RE: [SQU] Squid behind firewall - DNS Problem from Magnus Ullberg on 2000-12-15 (squid-users)

From: Magnus Ullberg <UllbergM@dont-contact.us>
Date: Fri, 15 Dec 2000 08:24:02 -0600

Yes..
I forgot to include my configuration in my last email.. this is what I
have.. I believe that the dstdomain acl may be the problem.. to me it looks
like maybe its trying to resolve the ipaddresses to hostnames to see if they
are in the .abc.net domain..

acl intranet dstdomain .abc.net
never_direct deny intranet
never_direct allow all

always_direct allow intranet
always_direct deny all

The internal proxy has the ICP port for both parent caches set.

Magnus Ullberg
Network Coordinator

Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301

-----Original Message-----
From: Stolle, Martin [mailto:MStolle@KIV.DE]
Sent: Friday, December 15, 2000 7:58 AM
To: 'Magnus Ullberg'
Cc: 'squid-users@ircache.net'
Subject: AW: [SQU] Squid behind firewall - DNS Problem

Did you use the statement "never direct allow all" in your squid.conf ?
This will prevent the client cache to ask directly the internet.

Another Possibility: Did you allow UDP Port 3130 (for ICP requests) through
your firewall and configured your client to use it
e.g.

cache peer 195.27.54.3 parent 3128 3130

for with internet-proxy on IP-Adress 195.27.54.3, proxy-port 3128 and
ICP-Port 3130

Otherwise, your client will time out.

Greetings,

Martin Stolle

-----Ursprüngliche Nachricht-----
Von: Magnus Ullberg [mailto:UllbergM@abcbank.com]
Gesendet: Freitag, 15. Dezember 2000 15:00
An: squid-users@ircache.net
Betreff: [SQU] Squid behind firewall - DNS Problem

I've got a problem. This is my setup:

Proxy1 Proxy2
    | |
    \_____________/
                 |
            IntProxy

Proxy 1 & 2 is on the internet while IntProxy is only on the internal
network. Everything works fine except when you try to access a website using
their IP address.
It hangs for a couple of minutes before showing the page. I think I've
narrowed it down to what is happening. It looks like it does a reverse dns
lookup on the ip address and it has to wait for that to time out.

Any suggestions for me?

Thanks,
Magnus Ullberg
Network Coordinator

Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Received on Fri Dec 15 2000 - 07:26:34 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:59 MST