Re: [squid-users] configuration problem from Henrik Nordstrom on 2001-10-19 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 19 Oct 2001 21:14:44 +0200

Most likely the DNS error is for the name in your cache_peer line, not
actually the requested host..

To exclude local sites from the parent, use always_direct.

Reagards
Henrik Nordström
Squid Hacker

Todd Weybrew wrote:
>
> Hi -
>
> I'm having problems pointing squid at a proxy server following the
> technique in the FAQ.
>
> Here's the setup:
>
> I have a PC outside my firewall running win2k 8^( and the DirecPC USB
> satelite modem [I live in the sticks and can't get anything else
> reasonably fast]. There is a proprietary caching proxy running on this
> box which accelerates the access via Hugh's Electronics servers in
> Arizona ( it listens on port 83). My firewall (linux 2.4.2 with
> iptables) is running a transparent squid proxy with squirm for
> redirecting banner ad references and an Apache server on a non-standard
> port to handle the redirected requests as well as local pages. The
> firewall is also running a caching DNS server. All of this works grand
> until I try to point squid at the satelite proxy server. I tried both
> suggestions in the FAQ.
>
> First, I tried....
>
> cache_peer direcpc.mydomain parent 83 0 no-query (note: i used the
> real canonical hostname in squid.conf)
> prefer_direct off
>
> This allowed the cache to work, but it didn't appear to be using the
> proxy on direcpc.mydomain because it was still painfully slow.
>
> Second, I tried....
>
> cache_peer direcpc.mydomain parent 83 0 no-query default
> acl all src 0.0.0.0/0.0.0.0
> never_direct allow all
>
> This caused all access from inside the firewall to fail with a DNS
> lookup failure.
>
> It occurred to me that this would cause a problem for the squirm
> redirects and local docs so I tweaked it a bit.
>
> cache_peer direcpc.mydomain parent 83 0 no-query default
> acl all src 0.0.0.0/0.0.0.0
> acl local-server dst 192.168.0.1/255.255.255.255
> never_direct deny local-server
> never_direct allow all
>
> Same result... all attempts from the inside result in can't resolve DNS
> errors.
>
> This seems bogus.... what does never_direct have to do with DNS?
> Besides, it passes the DNS check at startup according to cache.log.
> The configured dns servers are 0.0.0.0 and 127.0.0.1
>
> I wonder if this could have something to do with the direcpc proxy
> server not having any access on or inside the firewall?
>
> Any help greatly appreciated!
>
> -Todd
Received on Fri Oct 19 2001 - 13:18:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:55 MST