On Thu, Apr 5, 2012 at 10:07 PM, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> On 05/04/2012 16:21, Colin Coe wrote:
>>
>> On Thu, Apr 5, 2012 at 8:32 PM, Eliezer Croitoru<eliezer_at_ngtech.co.il>
>> wrote:
>>>
>>> On 05/04/2012 14:51, Colin Coe wrote:
>>> <SNIP>
>>>
>>>
>>>> OK, I did
>>>> export ftp_proxy=http://benpxy1p:3128
>>>> wget ftp://ftp2.bom.gov.au/anon/gen/fwo
>>>> --2012-04-05 19:43:38-- ftp://ftp2.bom.gov.au/anon/gen/fwo
>>>> Resolving benpxy1p... 172.22.106.10
>>>> Connecting to benpxy1p|172.22.106.10|:3128... connected.
>>>> Proxy request sent, awaiting response... ^C
>>>>
>>>> An entry appeared in access.log only after I hit ^C.
>>>>
>>>> Changing ftp_proxy to ftp://benpxy1p:3128 did not change anything.
>>>>
>>>> CC
>>>>
>>> well if a access_log entry appears it means that the client is contacting
>>> the squid server.
>>> did you notice that the size of this list\dir is about 1.8 MB?
>>> take something simple such as:
>>> ftp://ftp.freebsd.org/pub
>>> it should be about 2.9Kb.
>>> then if it didnt go within 10 secs try using without upper stream proxys.
>>> maybe something is setup wrong on the cache_peer.
>>> there are options to debug with a lot of output from squid that can
>>> simplify
>>> the problem.
>>> but i would go to minimum settings and up.
>>> use only one proxy and without a name.
>>> just use the ip for the cache_peer acls.
>>> you can use the debug sections:
>>> http://wiki.squid-cache.org/KnowledgeBase/DebugSections
>>> to make more use of it.
>>> use like this:
>>> debug_options ALL,1 section,verbosity_level
>>> debug_options ALL,1 9,6
>>>
>>> there are couple of sections that will provide you with more network
>>> layer
>>> info that will help you find the source of the problem.
>>>
>>> to see the log tail the cahce.log file.
>>>
>>> well i gave you kind of the worst case scenario i could think of.
>>> if you need more help i'm here.
>>>
>>> Regards,
>>> Eliezer
>>>
>>
>> As a test I pointed the client at the corporate proxy.
>>
>> # export ftp_proxy=http://172.22.0.7:221
>> # wget ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
>> --2012-04-05 20:43:53-- ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
>> Connecting to 172.22.0.7:221... connected.
>> Proxy request sent, awaiting response... 200 No headers, assuming HTTP/0.9
>> Length: unspecified
>> Saving to: “IDY02128.dat”
>>
>> [
>> <=>
>> ] 232 --.-K/s in 2m 0s
>>
>> 2012-04-05 20:45:52 (1.94 B/s) - “IDY02128.dat” saved [232]
>>
>> It took a while but it definitely works. I added the debug lines to
>> the squid.conf (and restarted). When pointing the client at the squid
>> server (for doing the FTP), there were no additional lines logged in
>> either cache.log or access.log.
>>
>> Again, doing a tcpdump on the squid server shows the client _is_
>> connecting to the squid server.
>>
>> CC
>
>
> as i was saying...it's not about if it's connecting to the squid server but
> what happens from squid to the world.
> try to disable the cache_peer settings on squid...
> try to use squid as regular proxy without going to the parent bluecoat and
> see how it works.
> just to see if you do have any problem on squid settings that are not
> related to the cache_peer settings.
>
> as you know i and many more people are using squid for ftp and it works with
> no problem.
>
> i cant point exactly about the point of failure in your setup but one thing
> i do know..
> i am using 3 cache peers and it works excellent for me.
> just for you i will put a setup to see how my basic settings for squid works
> with a parent proxy. (it will take some time )
>
> most likely that if in any point you see access log entry it means that you
> are not configuring something right on your squid.
>
> try the next:
> in hosts file add the entry:
> 172.22.0.7 ftp_proxy
> 172.22.0.7 http_proxy
>
> then in squid.conf add:
> cache_peer ftp_proxy parent 221 0 no-query no-digest proxy-only
> cache_peer_access ftp_proxy allow ftp_ports
> cache_peer_access ftp_proxy deny all
>
> cache_peer http_proxy parent 8200 0 no-query no-digest proxy-only
> cache_peer_access http_proxy deny ftp
> cache_peer_access http_proxy allow all
>
> #remove the :
> #always_direct allow Dev
> #always_direct allow Prod
>
> #and add only:
> never_direct allow all
>
>
>
> Regards,
> Eliezer
>
Hi Eliezer (and thanks for your patience)
I think the problem has been with the BlueCoat the whole time. The
BlueCoat admin has setup a service account for me and I've configured
squid so that all FTP requests are served through the cache_parent
hard coded with the service account details.
Its working now so were going to leave it like this.
Thanks again for your help and patience.
CC
-- RHCE#805007969328369Received on Sat Apr 14 2012 - 05:34:22 MDT
This archive was generated by hypermail 2.2.0 : Sat Apr 14 2012 - 12:00:03 MDT