Re: HELP NEEDED "Forward denied"!!!

Hello,

> So you are messing around with "transparent" proxying?
>
> If you are, then it is important that you do not redirect Squid back on
> itself, or it will complain with "Forwarding Denied" to the client, and
> a loop warning in cache.log.
>
> If you are not getting any loop warnings in cache.log then it is
> miss_access who denies the request to be forwarded.
>
>
> You provide very little information on your setup (besides mostly
> irrelevant hardware info), so it is hard to help you. Information good
> to know are:
>
> * Any important messages in cache.log?
There is no any important error message.
 
> * Are you messing around with transparent proxying or not?
I am new user of Squid. Before I never configured Squid.
I am trying to configure transparent proxying and caching.
Is it possible to configure Squid as both transparent proxying/caching
server? What things to do to configure Squid as both transparent
proxying/caching server.

> * Exactly what ipchains rules have you added?
#Accept all on loopback
/sbin/ipchains -A input -j ACCEPT -i lo
#Accept my own IP, to prevent loops (repeat for each interface/alias)
/sbin/ipchains -A input -j ACCEPT -p tcp -d 202.179.3.98 80
#Send all traffic destined to port 80 to Squid on port 80
/sbin/ipchains -A input -j REDIRECT 8080 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0
80

Following result of "/sbin/ipchains --list":
[root@cache /root]# /sbin/ipchains --list
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ------ anywhere anywhere n/a
ACCEPT tcp ------ anywhere cache.ub.mng.net any ->
www
REDIRECT tcp ------ anywhere anywhere any ->
www
=> webcache
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

Is it correct? What is your suggestion?
 
> * How is Squid located in your network? One leg, or two legs?
Sorry, I don't understand one leg, two leg.
What is leg mean? Yes, Squid located in our network.
We want to use currently installed Squid as parent cache server for whole
backbone and other dedicated line customers.
 
> * Is there a router involved, if so, what rules have you added to the
> router?
Just now I am trying to configure our Cisco 7505 router.
I found following configuration command from http://squid.nlanr.net/.
I think your wrote this example configuration.

        !
        interface Ethernet0
         description To Office Ethernet
         ip address 208.206.76.1 255.255.255.0
         no ip directed-broadcast
         no ip mroute-cache
         ip policy route-map proxy-redir
        !
        access-list 110 deny tcp host 208.206.76.44 any eq www
        access-list 110 permit tcp any any eq www
        route-map proxy-redir permit 10
         match ip address 110
         set ip next-hop 208.206.76.44

Is it correct?

> * Does it work if you disable ipchains and/or router redirection and try
> to use the proxy as a normal proxy? (i.e. have you passed the basic
> setup validations before trying transparent proxying)
I am not yet tried.
 
> * How have you configured your squid.conf?
Yes.
 
> * Have you verified your miss_access settings?
I changed miss_access settings. Now working well.
 
Best Regards
Balgansuren
Received on Wed Nov 17 1999 - 05:13:52 MST