Hey Amos,,
Can you explain a little how this forward-proxy will be used by squid?
So i might be able to make a plausible cause for my setup not working.
-talha
On Tue, Apr 24, 2012 at 11:43 AM, Ahmed Talha Khan <auny87_at_gmail.com> wrote:
> By did not work i mean that web pages are not getting
> processed.Initial 1-2 requests for a web page are getting through but
> then it gets stuck. No response and access log shows this ABORT error.
> Since you said that it has nothing to do with the forward-proxy issue,
> i have no idea what is happening. i run the same config with squid
> 3.1.19 and everything works.
>
> What info should i provide so you can understand the issue better.
>
> -talha
>
> On Tue, Apr 24, 2012 at 11:32 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 24/04/2012 6:04 p.m., Ahmed Talha Khan wrote:
>>>
>>> How would i define it then in a forward proxy mode? I am getting the
>>
>>
>> port 3128 is the registered service port for HTTP proxies. It is best to
>> pick another port randomly and firewall it so that clients cannot connect
>> directly to that NAT intercept port. But we can get to that later, any port
>> will do for a forward-proxy port.
>>
>>
>>> following in my access.log file.
>>>
>>> 1335250139.466 29498 192.168.8.39 NONE_ABORTED/000 0 GET
>>> http://www.nvidia.com/ - HIER_NONE/- -
>>>
>>> The NONE_ABORTED squid request status shows that it is aborting the
>>> request. This is happening for all the requests.No pages are opening.
>>> The initial requests to get processed but later ones are stuck. Squid
>>> is running on 192.168.8.40:3128. My clients are in the 192.168.8.0/24
>>> range as you can see.
>>
>>
>> This is not related to the warning or forward-proxy port. Something else is
>> going on.
>>
>>
>>>
>>> I tried to put this line in squid.conf but did not work.
>>>
>>> http_port 192.168.8.40:8080
>>
>>
>> This is a forward-proxy port. The syntax is correct. Please explain "did not
>> work".
>>
>>
>>
>>>
>>>
>>>
>>>
>>> On Mon, Apr 23, 2012 at 4:38 PM, Amos Jeffries wrote:
>>>>
>>>> On 23/04/2012 11:06 p.m., Ahmed Talha Khan wrote:
>>>>>
>>>>> So this port which is squid needs has to have connection with the
>>>>> client?or with itself? How will i do that?
>>>>>
>>>>> http_port 127.0.0.1:3128 ? would this work?
>>>>
>>>>
>>>> It is for the clients and peers to contact. Localhost would stop the
>>>> warning, but not solve the problems.
>>>>
>>>> Amos
>>>>
>>>>> -talha
>>>>>
>>>>>
>>>>> On Mon, Apr 23, 2012 at 4:03 PM, Amos Jeffries wrote:
>>>>>>
>>>>>> On 23/04/2012 9:07 p.m., Ahmed Talha Khan wrote:
>>>>>>>
>>>>>>> Hey,
>>>>>>> I am using 3.3 sources to make a transparent proxy. i have configured
>>>>>>> the http port in the squid like this
>>>>>>>
>>>>>>>
>>>>>>> http_port 192.168.8.40:3128 intercept ssl-bump
>>>>>>> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>>>>>>> cert=/home/talha/squid/www.sample.com.pem
>>>>>>> key=/home/talha/squid/www.sample.com.pem
>>>>>>>
>>>>>>> But when i run squid i get these error at the start and my webpages
>>>>>>> wont open. I think these errors are the problem showing something in
>>>>>>> forwarding .
>>>>>>>
>>>>>>> 2012/04/23 16:06:44| ERROR: No forward-proxy ports configured.
>>>>>>> 2012/04/23 16:06:44| ERROR: No forward-proxy ports configured.
>>>>>>> 2012/04/23 16:06:44| ERROR: No forward-proxy ports configured.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The above definition of http_port is exactly that of a forward-proxy
>>>>>>> port! isnt it?
>>>>>>
>>>>>>
>>>>>> No it is an interception port. Forward proxy port has no special mode
>>>>>> settings (intercept/tproxy/accel).
>>>>>>
>>>>>>
>>>>>>> So why is squid screaming about this?
>>>>>>
>>>>>>
>>>>>> Squid needs at least one port to serve the error page, FTP and gopher
>>>>>> icons,
>>>>>> and other proxy-proxy communications from. Interception port mode now
>>>>>> (3.2+)
>>>>>> has security checks which cause problems for that traffic.
>>>>>>
>>>>>>
>>>>>>> This runs in 3.1
>>>>>>> btw. May be 3.2/3.3 have some changes. Running squid -k parse also
>>>>>>> shows no issue. Heres the relevant output of -k parse
>>>>>>
>>>>>>
>>>>>> Hmm. It should have. Thank you.
>>>>>>
>>>>>> Amos
>>>>>
>>>>>
>>>>>
>>>
>>>
>>
>
>
>
> --
> Regards,
> -Ahmed Talha Khan
-- Regards, -Ahmed Talha KhanReceived on Tue Apr 24 2012 - 13:48:31 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 25 2012 - 12:00:03 MDT