Hello. My very first attempt with Squid was halfway a success and failure;), When I try to open a www page, I get the following error:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.amazon.de/
The following error was encountered:
• Forwarding Denied.
This cache will not forward your request because it is trying to enforce a sibling relationship. Perhaps the client at 192.168.2.4 is a cache which has been misconfigured.
If someone would be so nice to have a look at my config file to help me with the first start, it would be nice.
Squid runs on a linux host with Firewall and DSL (PPPoE) connection which gets its IP by DHCP.
It has 3 Nics, one for the PPPoE, a second for an internal subnet which has an additional NAT Router in between
and a third nic for the DMZ but on this subnet I get a simple timeout when opening a www page.
I would be glad if I could get at least my non-DMZ subnet connected to the internet, the DMZ subnet then will be similar. Later on I will try to configure squid as reverse proxy, becourse I have a pgsql database on the internet which I wasn't able to secure by chrooting so a reverse proxying squid would help me preventing keeping intrusion attempts out.
So my network looks like this:
Workstation -- (192.168.1.3)NAT-Router (192.168.2.4) -- (192.168.2.199)LinuxHost -- DSL
I paste the Network section of my config file:
Thank you very much for any help!
# NETWORK OPTIONS
# ------------------------------------------------------------------------ -----
# TAG: http_port # Usage: port # hostname:port # 1.2.3.4:port #Default: # http_port 192.168.3.199:3128 # http_port 192.168.2.199:3128 http_port 3128
# TAG: https_port
# Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...]
#Default:
# none
# TAG: ssl_unclean_shutdown # #Default: ssl_unclean_shutdown off
# TAG: icp_port #Default: # icp_port 3130 icp_port 0
# TAG: htcp_port # Note: This option is only available if Squid is rebuilt with the # --enable-htcp option #Default: # htcp_port 4827
# TAG: mcast_groups # # Usage: mcast_groups 239.128.16.128 224.0.1.20 # # By default, Squid doesn't listen on any multicast groups. #Default: # none
# TAG: udp_incoming_address # TAG: udp_outgoing_address # udp_incoming_address is used for the ICP socket receiving packets # from other caches. # udp_outgoing_address is used for ICP packets sent out to other # caches. #Default: # udp_incoming_address 0.0.0.0 # udp_outgoing_address 255.255.255.255
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# ------------------------------------------------------------------------ -----
# TAG: cache_peer #Default: # none
# TAG: cache_peer_domain #Default: # none
# TAG: neighbor_type_domain # usage: neighbor_type_domain neighbor parent|sibling domain domain ... #Default: # none
# TAG: icp_query_timeout (msec) #Default: icp_query_timeout 0
# TAG: maximum_icp_query_timeout (msec) #Default: maximum_icp_query_timeout 2000
# TAG: mcast_icp_query_timeout (msec) #Default: mcast_icp_query_timeout 2000
# TAG: dead_peer_timeout (seconds) #Default: dead_peer_timeout 10 seconds
# TAG: hierarchy_stoplist #We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ?
# TAG: no_cache # You must use the word 'DENY' to indicate the ACL names which should # NOT be cached. #We recommend you to use the following two lines. acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY