+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
Internet Related/Filtering/Firewall Thread, Squid "cache_peer" (upstream proxy) troubles in Technical; Bumping my old thread, but I am going to try this again from scratch seeing as I have some time ...
  1. #16
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,105
    Thank Post
    118
    Thanked 90 Times in 78 Posts
    Rep Power
    36
    Bumping my old thread, but I am going to try this again from scratch seeing as I have some time now and I was never able to get it working as I wanted!

    Those who tried, replied or have it working themselves, could you advise if you read any online guide as to how to correctly set this up? I read a few, and think I did it correct though as mentioned a few months ago, was not able to get the upstream proxy working (seeing as our inet ISP is itself via a proxy).

  2. #17

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,991
    Thank Post
    114
    Thanked 507 Times in 342 Posts
    Blog Entries
    2
    Rep Power
    286
    Is Squid actually running properly?

    What platform are you using? On Centos/RH, try the command
    service squid status

    A common fault when you regenerate the cache directories is the error 'Squid is started but no running copy' or something like that.

  3. #18
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,105
    Thank Post
    118
    Thanked 90 Times in 78 Posts
    Rep Power
    36
    On Ubuntu - squid itself did work (I think), as dansguardian did work in that. I am currently running a fresh install anyway as I can't remember what I changed etc and probably easier to start again, but then the risk is configuring all again to get the same issue as last time!

  4. #19
    grant_girdwood's Avatar
    Join Date
    Jun 2012
    Location
    Bloxx HQ
    Posts
    54
    Thank Post
    2
    Thanked 11 Times in 10 Posts
    Rep Power
    6
    Hi dgsmith,

    My guess is that the upstream proxy requires authentication - can you confirm if this is the case?

    If it is then you will need to use the login=PASS parameter

  5. #20
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    807
    Thank Post
    83
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32
    @dgsmith

    I had a similar issue a while back with Squid and an upstream proxy that isn't administrated by my department. The upstream proxy sat in a public network and would only allow connections from certain addresses which were the public outside addresses of all the schools that used it. This setup works great when connecting directly to it, but when we tried to go through an internal squid proxy the connections would time out. It turns out in Squid's default configuration it sends the originating internal IP address to the outside proxy in the payload. The outside proxy was looking at this as the originating address instead our outside interface on the firewall and blocking the connection as a result. To disable Squid from passing the internal address to the upstream proxy add this to your config:

    Code:
    forwarded_for off
    I hope this fixes it....

  6. #21
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,105
    Thank Post
    118
    Thanked 90 Times in 78 Posts
    Rep Power
    36
    Quote Originally Posted by grant_girdwood View Post
    Hi dgsmith,

    My guess is that the upstream proxy requires authentication - can you confirm if this is the case?

    If it is then you will need to use the login=PASS parameter
    We do not have authentication to our LEA proxy.

    Quote Originally Posted by Duke5A View Post
    @dgsmith

    I had a similar issue a while back with Squid and an upstream proxy that isn't administrated by my department. The upstream proxy sat in a public network and would only allow connections from certain addresses which were the public outside addresses of all the schools that used it. This setup works great when connecting directly to it, but when we tried to go through an internal squid proxy the connections would time out. It turns out in Squid's default configuration it sends the originating internal IP address to the outside proxy in the payload. The outside proxy was looking at this as the originating address instead our outside interface on the firewall and blocking the connection as a result. To disable Squid from passing the internal address to the upstream proxy add this to your config:

    Code:
    forwarded_for off
    I hope this fixes it....
    Thanks for the advice; I simply can't remember if this was configured or not and I have since reinstalled the lot but personal concerns have meant I have yet to finish that. I'll be sure to try when I next have the opportunity and let you know - it sure does sound like it may be a resolution!

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. [Fog] Client Proxy Trouble
    By tmleafs in forum O/S Deployment
    Replies: 3
    Last Post: 30th November 2009, 02:22 PM
  2. Squid Upstream proxy
    By Lee_K_81 in forum *nix
    Replies: 14
    Last Post: 20th January 2009, 11:04 AM
  3. Two Upstream Proxys from ISA
    By fawkers in forum Windows
    Replies: 1
    Last Post: 6th August 2007, 08:53 PM
  4. RM SmartCache 2 - no upstream proxy?
    By marklamond in forum Wireless Networks
    Replies: 0
    Last Post: 11th June 2007, 09:00 AM
  5. ISA 2004 - Upstream proxy based on user group?
    By Ravening_Wolf in forum Wireless Networks
    Replies: 0
    Last Post: 11th December 2006, 01:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •