|
> is there anyway not to send these requests through the squids?
> You only
> need the squids to cache hits that a second person will access.
> You don't need
> to cache any of this.
Joe,
First of all, thanks for your answer.
We supply an Internet Connection with Black and Whitelisting to our
customers. This all is organized and authorized throw some Squid boxes.
To balance all these realtime filter-requests we use LVS in TUN-mode
over an internal LAN. Nothing is cached, and sites like Windowsupdate
are not passed through our upstream filter and are directly going to the
origin site.
People having problems with, for example MediaMarkt, do not have the
problem when we connect directly to the proxy.
The only strange thing I can mention is lot of warnings in Squid
cache-log on the realservers.
2005/01/06 21:27:57| sslReadServer: FD 153: read failure: (104)
Connection reset by peer
2005/01/06 21:31:09| sslReadServer: FD 467: read failure: (104)
Connection reset by peer
2005/01/06 22:00:56| sslReadServer: FD 490: read failure: (104)
Connection reset by peer
... (day in, day out)
This should not be a problem, but may be relative to the problem.
I'll go to one of our customers to see if I can reproduce a warning like
this through LVS tomorrow.
Are there any IP-tables related problems to LVS in TUN-mode?
Thanks, Janno.
Janno de Wit
DNA Services B.V.
|
