RE: [squid-users] Proxy forwarding problem

From: Wei Keong <chooweikeong@dont-contact.us>
Date: Tue, 28 Jan 2003 16:25:10 +0800 (Singapore Standard Time)

On Wed, 29 Jan 2003, Kundiger, Rick wrote:

> I have tried many variations of this command written below but to no avail.
>
>
> When adding any text after the "no-query" (ie acl hq_intranet) and so on I
> crash on startup.
>
> If I separate the lines it starts fine but it doesn't do what I want.

please follow the syntax as specific in the conf. you might want to run
"squid -k parse" to verify.

> If I set the proxy to cache_peer proxy.hq.foow.foo.com parent 8080 3120
> proxy-only no-query" I send everything to HQ but still cannot go into the
> intranet.

if you dont want to overload your hq proxy, you might want to just forward
request to the intranet pages.

cache_peer proxy.hq.blah.blah.com parent 8080 3120 proxy-only no-query
acl hq_intranet url_regex .*\intranet\.hq\.blah\.com.*
never_direct allow hq_intranet

> Well, very strange, if I am sending all requests to HQ proxy (if I set my
> proxy to HQ I can get into intranet) I still can't get into intranet. So,
> there must be something else blocking me. I think I am going to give up,
> call the firewall dorks and have them just add my darn proxy into their
> rules to let me in. I hate admitting defeat but I think I may have to in
> this case.

probably the hq proxy has ip based acl, allowing your workstation ip, but
not the your local proxy ip, to access the intranet.

from you local proxy, do the telnet test to find out more...

$ telnet proxy.hq.blah.com 8080
Trying x.x.x.x...
Connected to proxy.
Escape character is '^]'.
GET http://*intranet.hq.blah.com/ HTTP/1.0
[enter]
[enter]

Rgds,
Wei Keong

> -----Original Message-----
> From: Wei Keong [mailto:chooweikeong@pacific.net.sg]
> Sent: Wednesday, January 29, 2003 11:02 AM
> To: Kundiger, Rick
> Cc: 'squid-users@squid-cache.org'
> Subject: Re: [squid-users] Proxy forwarding problem
>
> > cache_peer proxy.hq.blah.blah.com sibling 8080 3120 (this is hq proxy
> > server)
>
> this is not need, if you only want the local cache to forward requests to
> the parent cache.
>
> > cache_peer proxy.gj.blah.blah.com parent 8080 3120 (this is my proxy
> > server)
> > neighbor_type_domain parent blah.com
>
> try this:
> cache_peer proxy.gj.blah.blah.com parent 8080 3120 proxy-only no-query
> acl hq_intranet url_regex .*\.blah\.com.*
> never_direct allow hq_intranet
>
> Rgds,
> Wei Keong
>
>
>
> On Wed, 29 Jan 2003, Kundiger, Rick wrote:
>
> > Here is the problem. I have a local proxy that I use for all my regional
> > users to get their cached info from. However, my home HQ site has it's
> own
> > proxy as well. Now the trick is, certain parts of the home site's
> firewall
> > will only allow people through that are using the HQ proxy.
> >
> > Since none of my users are using HQ proxy they can't get in. So I figured
> > setup a parent-sibling relationship, this didn't work. I know I am doing
> it
> > wrong I just can't figure out how to do it right. Here is my current
> config
> >
> > cache_peer proxy.hq.blah.blah.com sibling 8080 3120 (this is hq proxy
> > server)
> > cache_peer proxy.gj.blah.blah.com parent 8080 3120 (this is my proxy
> server)
> > neighbor_type_domain parent blah.com
> >
> > Now, this just causes forwarding loops. If I comment out myself as the
> > parent then it doesn't seem to do anything and proxying is really slow.
> > Somehow I need to forward packets to blah.com via the HQ proxy server and
> > all other traffic goes through my server.
> >
> > anyone know how to do this?
> >
> > Thanks
> > Rick
> >
>
Received on Wed Jan 29 2003 - 01:25:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:55 MST