Thanks to Linda, Henrik and others who responded.
We finally got it to work last night. The redirect_children thing was a
red herring. I came up with that mostly out of desperation because we
couldn't find anything else (and I _was_ seeing messages in the logs
suggesting to set that parameter higher). The real problem was ipchains.
Basically you can't use it - at least by itself although our consultant
says that augmenting ipchains with tproxy will work. Last night we moved
everything to iptables and it all works now. Apparently the ipchains
redirect to 3128 and iptables redirect to 3128 work differently. Using
ipchains we apparently had loops going which brought the system down if
the traffic was very high. This morning, we're running our usual ~5M and
using approx 70% cpu on a dual PIII 800 machine.
I should have followed the howto exactly, and almost did one day last
week. Unfortunately I was fixated on the squidGuard log error and since
our consultant originally set it up with ipchains (he's also the one who
fixed it by converting to iptables last night) didn't follow through on
that nagging thought to just redo it all per the howto when it occured
to me.
-- Mike Rambo mrambo@lsd.k12.mi.usReceived on Tue Feb 11 2003 - 12:21:06 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:20 MST