RE: [SLUG] SQUID BEHIND A FIREWALL

[Bernhard L�der]

You have to also allow communication to and from port 3130 (for the ICP queries)   Please also check, if telstra's proxy actually runs on port 3128. Most proxy servers run on 8080. It is Ok for you to use this port, this will not influence how you are getting the data from the next proxy in line.   You should also have a look at prefer_direct and set it to "off". This will cause your proxy always to ask the parent cache to fetch rather than going direct. Note: the parent cache must permit this. Some don't.   Bernhard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of jware Sent: Wednesday, 23 February 2000 09:20 To: [EMAIL PROTECTED] Subject: [SLUG] SQUID BEHIND A FIREWALL I am installing Squid, a proxy server, behind a firewall. Squid server ip is 192.168.1.200, the firewall ip is 192.168.1.1   The proxy is parent with Telstra proxy.cache.telstra.net. The port for http/ftp is 3128 icp is 3130. My Squid.conf file is:   cache_peer proxy.cache.telstra.net parent 3128 0 no-query default acl all src 0.0.0.0/0.0.0.0 never_direct allow all   I 've got tcp_denied message in the cache.log file.   I believe it is to do with the firewall.   My firewall setup is   INput ipchains input -A -j ACCEPT tcp -s proxy.cache.telstra.net -d 192.168.1.200 OUTput ipchains output -A -j ACCEPT tcp -s 192.168.1.200 -d proxy.cache.telstra.net 3128   What are the ports used when the cache server communicate? Is my firewall script adequate to deal with the traffice between the 2 proxy server?   Regards David Kwok