Andreas,
> I set up a squid as proxy cache for our department which is connected over
> a slow line to the main firewall of our institute.
>
> [local-1]
> \
> [local-2] - [squid-cache] --(slow line)--> [firewall of institute]
> /
> [local-3]
This looks ok, always try to put a proxy behind the slow line. I assume
local-1,2,3 are users.
> Now the situation has changed and I just get 403 errors with my current
(mostly
> standard) squid setup or even if I try to connect directly to the
> internet from my workstation. I'm using squid 2.2.5 from Debian 2.2.
Hm, I don't quit understand "we have to use a proxy instead of the "firewall
of institute.""
Were your requests put via the firewall to the internet or was the firewall
acting as a proxy too?
>
> The list archive mentioned the cache_peer option which should be
> my friend to solve this problem, but I suspect I did not use the
> right options. I tried
>
> cache_peer wittenau.ivbb.bund.de parent 80 7 no-query
> and
> cache_peer wittenau.ivbb.bund.de parent 80 3130 no-query
>
> but I've got in both cases:
>
> Error 500
>
> Reason: Can't locate remote host.
So I think the wittenau.ivbb.bund.de is your firewall, yes?
And your proxy should forward all incoming requests to this firewall.
If you get error: can't locate hosts, can you "ping" the firewall in other
words:
is is the proxy able to connect to the firewall for requests. Try pinging
the ipaddress of the firwall first, if ok, then ping the firewall using the
dnsname. If ping on ip succesfull but not ping on name, than there is
something wrong with your dns!
What you could do is bypass the local proxy and configure your client to
talk directly to the firewall. This will only work if there isn't a rule in
the firewall preventing you to do this.
>
> Utimaco Safeware AG
Hmm, Utimaco software is an authentication system. I've used it once. If
that is the responce of your firewall than it might be that your firewall
has been reconfigured. Ask your firewall engineer for recent changes.
> I really don't know anything about the proxy
> which is used and I hope that no-query was the right option to tell
> squid that it doesn't try to obtain something from the cache. I don't
> understand the ICP concept but I'm afraid that the used proxy isn't
> as clever as squid might be.
Ah, but does the firewall support ICP? I doubt it.
Good luck,
Peter
Received on Fri Jun 01 2001 - 07:26:56 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:27 MST