Internet Related/Filtering/Firewall Thread, Squid "cache_peer" (upstream proxy) troubles in Technical; Having some trouble configuring squid on ubuntu. We go via lancashire proxy thus I have read I need to configure ...
19th December 2011, 02:52 PM #1
Squid "cache_peer" (upstream proxy) troubles
Having some trouble configuring squid on ubuntu. We go via lancashire proxy thus I have read I need to configure this in squid.conf under cache_peer.
Whilst internal lancashire sites are accessible fine (which can be accessed when no using a proxy anyway), any other site, or "outside lancashire" times out.
What I have is this in squid.conf:
Do I need to change something somewhere else? Can't understand it at all!
cache_peer proxy.lancsngfl.ac.uk parent 8080 0 default no-query no-digest
never_direct allow all
IDG Tech News
19th December 2011, 03:13 PM #2
Can you telnet to proxy.lancsngfl.ac.uk on port 8080 to check basic networking?
telnet proxy.lancsngfl.ac.uk 8080
You should see some sort of response.
Presuming you are allowed to reconfigure and restart Squid, You can enable debugging in Squid by adding this line to squid.conf
debug_options ALL,1 33,2 28,9
Restart squid with the command
sudo service squid restart
This will log everything to /var/log/squid/cache.log
You can browse the end of the log with the command
tail -n 200 /var/log/squid/cache.log
19th December 2011, 03:18 PM #3
20th December 2011, 11:07 AM #4
Well I don't need to test proxy.lancsngfl.ac.uk, because it's the main proxy we use for internet access.
I have enabled logging and do indeed see alot more logs in the file now, but it doesn't make any sense to me and I can't really identify something that says "error" or where I can pinpoint a problem.
I have read every manual I can find about squid upstream/external proxies etc configured as noted in my opening post. It surely must be something easy that I am forgetting, or maybe one other thing that needs doing, possibly something out of the ordinary not usually noted in standard manuals?
How can I even check that squid is connecting to the parent proxy and not just trying to go direct regardless to what I have put? This seems possible given lancs-only sites can be retrieved directly anyway without using the proxy and these are the only ones I can access..
20th December 2011, 11:41 AM #5
What's the proxy at lancs? Is it MS-ISA or Squid?
Ask the admin of that proxy to check their logs to see what your proxy is doing. Anybody 'upstream' in your organisation who can help you?
20th December 2011, 12:13 PM #6
An excerpt of our similar setup config, working:
# User/group to run as (squid tree should be chown user.group)
cache_effective_user proxy proxy
# Which upstream proxy do we use?
cache_peer parentcache.address parent 3128 7 no-query default
# ACLs for allowed connections - your address ranges (replace example with full IP range including subnetting)
acl localServers dst Example.example.example.example/16
always_direct allow localServers
never_direct allow !localServers
# Squid Configuration file, part 2
# Access control list. Blacklist using text file in same directory. This is for bonus filtering via a text file.
acl blacklist url_regex "/etc/squid3/blacklist.acl"
http_access deny blacklist
deny_info http://www.websiteofyourchoosing.com blacklist
# Where to put cache and log files
cache_dir ufs /etc/squid3/cache 1024 16 256
# Cache controls
maximum_object_size 16384 KB
20th December 2011, 12:42 PM #7
I'm doing the exact same thing as you at the moment, looking at using squid and dansguardian for our web proxy and filter. Here is my cache_peer line from the squid.conf file.
I have the line
cache_peer proxy.lancsngfl.ac.uk parent 8080 0 proxy-only no-query
further down my squid.conf but everything works fine for me.
never_direct allow all
If you want I can PM you my squid.conf file.
20th December 2011, 01:43 PM #8
cache_peer proxy.wsgfl.org.uk parent 8080 0 no-query no-digest default
20th December 2011, 01:50 PM #9
cache_peer 192.168.72.102 parent 8080 0 no-query default
acl INSIDE_IP dst 192.168.92.0/24
always_direct allow INSIDE_IP
never_direct allow all
20th December 2011, 01:51 PM #10
No idea what lancs proxy is - not managed by us. As noted further down by dazt in lancs, seems it can work!
Originally Posted by jinnantonnixx
I guess I should try and get, or create, an uncommented file maybe, as navigating the default one is a nightmare, so hard to see how mine compares in areas you have posted.
Originally Posted by 3s-gtech
Sent you a PM - you being in lancs too may be useful! At least you can confirm it does work and definately something on our end.
Originally Posted by dezt
I think I have the cache_peer line correct and in the right place, though as I posted I have also set the same end parameters!
Originally Posted by glennda
5th January 2012, 03:34 PM #11
Did you manage to sort this ?
mine was fine in Nov when testing ..
Now come Jan when i want to deploy
The browser is saying
(13) permission denied in regards to our external proxy peer
16th January 2012, 09:49 AM #12
Unfortunately not.. I still didn't manage to get the upstream proxy working! The box still on allows sites internal to lancs even when using dazt's config =\
16th January 2012, 11:37 AM #13
Very strange . Ive got our council support team looking into it .
im pretty sure mine is a cache_peer issue , they might be blocking me !
What software is the Peer using ? are they also using squid ?
16th January 2012, 11:53 AM #14
I feel really bad now , blaming it on a ISP problem !
Its actually this !
How to fix: Squid cache_dir (13) Permission denied | Kaliphonia.com
Well mine was any way !
16th January 2012, 02:46 PM #15
just to note . if i stopped squid and then ran 'squid -z -F' it then worked
It must be a problem on the YUm install file . ( on centos 5.7)
Ive now gone back to centos 6 , and all is well ? and working good actually straight from the box !
By tmleafs in forum O/S Deployment
Last Post: 30th November 2009, 03:22 PM
By Lee_K_81 in forum *nix
Last Post: 20th January 2009, 12:04 PM
By fawkers in forum Windows
Last Post: 6th August 2007, 09:53 PM
By marklamond in forum Wireless Networks
Last Post: 11th June 2007, 10:00 AM
By Ravening_Wolf in forum Wireless Networks
Last Post: 11th December 2006, 02:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)