[squid-users] Squid wont talk to parent cache, ICP not working?

Ok guys im trying to setup my existing and fully functional squid 3.1.6
box on squeeze to talk to an identical squid box upstream, but it is not
working, I cant see any requests in access.log on the upstream box of
the downstream box fetching from it.

cache.log shows the following

upstream box (parent):

2012/01/23 00:17:15| Adding nameserver 192.168.1.1 from squid.conf
2012/01/23 00:17:15| Accepting HTTP connections at 192.168.1.205:3128,
FD 11.
2012/01/23 00:17:15| Accepting ICP messages at [::]:3129, FD 12.
2012/01/23 00:17:15| HTCP Disabled.
2012/01/23 00:17:15| Configuring Sibling 192.168.1.40/3128/3129
2012/01/23 00:17:15| Loaded Icons.
2012/01/23 00:17:15| Ready to serve requests.

downstream box (sibling):(should I even conf this as a sibling?

2012/01/23 00:19:11| Adding nameserver 10.10.1.1 from squid.conf
2012/01/23 00:19:11| Accepting HTTP connections at 10.10.1.105:3128, FD
11.
2012/01/23 00:19:11| Accepting ICP messages at [::]:3129, FD 12.
2012/01/23 00:19:11| HTCP Disabled.
2012/01/23 00:19:11| Configuring Parent 192.168.1.205/3128/3129
2012/01/23 00:19:11| Loaded Icons.
2012/01/23 00:19:11| Ready to serve requests.

======================================================================

relevant squid.conf entries

upstream box (parent)

http_port 192.168.1.205:3128
hierarchy_stoplist cgi-bin ?
icp_port 3129

cache_peer 192.168.1.40 sibling 3128 3129 default

icp_access allow all

downstream box (sibling):

http_port 10.10.1.105:3128
hierarchy_stoplist cgi-bin ?
icp_port 3129
cache_peer 192.168.1.205 parent 3128 3129 default
prefer_direct off

icp_access allow all

======================================================================

Also note that Nmap UDP -sU port scans from both hosts to eachother,
show no open port on 3129 which im using for my ICP port.

Yes I have them open in iptables with

-A INPUT -p udp -m udp --dport 3129 -j ACCEPT
and tried
-A INPUT -p udp --dport 3129 -j ACCEPT

======================================================================

Gentlemen, the fail whales tail is slapping me in the face repeatedly
what am I doing wrong???

======================================================================

deviant:/var/www# squid3 -v
Squid Cache: Version 3.1.6
configure options: '--build=i486-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
'--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=i486-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' --with-squid=/build/buildd-squid3_3.1.6-1.2+squeeze2-i386-PV_6Lv/squid3-3.1.6
Received on Mon Jan 23 2012 - 08:31:23 MST