On 05/04/2012 16:21, Colin Coe wrote:
> On Thu, Apr 5, 2012 at 8:32 PM, Eliezer Croitoru<eliezer_at_ngtech.co.il> wrote:
>> On 05/04/2012 14:51, Colin Coe wrote:
>> <SNIP>
>>
>>
>>> OK, I did
>>> export ftp_proxy=http://benpxy1p:3128
>>> wget ftp://ftp2.bom.gov.au/anon/gen/fwo
>>> --2012-04-05 19:43:38-- ftp://ftp2.bom.gov.au/anon/gen/fwo
>>> Resolving benpxy1p... 172.22.106.10
>>> Connecting to benpxy1p|172.22.106.10|:3128... connected.
>>> Proxy request sent, awaiting response... ^C
>>>
>>> An entry appeared in access.log only after I hit ^C.
>>>
>>> Changing ftp_proxy to ftp://benpxy1p:3128 did not change anything.
>>>
>>> CC
>>>
>> well if a access_log entry appears it means that the client is contacting
>> the squid server.
>> did you notice that the size of this list\dir is about 1.8 MB?
>> take something simple such as:
>> ftp://ftp.freebsd.org/pub
>> it should be about 2.9Kb.
>> then if it didnt go within 10 secs try using without upper stream proxys.
>> maybe something is setup wrong on the cache_peer.
>> there are options to debug with a lot of output from squid that can simplify
>> the problem.
>> but i would go to minimum settings and up.
>> use only one proxy and without a name.
>> just use the ip for the cache_peer acls.
>> you can use the debug sections:
>> http://wiki.squid-cache.org/KnowledgeBase/DebugSections
>> to make more use of it.
>> use like this:
>> debug_options ALL,1 section,verbosity_level
>> debug_options ALL,1 9,6
>>
>> there are couple of sections that will provide you with more network layer
>> info that will help you find the source of the problem.
>>
>> to see the log tail the cahce.log file.
>>
>> well i gave you kind of the worst case scenario i could think of.
>> if you need more help i'm here.
>>
>> Regards,
>> Eliezer
>>
>
> As a test I pointed the client at the corporate proxy.
>
> # export ftp_proxy=http://172.22.0.7:221
> # wget ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
> --2012-04-05 20:43:53-- ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
> Connecting to 172.22.0.7:221... connected.
> Proxy request sent, awaiting response... 200 No headers, assuming HTTP/0.9
> Length: unspecified
> Saving to: “IDY02128.dat”
>
> [
> <=>
> ] 232 --.-K/s in 2m 0s
>
> 2012-04-05 20:45:52 (1.94 B/s) - “IDY02128.dat” saved [232]
>
> It took a while but it definitely works. I added the debug lines to
> the squid.conf (and restarted). When pointing the client at the squid
> server (for doing the FTP), there were no additional lines logged in
> either cache.log or access.log.
>
> Again, doing a tcpdump on the squid server shows the client _is_
> connecting to the squid server.
>
> CC
as i was saying...it's not about if it's connecting to the squid server
but what happens from squid to the world.
try to disable the cache_peer settings on squid...
try to use squid as regular proxy without going to the parent bluecoat
and see how it works.
just to see if you do have any problem on squid settings that are not
related to the cache_peer settings.
as you know i and many more people are using squid for ftp and it works
with no problem.
i cant point exactly about the point of failure in your setup but one
thing i do know..
i am using 3 cache peers and it works excellent for me.
just for you i will put a setup to see how my basic settings for squid
works with a parent proxy. (it will take some time )
most likely that if in any point you see access log entry it means that
you are not configuring something right on your squid.
try the next:
in hosts file add the entry:
172.22.0.7 ftp_proxy
172.22.0.7 http_proxy
then in squid.conf add:
cache_peer ftp_proxy parent 221 0 no-query no-digest proxy-only
cache_peer_access ftp_proxy allow ftp_ports
cache_peer_access ftp_proxy deny all
cache_peer http_proxy parent 8200 0 no-query no-digest proxy-only
cache_peer_access http_proxy deny ftp
cache_peer_access http_proxy allow all
#remove the :
#always_direct allow Dev
#always_direct allow Prod
#and add only:
never_direct allow all
Regards,
Eliezer
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Thu Apr 05 2012 - 14:07:34 MDT
This archive was generated by hypermail 2.2.0 : Sat Apr 14 2012 - 12:00:03 MDT