LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-10-2008, 12:26 PM   #1
Stathis92
LQ Newbie
 
Registered: Feb 2007
Location: Greece
Distribution: Debian
Posts: 22

Rep: Reputation: 15
Squid Forwarding?


Hello

I've been searching for a way to make squid forward requests for certain sites, e.g. *.youtube.com, to another cache, but with no luck.

Can someone point me to something that might help me?
 
Old 12-10-2008, 02:04 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
check out the never_direct directive http://www.visolve.com/squid/squid30...p#never_direct

If you need to control which peers are used when, then you'd be wanting to use the cache_peer_access directive in conjunction with a suitable generic acl, presumably just a dstdomain one.
 
Old 12-11-2008, 03:09 AM   #3
Stathis92
LQ Newbie
 
Registered: Feb 2007
Location: Greece
Distribution: Debian
Posts: 22

Original Poster
Rep: Reputation: 15
Tried that.
Maybe I'm doing something wrong.


Lets say I want to forward requests for .youtube.com, to the cache 10.0.0.20, and process all the other queries on itself-not directly, I need caching.

Can someone help?
 
Old 12-11-2008, 04:49 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
well do your best and show us the config you've got. the code in the link i gave should really cover it.
 
Old 12-12-2008, 01:08 AM   #5
Stathis92
LQ Newbie
 
Registered: Feb 2007
Location: Greece
Distribution: Debian
Posts: 22

Original Poster
Rep: Reputation: 15
Right.

Ive done this:

Code:
acl FWDZONE dstdomain .youtube.com
cache_peer X.X.150.71 parent 8080 0 no-query default
always_direct allow all
always_direct deny FWDZONE
never_direct allow FWDZONE

But it still directly processes all the queries including youtubes.
Btw, I am running Squid 3.0.
 
Old 12-12-2008, 02:05 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
I'm not 100% sure, but i'm pretty sure that the always / never direct statements read top down just like http_access ones, so the always_direct allow all will be overriding the later ones.
 
Old 12-12-2008, 06:01 AM   #7
Stathis92
LQ Newbie
 
Registered: Feb 2007
Location: Greece
Distribution: Debian
Posts: 22

Original Poster
Rep: Reputation: 15
Tried this, and still no difference.
Everything gets processed locally instead of get forwarded. :/

Code:
never_direct allow FWDZONE
never_direct deny all
always_direct deny FWDZONE
always_direct allow all
 
Old 12-12-2008, 06:44 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
you still have the same scenario. 2nd line says that nothing is allowed to go via an intermediate route.
 
Old 12-12-2008, 12:45 PM   #9
Stathis92
LQ Newbie
 
Registered: Feb 2007
Location: Greece
Distribution: Debian
Posts: 22

Original Poster
Rep: Reputation: 15
Tried:

Quote:
never_direct deny all
never_direct allow FWDZONE
always_direct allow all
always_direct deny FWDZONE
and
Quote:
never_direct deny all
never_direct allow FWDZONE

Still nothing.
I've also tried removing that "no-query" from the cache_peer directive, but nothing.
 
Old 12-12-2008, 03:13 PM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
ack.. you have "all" before "FWDZONE"... that's not going to work...
 
Old 12-13-2008, 02:17 AM   #11
Stathis92
LQ Newbie
 
Registered: Feb 2007
Location: Greece
Distribution: Debian
Posts: 22

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
ack.. you have "all" before "FWDZONE"... that's not going to work...
Ehm, yeah, but in every site I look into, including that link you gave me, the all statement is there.

It doesn't make sense, I mean it should be working now. :S
 
Old 12-13-2008, 04:11 AM   #12
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
no it's not, it's there *AFTER* the more specific ones, not *BEFORE*

Code:
Example(s)
To force the use of a proxy for all requests, except those in your local domain use something like
acl local-servers dstdomain .foo.net
acl all src 0.0.0.0/0.0.0.0
never_direct deny local-servers
never_direct allow all <--- AT THE END
    
or if Squid is inside a firewall and there is local intranet
servers inside the firewall then use something like:

acl local-intranet dstdomain .foo.net
acl local-external dstdomain external.foo.net
always_direct deny local-external
always_direct allow local-intranet
never_direct allow all <--- AT THE END
 
  


Reply

Tags
forwarding, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPtables not forwarding packets to Squid. danj_fc5usr Linux - Security 9 09-16-2006 03:29 PM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 12:08 PM
suse 9.3, squid, and port forwarding: how? efm Linux - Newbie 0 11-28-2005 08:37 PM
how to make azureus (or any port forwarding) works in my suse 9.3 box and squid proxy efm Linux - Newbie 0 10-31-2005 01:22 AM
Ip forwarding or Squid server? kopikat Linux - Networking 3 01-20-2005 04:14 PM


All times are GMT -5. The time now is 12:45 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration