On 1/03/2012 12:00 a.m., Nick Urbanik wrote:
> Dear Folks,
>
> After a yum upgrade to this Fedora 16 box a few days ago, I now have
> squid-3.2.0.15-1.fc16.x86_64, and now have this message appearing in
> my /var/log/squid/cache.log:
> ERROR: No forward-proxy ports configured.
>
> I changed these lines:
>
> http_port 192.168.0.1:3128 transparent
> http_port 127.0.0.1:3128 transparent
> to
> http_port 192.168.0.1:3128 intercept
> http_port 127.0.0.1:3128 intercept
Good. That needed doing anyway, but is unrelated to the particular
message. A forward-proxy port is a port without any specialised traffic
mode configured. For example the default "http_port 3128" is a forward
proxy port. "http_port ... intercept" is an interception proxy port.
Why?
Now that intercept ports have stricter security enforcement you need
a forward proxy port in order to service the regular management
requests, icons, inter-proxy requests etc. which your Squid needs to do
during its operation. The error pages and FTP/Gopher directory listings
need this port and yoru visible_hostname value to generate URLs for
loading the icon images. You can also use accel ports to service those
requests in the scope of the domain(s) being accelerated. But a
forward-proxy port is best, and so what gets mentioned.
<snip>
>
> The machine is set up with two network interfaces, one to the internal
> network on 192.168.0.1, the other on the Internet. There are iptables
> rules using redirects.
You may also need to check your iptables rules include the mangle table
protections for your intercept port(s).
see http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
You can run "squid -k parse" to check for other less visible issues.
I saw "refresh_pattern (cgi-bin|\?) 0 0% 0 " in your config.
We advise this now:
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
Amos
Received on Wed Feb 29 2012 - 12:36:16 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 29 2012 - 12:00:06 MST