Sibling configuration and firewalls

From: Bolmerg-Berliner,Ludger <>
Date: Mon, 6 Apr 1998 15:42:16 +0200


I hope I'm not bothering you to much but I didn't receive a response to
my email which I sent a couple of days aga. As I couldn't find a
solution to my problem in the docs I'm resending it to the list.

I have two Squid (1.1.20) caches running inside a firewall protected
network. The two Squids are configured as siblings. Access to URLs
beyond the firewall are sent to two other parent caches.

The following pictorial shows the configuration:

   squid-1 ----| |---- squid-3 (netserv)
                |--- firewall --- |
                | |---- squid-4 (netserv2)
   squid-2 ----|
   (wxx2080) |
                |--- internal-router ----- Toronto-network

The following is the configuration of one of the two caches inside the
firewall (squid-1):

   cache_host parent 3128 3130 round-robin
   cache_host parent 3128 3130 round-robin
   cache_host sibling 3128 3130 proxy-only

Is it possible to configure a the sibling cache (squid-1) inside the
firewall in a way that it tries to retrieve an URL from inside the
firewall (Toronto-network) its sibling (wxx2080) first before contacting
the original server directly.
From the log file I can see that a URL from the Toronto network is
always directly accessed

   891869902.064 836 TCP_MISS/304 101 GET - FIREWALL_IP_DIRECT/ -

Thanks for any suggestion to solve that problem
Received on Mon Apr 06 1998 - 06:46:38 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:35 MST