Problem with configuration of Squid server behind a squid
Problem with configuration of Squid-1 server that has an "authenticated Squid-2 parent".
Squid-2 parent's Proxy detail: 10.31.31.10 port-3128 + userid/passwd Squid-1 server IP : eth0 -- 10.126.2.101 (connected to Squid-2) eth1 -- 192.168.1.1 (connected to LAN through ethernet switch , DHCP configured, LAN PCs take IP from 192.168.1..2 - 198.168.1..254) I am trying to access internet on LAN PCs, but all efforts have gone in vain. OS: SuSE 11.0 64 bit -------------------------- The detail of squid.conf is listed below: ——————– cache_peer 10.31.31.10 parent 3128 3130 no-query prefer_direct off acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8 acl localnet src 172.16.0.0/12 acl localnet src 192.168.1.1 acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Saf_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl purge method PURGE acl CONNECT method CONNECT access_log /var/log/squid/access.log acl plasma_net src 192.168.1.2 acl plasma_net src 192.168.1.3 acl plasma_net src 192.168.1.4 acl plasma_net src 192.168.1.5 http_access allow plasma_net acl lan src 10.126.2.101 192.168.1.1 http_access allow localhost http_access allow lan http_access allow all http_access allow localnet http_access deny all acl ftp proto FTP http_access allow ftp http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_reply_access allow all icp_access allow all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 192.168.1.1:3128 transparent hierarchy_stoplist cgi-bin ? cache_mem 8 MB memory_replacement_policy lru cache_replacement_policy lru cache_dir ufs /var/cache/squid 100 16 256 minimum_object_size 0 KB maximum_object_size 4096 KB cache_swap_low 90 cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log emulate_httpd_log off ftp_passive on refresh_pattern ^ftp: 1440 20 10080 refresh_pattern ^gopher: 1440 0 1440 refresh_pattern (cgi-bin|\?) 0 0 0 refresh_pattern . 0 20 4320 always_direct allow all connect_timeout 2 minutes client_lifetime 1 days cache_mgr webmaster visible_hostname plasma1 icp_port 3130 error_directory /usr/share/squid/errors/English coredump_dir /var/cache/squid cache_swap_high 95 ——————- When any LAN - PC tries to use internet, I get following error in my access.log and —————————————————— 1249380237.766 294 192.168.1.4 TCP_MISS/503 2419 GET ........ 1249380328.894 290 192.168.1.4 TCP_MISS/503 2468 GET ........ ———————————————- the user gets following error: while trying to retrieve the URL.............. The following error was encountered: Connection to 69.147.76.15 Failed. The system returned: (101) Network is unreachable [whereas, i am able to access above url / ip from server at same time] Also, I have disabled firewall, as of now (MY ISP is highly secure / protected). PLEASE, HELP me resolve this issue. |
Your squid.conf is not sane at all, and i guess you need a great deal of studying squid access controls, but i will not go into that now. I just wanted to point out that while you are requesting help with parenting, you still need great help with the whole of squid.
Well that being said, you need to supply the username and password for the parent. You also need to makesure that you can reach port 3128 of the parent from this child. Try; Quote:
|
Quote:
Thanks for your reply! I agree that I am a Linux newbie and have to learn a lot regarding squid. I did change the squid.conf as suggested but the problem remains the same. I again get the same errors in access.log thanks again. |
you have got other directives which are working against your goal e.g.
Quote:
|
thanks for your reply. I changed squid.conf and now on the LAN PCs (with proxy set to 192.168.1.1:3128) I get the authentication window with following caption:
------------------------------------------ The proxy 192.168.1.1:3128 is requesting a a username and password. The site says: "RRCAT proxy-caching web server" ------------------------------------------ Once, I fill userid/passwd, it gives the same error. I get a similar caption when I connect to internet from my server. The difference is that it gives IP address 10.31.31.10 instead of 192....; and after giving uid/passwd i get to internet from server. Now my squid.conf is as: --------------- cache_peer 10.31.31.10 parent 3128 3130 no-query no-digest login=userid:passwd never_direct allow all hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl purge method PURGE acl CONNECT method CONNECT cache_mem 1024 MB http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge acl lan src 10.126.2.101 192.168.1.0/24 http_access allow localhost http_access allow lan http_access deny all http_reply_access allow all icp_access allow all visible_hostname plasma1 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on coredump_dir /var/spool/squid http_port 3128 transparent cache_mem 8 MB coredump_dir /var/spool/squid cache_mem 8 MB memory_replacement_policy lru cache_replacement_policy lru cache_dir ufs /var/cache/squid 100 16 256 minimum_object_size 0 KB maximum_object_size 4096 KB cache_swap_low 90 access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log emulate_httpd_log off ftp_passive on connect_timeout 2 minutes client_lifetime 1 days cache_mgr webmaster visible_hostname plasma1 icp_port 3130 error_directory /usr/share/squid/errors/English coredump_dir /var/cache/squid cache_swap_high 95 --------------------- Thanks again. Previously the access.log was shwoing like this -------------------------------------- 1249981609.704 288 192.168.1.4 TCP_MISS/503 2455 GET http://www.google.com/ - DIRECT/209.85.231.147 text/html 1249981679.435 282 192.168.1.4 TCP_MISS/503 2468 GET http://www.google.com/ - DIRECT/209.85.231.147 text/html ---------------------------------------- but I did some changes and now the access log shows: ---------------------------------------- 1250052501.170 23 192.168.1.4 TCP_MISS/407 1840 GET http://www.google.com/ - FIRST_UP_PARENT/10.31.31.10 text/html 1250052669.096 11 192.168.1.4 TCP_MISS/407 1840 GET http://www.google.com/ - FIRST_UP_PARENT/10.31.31.10 text/html 1250052678.326 12 192.168.1.4 TCP_MISS/407 1840 GET http://www.google.com/ - FIRST_UP_PARENT/10.31.31.10 text/html |
Quote:
Now, even that useid/passwd window is not appearing on LAN PCs and the access.log has changed as per previous post. |
you have shambled up things and its hard for me to tell since i dont know what exactly you did. You also need to know fully what installing gadmin-squid-0.1.1.tar.gz did to the squid install.
Quote:
Quote:
Quote:
Quote:
|
Quote:
Now, even that useid/passwd window is not appearing on LAN PCs and the access.log has changed as per previous post. |
Quote:
Quote:
Quote:
What is the right syntax? Thanks for your replies and guidance. |
Quote:
Quote:
correct all errors i have indicated and post the updated conf here let's see. |
try a minimalist config like:
Quote:
|
Thanks Chitambira !! for your kind help and guidance.
After removing gadmin-squid completely, I changed squid.conf as per your post and rebooted the system. Restarted squid and now my LAN PCs are able to access internet. I ran the following edited script from the post mentioned in the quote: Quote:
The final squid.conf is listed below for reference of others: Quote:
|
Quote:
However, I must point out that whilist you server is now working, it has its config is still not cleaned up. it has ghosts and bugs. Like I mentioned earlier on, squid.conf respects order (which greatly lacks in your conf) A good example will be what i said about never_direct allow all This access directive is defined before the acl "all2 is defined. [REMEMBER "all" is NOT an inbuilt phrase] so its meaningless unless/until it meets an acl "acl all src 0.0.0.0/0.0.0.0" So in your config that never_direct line is not being used (dummy) This might surprise you later, when you realise some websites wont be served from parent (your child proxy will attempt to query directly) That being said, I had put a squid.conf to guide you on how to separate and order various sections. If you look at that post, you will realise how orderly the different directives have been arranged, like, globals, perfomance, logging, acls, access directives, etc. you can put most of these where you want, but acls and access directives have to be ordered right. [REMEMBER: (rule of thumb) anything with "allow" or "deny" is an acess directive and has to come AFTER its acl has been defined] |
Thanks again for your guidance. In fact I looked at your post when I had success in accessing internet from LAN PCs. I have incorporated changes suggested by you i.e. the squid.conf has been edited as per your suggestion.
Thanks again. |
All times are GMT -5. The time now is 05:43 PM. |