[squid-users] configuration problem from Todd Weybrew on 2001-10-19 (squid-users)

From: Todd Weybrew <waycool@dont-contact.us>
Date: Fri, 19 Oct 2001 08:52:16 -0700

Hi -

I'm having problems pointing squid at a proxy server following the
technique in the FAQ.

Here's the setup:

I have a PC outside my firewall running win2k 8^( and the DirecPC USB
satelite modem [I live in the sticks and can't get anything else
reasonably fast]. There is a proprietary caching proxy running on this
box which accelerates the access via Hugh's Electronics servers in
Arizona ( it listens on port 83). My firewall (linux 2.4.2 with
iptables) is running a transparent squid proxy with squirm for
redirecting banner ad references and an Apache server on a non-standard
port to handle the redirected requests as well as local pages. The
firewall is also running a caching DNS server. All of this works grand
until I try to point squid at the satelite proxy server. I tried both
suggestions in the FAQ.

First, I tried....

cache_peer direcpc.mydomain parent 83 0 no-query (note: i used the
real canonical hostname in squid.conf)
prefer_direct off

This allowed the cache to work, but it didn't appear to be using the
proxy on direcpc.mydomain because it was still painfully slow.

Second, I tried....

cache_peer direcpc.mydomain parent 83 0 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all

This caused all access from inside the firewall to fail with a DNS
lookup failure.

It occurred to me that this would cause a problem for the squirm
redirects and local docs so I tweaked it a bit.

cache_peer direcpc.mydomain parent 83 0 no-query default
acl all src 0.0.0.0/0.0.0.0
acl local-server dst 192.168.0.1/255.255.255.255
never_direct deny local-server
never_direct allow all

Same result... all attempts from the inside result in can't resolve DNS
errors.

This seems bogus.... what does never_direct have to do with DNS?
Besides, it passes the DNS check at startup according to cache.log.
The configured dns servers are 0.0.0.0 and 127.0.0.1

I wonder if this could have something to do with the direcpc proxy
server not having any access on or inside the firewall?

Any help greatly appreciated!

-Todd
Received on Fri Oct 19 2001 - 09:52:31 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:54 MST