Re: [squid-users] second squid proxy
On Tue, Jun 3, 2008 at 7:25 PM, Armend ALIAGA wrote: Hi all, I would be gratefull if somebody could help me out on this issue, I have a squid proxy (.i.e. IP.10.10.10.1) running wonderfull up to now.. I set up another squid proxy ... and the issue is that I dont know how to redirect all http requets from this one to the first proxy 10.10.10.1 without going directly to internet ? ( I'am not allowed to NAT 2 IP in the pix ?!?) I tried to do it with cache peer parent 10.10.10.1 3128 3130 but I have an error when aplying policy. thanks, pls try belpw. cache_peer 10.10.10.1 parent 3128 0 no-query default acl all src 0.0.0.0/0.0.0.0 never_direct allow all May I get your network set up with ips, if possible? I think it is like this. clients --- 2ndsquidproxy --- 1stsquidproxy(its ip is 10.10.10.1) -- Your firewall Hope to hear from you. -- Thank you Indunil Jayasooriya
Re: [squid-users] second squid proxy
Hi, yes the network set is like this : clients --- 2ndsquidproxy --- 1stsquidproxy(its ip is 10.10.10.1) -- PIX firewall ( this IP 10.10.10.1 is NATed ) The squid.conf is like this :cache_peer 10.10.10.1 parent 3128 0 no-query default acl LAN src 10.10.10.1/24 http_access allow LAN never_direct allow all Starting WWW-proxy squid startproc: exit status of parent of /usr/sbin/squid: 1 failed - Original Message From: Indunil Jayasooriya [EMAIL PROTECTED] To: Armend ALIAGA [EMAIL PROTECTED] Cc: squid-users squid-users@squid-cache.org Sent: Thursday, June 5, 2008 9:27:49 AM Subject: Re: [squid-users] second squid proxy On Tue, Jun 3, 2008 at 7:25 PM, Armend ALIAGA wrote: Hi all, I would be gratefull if somebody could help me out on this issue, I have a squid proxy (.i.e. IP.10.10.10.1) running wonderfull up to now.. I set up another squid proxy ... and the issue is that I dont know how to redirect all http requets from this one to the first proxy 10.10.10.1 without going directly to internet ? ( I'am not allowed to NAT 2 IP in the pix ?!?) I tried to do it with cache peer parent 10.10.10.1 3128 3130 but I have an error when aplying policy. thanks, pls try belpw. cache_peer 10.10.10.1 parent 3128 0 no-query default acl all src 0.0.0.0/0.0.0.0 never_direct allow all May I get your network set up with ips, if possible? I think it is like this. clients --- 2ndsquidproxy --- 1stsquidproxy(its ip is 10.10.10.1) -- Your firewall Hope to hear from you. -- Thank you Indunil Jayasooriya THIS IS THE ERROR WHEN TRYING TO START SQUID AFTER THE CHANGES :
Re: [squid-users] second squid proxy
Armend ALIAGA wrote: Hi, yes the network set is like this : clients --- 2ndsquidproxy --- 1stsquidproxy(its ip is 10.10.10.1) -- PIX firewall ( this IP 10.10.10.1 is NATed ) The squid.conf is like this :cache_peer 10.10.10.1 parent 3128 0 no-query default acl LAN src 10.10.10.1/24 http_access allow LAN never_direct allow all Starting WWW-proxy squid startproc: exit status of parent of /usr/sbin/squid: 1 failed Start squid manually straight on the binary. There are required config options missing. cache_dir at least. Some others which the binary will mention in its abort messages to the screen. Amos - Original Message From: Indunil Jayasooriya [EMAIL PROTECTED] To: Armend ALIAGA [EMAIL PROTECTED] Cc: squid-users squid-users@squid-cache.org Sent: Thursday, June 5, 2008 9:27:49 AM Subject: Re: [squid-users] second squid proxy On Tue, Jun 3, 2008 at 7:25 PM, Armend ALIAGA wrote: Hi all, I would be gratefull if somebody could help me out on this issue, I have a squid proxy (.i.e. IP.10.10.10.1) running wonderfull up to now.. I set up another squid proxy ... and the issue is that I dont know how to redirect all http requets from this one to the first proxy 10.10.10.1 without going directly to internet ? ( I'am not allowed to NAT 2 IP in the pix ?!?) I tried to do it with cache peer parent 10.10.10.1 3128 3130 but I have an error when aplying policy. thanks, pls try belpw. cache_peer 10.10.10.1 parent 3128 0 no-query default acl all src 0.0.0.0/0.0.0.0 never_direct allow all May I get your network set up with ips, if possible? I think it is like this. clients --- 2ndsquidproxy --- 1stsquidproxy(its ip is 10.10.10.1) -- Your firewall Hope to hear from you. -- Thank you Indunil Jayasooriya THIS IS THE ERROR WHEN TRYING TO START SQUID AFTER THE CHANGES : -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
Re: [squid-users] second squid proxy
Hi , thanks for your replies... if I check the mark in internet options to bypass proxy for local address I'am able to get through our intranet and other local sites, and also if I uncheck the mark won't browse intranet - which means that the second proxy works fine... However I'am not able to browse internet ? any idea? cheers, - Original Message From: Indunil Jayasooriya [EMAIL PROTECTED] To: Armend ALIAGA [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Sent: Wednesday, June 4, 2008 5:33:25 AM Subject: Re: [squid-users] second squid proxy On Tue, Jun 3, 2008 at 7:25 PM, Armend ALIAGA wrote: Hi all, I would be gratefull if somebody could help me out on this issue, I have a squid proxy (.i.e. IP.10.10.10.1) running wonderfull up to now.. I set up another squid proxy ... and the issue is that I dont know how to redirect all http requets from this one to the first proxy 10.10.10.1 without going directly to internet ? ( I'am not allowed to NAT 2 IP in the pix ?!?) I tried to do it with cache peer parent 10.10.10.1 3128 3130 but I have an error when aplying policy. thanks, pls try belpw. cache_peer 10.10.10.1 parent 3128 0 no-query default acl all src 0.0.0.0/0.0.0.0 never_direct allow all -- Thank you Indunil Jayasooriya
Re: [squid-users] second squid proxy
On Wed, Jun 4, 2008 at 2:48 PM, Armend ALIAGA [EMAIL PROTECTED] wrote: Hi , thanks for your replies... if I check the mark in internet options to bypass proxy for local address I'am able to get through our intranet and other local sites, and also if I uncheck the mark won't browse intranet - which means that the second proxy works fine... However I'am not able to browse internet ? any idea? then, Pls add below I assume your LAN is 192.168.1.0/24, if it is something else, Pls change it accordingly cache_peer 10.10.10.1 parent 3128 0 no-query default acl lan src 192.168.1.0/24 http_access allow lan never_direct allow all -- Thank you Indunil Jayasooriya
Re: [squid-users] second squid proxy
Armend ALIAGA wrote: Hi all, I would be gratefull if somebody could help me out on this issue, I have a squid proxy (.i.e. IP.10.10.10.1) running wonderfull up to now.. I set up another squid proxy ... and the issue is that I dont know how to redirect all http requets from this one to the first proxy 10.10.10.1 without going directly to internet ? ( I'am not allowed to NAT 2 IP in the pix ?!?) I tried to do it with cache peer parent 10.10.10.1 3128 3130 but I have an error when aplying policy. thanks, It's cache_peer, with an under score (see http://www.squid-cache.org/Versions/v3/3.0/cfgman/cache_peer.html). Also to ensure that all the traffic of this second proxy goes through the original, you'll need to add never_direct allow all to your config (http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-f7c4c667d4154ec5a9619044ef7d8ab94dfda39b). You might want to solve the problem with the PIX rather than going this route. I'm not sure of the utility of having two proxies on the same LAN, behind NAT where one uses the other as a parent... Chris
Re: [squid-users] second squid proxy
On Tue, Jun 3, 2008 at 7:25 PM, Armend ALIAGA [EMAIL PROTECTED] wrote: Hi all, I would be gratefull if somebody could help me out on this issue, I have a squid proxy (.i.e. IP.10.10.10.1) running wonderfull up to now.. I set up another squid proxy ... and the issue is that I dont know how to redirect all http requets from this one to the first proxy 10.10.10.1 without going directly to internet ? ( I'am not allowed to NAT 2 IP in the pix ?!?) I tried to do it with cache peer parent 10.10.10.1 3128 3130 but I have an error when aplying policy. thanks, pls try belpw. cache_peer 10.10.10.1 parent 3128 0 no-query default acl all src 0.0.0.0/0.0.0.0 never_direct allow all -- Thank you Indunil Jayasooriya
