Re: [squid-users] Squid will not forward to peer

Michael Waterhouse wrote:
> Hi All,
>
>
>
> We have implemented a squid server on Opensuse 10.2 to cache some of our
> web traffic.
>
> We have a peer proxy server which is externally managed and filters
> malicious traffic, its address is xxx.yyy.zzz.27 and listens on port
> 8080 for requests, this is working fine from the xxx.yyy.zzz.0 network,
> we have now implemented a squid cache on ip xxx.yyy.zzz.34 which fetches
> pages from the internet and caches them locally, this also works fine.
>
>
>
> However, we would like to have xxx.yyy.zzz.34 fetch its pages from
> xxx.yyy.zzz.27 on port 8080 which will then retreive them from the
> internet and pass back to xxx.yyy.zzz.34.
>
>
>
> I have tried adding the lines,
>
> cache_peer iwss parent 8080 8080 no-query default

8080 and 8080 may not be a good thing.
First is the HTTP/HTCP-port and second is ICP-port or 0. 'no-query'
terminates the use of ICP-port (which has been set as the second 8080!).

> acl all src 0.0.0.0/0.0.0.0
> never_direct allow all

and where is the cache_peer_access iwss allow ?

I hope you have secure http_access limits to prevent your proxy becoming
  security breach.

Amos

>
> To the config file which (I think) should work, Ive also cleared the
> cache to force it to download the new content via the other proxy.
>
> When connecting I get the error message,
>
>
>
> ########################################################################
> While trying to retrieve the URL: http://www.google.co.uk/
>
> The following error was encountered:
>
> Unable to forward this request at this time.
> This request could not be forwarded to the origin server or to any
> parent caches. The most likely cause for this error is that:
>
> The cache administrator does not allow this cache to make direct
> connections to origin servers, and All configured parent caches are
> currently unreachable.
> ########################################################################
>
>
> Ive noticed that when using firefox from the proxy (Linux squid) box,
> Ive mapped the name iwss using hosts file in linux to the xxx.yyy.zzz.27
> server and if I config firefox to use xxx.yyy.zzz.27 8080 in proxy
> settings it connects via the proxy fine, if I config firefox to use iwss
> 8080 then I get a cant connect error message
>
> Ive also tried to specify the other proxy in squid.conf by ip address
> aswell but this also fails.
>
>
> Any help on this would be much appreciated, Im tearing my hair out. I
> honestly have tried in my limited knowledge.
>
> Thanks much in advance
>
>
>
> Mike W
>
> ************************************************************
> Legally privileged or confidential information may be contained in this message and/or any attachments. It is intended only for the use of the individual or organisation to whom the e-mail is addressed. If you have received the e-mail in error please notify the sender by reply email. If you are not the intended recipient be advised that you have received this email in error and should delete this message and any attachments from your system and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.
> A4E disclaims all legal responsibility for the accuracy or otherwise of any information contained within or attached to this electronic document. Any view expressed in this email is that of the originator of the document only and does not necessarily represent the views of A4E or its subsidiary companies. Under the Regulation of Investigatory Powers Act, A4E reserves the right to view the content of electronic documents sent from and to its employees. This right shall only be exercised where there is suspected misuse of the system or for the purposes of investigating possible criminal or potentially harmful activity.
> ************************************************************
Received on Fri Dec 14 2007 - 06:31:17 MST