Ok guise Ive tried many things and am ready to pull my last hair out,
accept that im bald. so I need some help with this. Both proxies are
working fine as standalone proxies within my networks. I dont need
authentication, and both are squid 3.1.6, yes I know I should update,
but compiling isnt workin for me. So, Ill go with the official "Stable"
release from the debian repos thank you very much. Could one of you
generous gentlemen take a peak and see if I have goofed up somewhere?
Tailing the /var/log/squid3/access.log shows traffic only on the
downstream squid, and never on the upstream. Ive been watching the logs
for hours now and have zero activity on the parent and have had over
500mb of http traffic on the downstream, so something should have hit by
now. But nothing has.
###########################
Heres the conf for my downstream proxy
###########################
http_port 10.10.1.105:3128
cache_peer 192.168.1.205 parent 3128 3129 default
icp_port 3129
#prefer_direct off
#nonhierarchical_direct off
never_direct deny all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
dns_nameservers 10.10.1.1
hosts_file /etc/hosts
cache_swap_low 90
cache_swap_high 95
access_log /var/log/squid3/access.log
cache_mem 400 MB
memory_pools off
maximum_object_size_in_memory 512 KB
maximum_object_size 400 MB
log_icp_queries off
half_closed_clients off
cache_mgr mrnicholsb_at_gmail.com
cache_dir ufs /mnt/secondary/var/spool/squid3 30000 32 256
visible_hostname deviant.evil
shutdown_lifetime 1 second
#icap_enable on
#icap_send_client_ip on
#icap_send_client_username on
#icap_client_username_encode off
#icap_client_username_header X-Authenticated-User
#icap_preview_enable on
#icap_preview_size 1024
#icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
#adaptation_access service_req allow all
#icap_service service_resp respmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
#adaptation_access service_resp allow all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.10.1.0/24
acl blacklist dstdomain "/mnt/secondary/squid3/squid-block.acl"
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21 # http
acl Safe_ports port 443 # ftp
acl Safe_ports port 70 # https
acl Safe_ports port 210 # gopher
acl Safe_ports port 1025-65535 # wais
acl Safe_ports port 280 # unregistered ports
acl Safe_ports port 488 # http-mgmt
acl Safe_ports port 591 # gss-http
acl Safe_ports port 777 # filemaker
acl CONNECT method CONNECT # multiling http
always_direct allow localnet
icp_access allow localnet
icp_access deny all
http_access deny blacklist
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
############################
And heres the conf for the upstream proxy
############################
http_port 192.168.1.205:3128
icp_port 3129
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
dns_nameservers 192.168.1.1
hosts_file /etc/hosts
cache_swap_low 95
cache_swap_high 98
access_log /var/log/squid3/access.log
cache_mem 700 MB
memory_pools on
maximum_object_size_in_memory 3 MB
maximum_object_size 320 MB
log_icp_queries off
half_closed_clients off
cache_mgr mrnicholsb_at_gmail.com
cache_dir ufs /var/spool/squid3 40000 32 256
visible_hostname squid.brosound
shutdown_lifetime 1 second
#icap_enable on
#icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/dlp
#adaptation_access service_req allow all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 192.168.1.0/24
#blacklisting disabled for oneil
#acl blacklist dstdomain "/etc/squid3/squid-block.acl"
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 82
acl Safe_ports port 21 # FTP
acl Safe_ports port 443 ## SSL
acl Safe_ports port 70 # https
acl Safe_ports port 210 # gopher
acl Safe_ports port 1025-65535 # wais
acl Safe_ports port 280 # unregistered ports
acl Safe_ports port 488 # http-mgmt
acl Safe_ports port 591 # gss-http
acl Safe_ports port 777 # filemaker
acl CONNECT method CONNECT # multiling http
acl INSIDE_IP dst 192.168.1.0/24
#always_direct allow INSIDE_IP
#never_direct allow all
icp_access allow localnet
icp_access deny all
#blacklisting disabled for oneil
#http_access deny blacklist
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
Received on Wed Aug 01 2012 - 00:34:58 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 12:00:02 MDT