On 07/09/11 18:18, John Kenyon wrote:
>>> Open "icp_port 3130" to receive the packets.
>>> Amos
>
>> Hi Amos,
>
>> Sorry, I've also got this in my squid.conf:
>
>> icp_port 3130
>> log_icp_queries on
>> icp_query_timeout 2000
>
>> Also, port 3130 is open in iptables. Any other ideas?
>
>
> From what I understand UDP_DENIED means the ICP query can be denied due to the icp_access rules.
> I appear to have resolve the issue. Originally I had this:
>
> acl local_network src 192.168.0.0/16
> icp_access allow local_network
> icp_access deny all
>
>
> Which *should* have worked right? Anyway I changed it to the following and now I am not seeing the errors:
>
> acl squid_peers src wp01.example.com wp02.example.com wp03.example.com
> icp_access allow squid_peers
> icp_access deny all
>
So the peers have IP addresses outside of 192.168.0.0/16 which they are
using to communicate. Lookup the DNS AAAA and A records for them. Your
http_access rules may need adjusting as well. If the ICP reply indicates
success there will likely be a followup HTTP request using the same IPs.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.11Received on Wed Sep 07 2011 - 06:29:27 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 07 2011 - 12:00:04 MDT