Re: [squid-users] Access to local domain

From: Jim Mertens <jim_mertens@dont-contact.us>
Date: Thu, 29 Mar 2001 14:07:48 +0200

Hi,
I've got port-forwarding running on Masq-router. So everything from port 80
goes to the other machine.

I almost can't believe it!! I've just installed djbdns (dnscache and
tinydns). I've changed absolutely nothing to my squid.conf file. The only
thing that has been changed on this machine is in /etc/resolv.conf. I've
pointed out the nameserver to the nameserver that's running on my internal
LAN.
Guess what!! When I enter 'http://webserver.cudeso.be/' (the name of my
webserver on the internal LAN) in Internet Exploder everything works fine!
I know there is an allow_direct for dstdomain .cudeso.be
Quite logical, everything entered with blabla.cudeso.be stays, what djbdns
is concerned, on my local LAN.

The problem arises with another the domainname I registred and that's also
pointing to my webserver. When I want to browse it, I receive no response.
Even when there's also an "allow_direct" in my squid.conf. I've not told
djbdns to take control over that domainname, so djbdns considers this as a
"normal" external domain. After 10/20 seconds I receive a timeout. Like I've
already mentioned...I see that there's some traffice to the webserver, but
no response. After a while I can see an "unreachable" towards the proxy of
my ISP.

In brief, my network looks like

[IP-Masq Router + portforwarding] -> [Webserver]
                                                           -> [Proxy]
                                                            -> [djbdns]
                                                            -> [some
Micro$oft clients running IE]

Jim

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Jim Mertens" <jim_mertens@hotmail.com>
Cc: <squid-users@squid-cache.org>
Sent: Wednesday, March 28, 2001 9:32 PM
Subject: Re: [squid-users] Access to local domain

> Then you are directly connected to Internet via NAT.
>
> I fail to see you your ISP proxy could be able to contact your local
> webservers if these are behind the same IP-Masquerade router. Not
> technically possible. So something is missing from your network
> description here.
>
> --
> Henrik Nordstrom
> Squid hacker
>
>
>
> Jim Mertens wrote:
> >
> > No,
> > It's on my internal LAN...connected to the internet through an
> > IP-masq-machine (Red Hat Linux).
> > Regards,
> >
> > Jim
> >
> > ----- Original Message -----
> > From: "Ronald" <sukker_ronald@yahoo.com>
> > To: "Jim Mertens" <jim_mertens@hotmail.com>;
<squid-users@squid-cache.org>
> > Sent: Tuesday, March 27, 2001 8:22 PM
> > Subject: Re: [squid-users] Access to local domain
> >
> > >
> > > Has your proxy directly connected with internet?. always_direct will
> > always
> > > try to send the request to origin servers.
> > > It seems your machine is not connected with internet.
> > >
> > > Regards,
> > > Squid Reader.
> > >
> > > > Hi,
> > > >
> > > > I've posted this a few days ago...but until now I can't resolve the
> > > problem.
> > > >
> > > > acl local dst 192.168.1.0/24
> > > > acl localweb1 dstdomain .mydomain1.com
> > > > acl localweb2 dstdomain .mydomain2.com
> > > >
> > > > always_direct allow localweb1
> > > > always_direct allow localweb2
> > > > always_direct allow local
> > > >
> > > > always_direct deny all
> > > >
> > > >
> > > > On the local LAN there's a Apache-webserver that serves two
www-domains.
> > > > When I set my ISP-proxy as default in Internet Explorer I can browse
> > them
> > > > without a problem. When I put the Squid-server that's on my LAN, I
can
> > > only
> > > > browse the external-websites. Not the two that are on my LAN.
> > > >
> > > > When I examine the tcpdump I see that there are request to the
www-port
> > of
> > > > my local webserver but it seems like Squid isn't getting anything
back.
> > > >
> > > > After a while I see an "udp-port unreachable" to the proxy of my ISP
> > pass
> > > > by.
> > > >
> > > > I've put my ISP-proxy as the parent-proxy.
> > > >
> > > > All this is now running in a test-environment for our company. They
are
> > > very
> > > > pleased with the functionallity of Squid...expect that
> > > > local-webbrowsing-thing.
> > > >
> > > > Anyone got some help?
> > > >
> > > > Best Regards,
> > > >
> > > > Jim
> > > >
> > > >
> > >
> > >
> > > _________________________________________________________
> > > Do You Yahoo!?
> > > Get your free @yahoo.com address at http://mail.yahoo.com
> > >
> > >
>
>
Received on Thu Mar 29 2001 - 05:07:30 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:01 MST