I am having two problems with squid, I thought I had set things correctly, but it appears not! We use EMBC as our isp, so all non local traffic must pass through proxy.embc.org.uk, with local traffic not being routed externally. I have tried to do this with the config below, but with two problems. Local domain traffic is still routed to proxy.embc.org.uk We keep getting Dead parent cache errors, with all internet access blocked (as we don`t allow direct connections), this lasts for a minute or so and then clears. I have tried increasing the parent cache timeouts with no sucess. The question is what am I doing wrong? I have attached my full squid config, I am sure someone will spot the bloomer! Thanks for any advice. Rob Keeling Network Manager Queen Elizabeth`s Grammar School /etc/squid/squid.conf http_port 81 icp_port 0 cache_peer proxy.embc.org.uk parent 80 0 no-query default connect-timeout=300 cache_peer 213.249.157.48 parent 80 0 no-query connect-timeout=300 acl alld dst 0.0.0.0/0.0.0.0 acl localip dst 10.4.172.0/255.255.253.0 acl localdns dstdomain .queenelizabeths.derbyshire.sch.uk acl localhostd dst 127.0.0.1 never_direct allow alld always_direct allow localip localdns localhostd dead_peer_timeout 300 seconds acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY peer_connect_timeout 300 seconds acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow all icp_access allow all httpd_accel_with_proxy on httpd_accel_uses_host_header on append_domain .queenelizabeths.derbyshire.sch.uk -- I love deadlines. I love the whooshing noise they make as they go by. - Douglas Adams
--- Rob Keeling
We keep getting Dead parent cache errors, with all internet access blocked (as we don`t allow direct connections), this lasts for a minute or so and then clears. I have tried increasing the parent cache timeouts with no sucess.
The question is what am I doing wrong?
You did not attach the error message. My powers of telepathy are weak at the best of time, but guessing games I cannot play. Dead Parent cache can mean anything, since it relates to a number of issues. I suspect though that it might be the result of a protcol and/or a firewall issue, assuming you have one. -- Thomas Adam ===== "The Linux Weekend Mechanic" -- http://linuxgazette.net "TAG Editor" -- http://linuxgazette.net "<shrug> We'll just save up your sins, Thomas, and punish you for all of them at once when you get better. The experience will probably kill you. :)" -- Benjamin A. Okopnik (Linux Gazette Technical Editor) ____________________________________________________________ Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html
Thomas Adam wrote:
You did not attach the error message. My powers of telepathy are weak at the best of time, but guessing games I cannot play.
For some people telepathy appears to be the primary method of fault reporting. Even after being repeatedly demonstrated not to work :)
Dead Parent cache can mean anything, since it relates to a number of issues. I suspect though that it might be the result of a protcol and/or a firewall issue, assuming you have one.
It could mean "exactly what it says on the tin". With the machine you are using, as a parent cache, being down or overloaded. As well as all kinds of faults with your RBC. -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763
Firstly, thanks to Mark & Thomas for the comments, did wonder if I had included enough of a discription of the problem, but you have answered at least one of the issues! I thought the dead parent cache error was down to EMBC`s cache being flakey, and have been trying various ways of increasing the timeout, hence the large timeout values, if I can`t change that from 60 seconds then fair enough. I did attempt to configure two parent caches, one entry by DNS the other by ip, hoping that if one entry had timed out the other might be OK, (it really does look like EMBC`s cache dies under load and drops connections, which my squid recognises and kills the school link for a few mins.) Is there any mileage in this? The other problem is that although I have configured squid to connect directly to machines in our domain, .queenelizabeths.derbyshire.sch.uk, it still sends requests to embc. Any ideas what I have done wrong? I am using the stock install of squid as supplied with SuSE 8.2. Thanks for the hints guys. Rob Keeling Network Manager Queen Elizabeth`s Grammar School /etc/squid/squid.conf http_port 81 icp_port 0 cache_peer proxy.embc.org.uk parent 80 0 no-query default connect-timeout=300 cache_peer 213.249.157.48 parent 80 0 no-query connect-timeout=300 acl alld dst 0.0.0.0/0.0.0.0 acl localip dst 10.4.172.0/255.255.253.0 acl localdns dstdomain .queenelizabeths.derbyshire.sch.uk acl localhostd dst 127.0.0.1 never_direct allow alld always_direct allow localip localdns localhostd dead_peer_timeout 300 seconds acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY peer_connect_timeout 300 seconds acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow all icp_access allow all httpd_accel_with_proxy on httpd_accel_uses_host_header on append_domain .queenelizabeths.derbyshire.sch.uk -- I love deadlines. I love the whooshing noise they make as they go by. - Douglas Adams
--- Rob Keeling
Firstly, thanks to Mark & Thomas for the comments, did wonder if I had included enough of a discription of the problem, but you have answered at least one of the issues!
:)
I did attempt to configure two parent caches, one entry by DNS the other by ip, hoping that if one entry had timed out the other might be OK, (it really does look like EMBC`s cache dies under load and drops connections, which my squid recognises and kills the school link for a few mins.)
Is there any mileage in this?
If EMBC is at fault then a polite message to them, telling them that you have a few issues wouldn't go amiss. Other than that, I cannot see a great deal more as to what you can do.
The other problem is that although I have configured squid to connect directly to machines in our domain, .queenelizabeths.derbyshire.sch.uk, it still sends requests to embc. Any ideas what I have done wrong?
Perhaps the proxy at the other end uses it as a fallback?
I am using the stock install of squid as supplied with SuSE 8.2.
In this instance, I do not believe it is your squid configuration. -- Thomas Adam ===== "The Linux Weekend Mechanic" -- http://linuxgazette.net "TAG Editor" -- http://linuxgazette.net "<shrug> We'll just save up your sins, Thomas, and punish you for all of them at once when you get better. The experience will probably kill you. :)" -- Benjamin A. Okopnik (Linux Gazette Technical Editor) Chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/
participants (3)
-
Mark Evans
-
Rob Keeling
-
Thomas Adam