[squid-users] Beginners Question: First Configuration Squid on Firewall host

From: R. Welz <linuxprodukte@dont-contact.us>
Date: Tue, 11 Jan 2005 10:39:11 +0100

Hello.
My very first attempt with Squid was halfway a success and failure;),
When I try to open a www page, I get the following error:

ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.amazon.de/
The following error was encountered:
        • Forwarding Denied.
  This cache will not forward your request because it is trying to
enforce a sibling relationship. Perhaps the client at 192.168.2.4 is a
cache which has been misconfigured.

If someone would be so nice to have a look at my config file to help me
with the first start, it would be nice.

Squid runs on a linux host with Firewall and DSL (PPPoE) connection
which gets its IP by DHCP.
It has 3 Nics, one for the PPPoE, a second for an internal subnet which
has an additional NAT Router in between
and a third nic for the DMZ but on this subnet I get a simple timeout
when opening a www page.

I would be glad if I could get at least my non-DMZ subnet connected to
the internet, the DMZ subnet then will be similar. Later on I will try
to configure squid as reverse proxy, becourse I have a pgsql database
on the internet which I wasn't able to secure by chrooting so a reverse
proxying squid would help me preventing keeping intrusion attempts out.

So my network looks like this:
Workstation -- (192.168.1.3)NAT-Router (192.168.2.4) --
(192.168.2.199)LinuxHost -- DSL

I paste the Network section of my config file:

Thank you very much for any help!

# NETWORK OPTIONS
#
------------------------------------------------------------------------
-----

# TAG: http_port
# Usage: port
# hostname:port
# 1.2.3.4:port
#Default:
# http_port 192.168.3.199:3128
# http_port 192.168.2.199:3128
http_port 3128

# TAG: https_port
# Usage: [ip:]port cert=certificate.pem [key=key.pem]
[options...]
#Default:
# none

# TAG: ssl_unclean_shutdown
#
#Default:
ssl_unclean_shutdown off

# TAG: icp_port
#Default:
# icp_port 3130
icp_port 0

# TAG: htcp_port
# Note: This option is only available if Squid is rebuilt with the
# --enable-htcp option
#Default:
# htcp_port 4827

# TAG: mcast_groups
#
# Usage: mcast_groups 239.128.16.128 224.0.1.20
#
# By default, Squid doesn't listen on any multicast groups.
#Default:
# none

# TAG: udp_incoming_address
# TAG: udp_outgoing_address
# udp_incoming_address is used for the ICP socket receiving packets
# from other caches.
# udp_outgoing_address is used for ICP packets sent out to other
# caches.
#Default:
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
#
------------------------------------------------------------------------
-----

# TAG: cache_peer
#Default:
# none

# TAG: cache_peer_domain
#Default:
# none

# TAG: neighbor_type_domain
# usage: neighbor_type_domain neighbor parent|sibling domain domain ...
#Default:
# none

# TAG: icp_query_timeout (msec)
#Default:
icp_query_timeout 0

# TAG: maximum_icp_query_timeout (msec)
#Default:
maximum_icp_query_timeout 2000

# TAG: mcast_icp_query_timeout (msec)
#Default:
mcast_icp_query_timeout 2000

# TAG: dead_peer_timeout (seconds)
#Default:
dead_peer_timeout 10 seconds

# TAG: hierarchy_stoplist
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# TAG: no_cache
# You must use the word 'DENY' to indicate the ACL names which should
# NOT be cached.
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
Received on Tue Jan 11 2005 - 02:39:21 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST