[squid-users] Multiple Subnets

From: Nick Sintros <nicksintros_at_gmail.com>
Date: Mon, 8 Dec 2008 11:08:05 -0500

Hello,

We have been using DansGuardian web filtering software with Squid 2.x
on an Ubuntu server as a transparent proxy for our school district's
WAN gateway for a few years now with no problems. We have also used
Squid3 on another server with no issues.

We are now replacing the gateway server with a new Ubuntu (8.04) box,
with Squid 3.0.STABLE1, and the latest version of DansGuardian. It is
setup almost identically to the previous server, and it works ok when
put in place of that old server, with one major problem - it only
works for hosts on the subnet it's in. All of our other subnets in our
WAN cannot access the web at all.

When a host from from one of our other subnets tries to view a web
page, the DansGuardian log shows something like:

IP_OF_HOST http://www.foo.com/ *EXCEPTION* Exception site match. GET
5733 0 1 200 - -

Then the DansGuardian passes the request to Squid, and we get this:

127.0.0.1 TCP_MISS/301 531 GET http://www.foo.com/ - NONE/- text/html

then nothing else. No more Squid log entries for that request, and the
host just times out.

We don't know for sure this is a Squid issue, and not a DansGuardian
issue, but it looks like it. We've also done several searches for
subnet-related Squid issues, and have not been able to find anything
yet. We are assuming it is not an ACL issue, since all requests
originate from 127.0.0.1, but we have tried opening those up wide
also, to no affect. And again, for the subnet the server is on, it
works great, and the old 2.x squid server worked fine for all
subnets.

Are we missing something silly and obvious? Any suggestions?
Received on Mon Dec 08 2008 - 16:08:16 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 09 2008 - 12:00:01 MST