Hi
> I am confused regarding cache parent. We have a firewall.
> Squid v2.2.Stable3 is running on a separate system inside the firewall.
> Is it necessary to specify a cache_peer parent? Do I need to have a
> cache_peer parent.foo.net parent 3128 7
> type config entry?
It depends on the type of firewall, but the answer is probably
"yes". If your firewall can do transparency, you don't _need_ it,
but it's probably best to have it anyway.
I prefer to use:
cache_peer parent.foo.net parent 3128 3130 default no-query
That way you don't have to worry about running inetd on the
firewall (probably a good thing.)
> What is going on with or without the above entry
Without it, the firewall _might_ pick up the request in
"transparent proxy" mode, and things will work. You will probably
run into problems when you try and get per-user authentication
working.
> Also, I am not sure about prefer_dierct on, so this option in Squid conf
> is not enabled.
You should turn prefer_direct off if you have a firewall as a parent.
Nobody has ever explained fully what prefer_direct's interaction with
a default parent is (and I haven't looked at the code.) Of course,
it could be in the FAQ: I haven't looked there either, but then:
I am not the one asking the question ;)
Oskar
Received on Fri Aug 13 1999 - 15:27:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:02 MST