,3128 tcp from rrr.rrr.rrr.rrr to sss.sss.sss.sss 8888

then is the squid program inefficient to answer all querys?

Could be any limit in the freebsd kernel?

There is several connections at same time to port 8888 in the
proxy-server:

netstat -na|grep -c 8888
906

Is this a real problem? Can anyone help me?

Thanks,
Paulo Fragoso.

-- 
   __O
 _-\<,_     Why drive when you can bike?
(_)/ (_)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message