+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Internet Related/Filtering/Firewall Thread, Squid "cache_peer" (upstream proxy) troubles in Technical; Having some trouble configuring squid on ubuntu. We go via lancashire proxy thus I have read I need to configure ...
  1. #1
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,105
    Thank Post
    118
    Thanked 90 Times in 78 Posts
    Rep Power
    36

    Squid "cache_peer" (upstream proxy) troubles

    Having some trouble configuring squid on ubuntu. We go via lancashire proxy thus I have read I need to configure this in squid.conf under cache_peer.

    Whilst internal lancashire sites are accessible fine (which can be accessed when no using a proxy anyway), any other site, or "outside lancashire" times out.

    What I have is this in squid.conf:

    Code:
    cache_peer proxy.lancsngfl.ac.uk parent 8080 0 default no-query no-digest
    never_direct allow all
    Do I need to change something somewhere else? Can't understand it at all!

  2. #2

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,985
    Thank Post
    114
    Thanked 505 Times in 340 Posts
    Blog Entries
    2
    Rep Power
    286
    Can you telnet to proxy.lancsngfl.ac.uk on port 8080 to check basic networking?
    telnet proxy.lancsngfl.ac.uk 8080
    You should see some sort of response.

    Presuming you are allowed to reconfigure and restart Squid, You can enable debugging in Squid by adding this line to squid.conf
    debug_options ALL,1 33,2 28,9

    Restart squid with the command
    sudo service squid restart

    This will log everything to /var/log/squid/cache.log
    You can browse the end of the log with the command
    tail -n 200 /var/log/squid/cache.log

  3. #3

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,985
    Thank Post
    114
    Thanked 505 Times in 340 Posts
    Blog Entries
    2
    Rep Power
    286

  4. #4
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,105
    Thank Post
    118
    Thanked 90 Times in 78 Posts
    Rep Power
    36
    Well I don't need to test proxy.lancsngfl.ac.uk, because it's the main proxy we use for internet access.

    I have enabled logging and do indeed see alot more logs in the file now, but it doesn't make any sense to me and I can't really identify something that says "error" or where I can pinpoint a problem.

    I have read every manual I can find about squid upstream/external proxies etc configured as noted in my opening post. It surely must be something easy that I am forgetting, or maybe one other thing that needs doing, possibly something out of the ordinary not usually noted in standard manuals?

    How can I even check that squid is connecting to the parent proxy and not just trying to go direct regardless to what I have put? This seems possible given lancs-only sites can be retrieved directly anyway without using the proxy and these are the only ones I can access..

  5. #5

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,985
    Thank Post
    114
    Thanked 505 Times in 340 Posts
    Blog Entries
    2
    Rep Power
    286
    What's the proxy at lancs? Is it MS-ISA or Squid?
    Ask the admin of that proxy to check their logs to see what your proxy is doing. Anybody 'upstream' in your organisation who can help you?

  6. #6

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,817
    Thank Post
    146
    Thanked 571 Times in 515 Posts
    Rep Power
    154
    An excerpt of our similar setup config, working:

    Code:
    # User/group to run as (squid tree should be chown user.group)
    cache_effective_user proxy proxy
    
    # Which upstream proxy do we use?  
    cache_peer parentcache.address parent 3128 7 no-query default
    
    # ACLs for allowed connections - your address ranges (replace example with full IP range including subnetting)
    acl localServers dst Example.example.example.example/16
    always_direct allow localServers
    never_direct allow !localServers
    
    
    # Squid Configuration file, part 2
    
    # Access control list.  Blacklist using text file in same directory. This is for bonus filtering via a text file.
    acl blacklist url_regex "/etc/squid3/blacklist.acl"
    http_access  deny blacklist
    deny_info http://www.websiteofyourchoosing.com blacklist
    
    
    # Where to put cache and log files
    
    cache_dir ufs /etc/squid3/cache 1024 16 256
    
    cache_access_log /etc/squid3/log/cache-access.log
    emulate_httpd_log on
    
    cache_log /etc/squid3/log/cache.log
    cache_store_log none
    
    coredump_dir /etc/squid3/cache
    
    
    # Cache controls
    maximum_object_size 16384 KB

  7. #7
    dezt's Avatar
    Join Date
    Dec 2005
    Location
    Lancs
    Posts
    1,030
    Thank Post
    157
    Thanked 60 Times in 48 Posts
    Rep Power
    30
    I'm doing the exact same thing as you at the moment, looking at using squid and dansguardian for our web proxy and filter. Here is my cache_peer line from the squid.conf file.

    Code:
    cache_peer proxy.lancsngfl.ac.uk parent 8080 0 proxy-only no-query
    I have the line
    Code:
    never_direct allow all
    further down my squid.conf but everything works fine for me.

    If you want I can PM you my squid.conf file.

  8. #8

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,816
    Thank Post
    272
    Thanked 1,138 Times in 1,034 Posts
    Rep Power
    350
    Mine is

    Code:
    cache_peer proxy.wsgfl.org.uk parent 8080 0 no-query no-digest default

  9. #9


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Code:
    cache_peer 192.168.72.102 parent 8080 0 no-query default
    
    acl INSIDE_IP dst 192.168.92.0/24
    always_direct allow INSIDE_IP
    never_direct allow all

  10. #10
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,105
    Thank Post
    118
    Thanked 90 Times in 78 Posts
    Rep Power
    36
    Quote Originally Posted by jinnantonnixx View Post
    What's the proxy at lancs? Is it MS-ISA or Squid?
    Ask the admin of that proxy to check their logs to see what your proxy is doing. Anybody 'upstream' in your organisation who can help you?
    No idea what lancs proxy is - not managed by us. As noted further down by dazt in lancs, seems it can work!

    Quote Originally Posted by 3s-gtech View Post
    An excerpt of our similar setup config, working:

    Code:
    # User/group to run as (squid tree should be chown user.group)
    cache_effective_user proxy proxy
    
    # Which upstream proxy do we use?  
    cache_peer parentcache.address parent 3128 7 no-query default
    
    # ACLs for allowed connections - your address ranges (replace example with full IP range including subnetting)
    acl localServers dst Example.example.example.example/16
    always_direct allow localServers
    never_direct allow !localServers
    
    
    # Squid Configuration file, part 2
    
    # Access control list.  Blacklist using text file in same directory. This is for bonus filtering via a text file.
    acl blacklist url_regex "/etc/squid3/blacklist.acl"
    http_access  deny blacklist
    deny_info http://www.websiteofyourchoosing.com blacklist
    
    
    # Where to put cache and log files
    
    cache_dir ufs /etc/squid3/cache 1024 16 256
    
    cache_access_log /etc/squid3/log/cache-access.log
    emulate_httpd_log on
    
    cache_log /etc/squid3/log/cache.log
    cache_store_log none
    
    coredump_dir /etc/squid3/cache
    
    
    # Cache controls
    maximum_object_size 16384 KB
    I guess I should try and get, or create, an uncommented file maybe, as navigating the default one is a nightmare, so hard to see how mine compares in areas you have posted.

    Quote Originally Posted by dezt View Post
    I'm doing the exact same thing as you at the moment, looking at using squid and dansguardian for our web proxy and filter. Here is my cache_peer line from the squid.conf file.

    Code:
    cache_peer proxy.lancsngfl.ac.uk parent 8080 0 proxy-only no-query
    I have the line
    Code:
    never_direct allow all
    further down my squid.conf but everything works fine for me.

    If you want I can PM you my squid.conf file.
    Sent you a PM - you being in lancs too may be useful! At least you can confirm it does work and definately something on our end.


    Quote Originally Posted by glennda View Post
    Mine is

    Code:
    cache_peer proxy.wsgfl.org.uk parent 8080 0 no-query no-digest default
    I think I have the cache_peer line correct and in the right place, though as I posted I have also set the same end parameters!

  11. #11

    Join Date
    Dec 2009
    Posts
    607
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    Did you manage to sort this ?

    mine was fine in Nov when testing ..

    Now come Jan when i want to deploy

    The browser is saying

    (13) permission denied in regards to our external proxy peer

  12. #12
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,105
    Thank Post
    118
    Thanked 90 Times in 78 Posts
    Rep Power
    36
    Unfortunately not.. I still didn't manage to get the upstream proxy working! The box still on allows sites internal to lancs even when using dazt's config =\

  13. #13

    Join Date
    Dec 2009
    Posts
    607
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    Very strange . Ive got our council support team looking into it .

    im pretty sure mine is a cache_peer issue , they might be blocking me !

    What software is the Peer using ? are they also using squid ?

  14. #14

    Join Date
    Dec 2009
    Posts
    607
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    I feel really bad now , blaming it on a ISP problem !

    Its actually this !

    How to fix: Squid cache_dir (13) Permission denied | Kaliphonia.com

    Well mine was any way !

  15. #15

    Join Date
    Dec 2009
    Posts
    607
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    just to note . if i stopped squid and then ran 'squid -z -F' it then worked

    It must be a problem on the YUm install file . ( on centos 5.7)

    Ive now gone back to centos 6 , and all is well ? and working good actually straight from the box !

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. [Fog] Client Proxy Trouble
    By tmleafs in forum O/S Deployment
    Replies: 3
    Last Post: 30th November 2009, 02:22 PM
  2. Squid Upstream proxy
    By Lee_K_81 in forum *nix
    Replies: 14
    Last Post: 20th January 2009, 11:04 AM
  3. Two Upstream Proxys from ISA
    By fawkers in forum Windows
    Replies: 1
    Last Post: 6th August 2007, 08:53 PM
  4. RM SmartCache 2 - no upstream proxy?
    By marklamond in forum Wireless Networks
    Replies: 0
    Last Post: 11th June 2007, 09:00 AM
  5. ISA 2004 - Upstream proxy based on user group?
    By Ravening_Wolf in forum Wireless Networks
    Replies: 0
    Last Post: 11th December 2006, 01:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •