[squid-users] Sibling peer cache not working, ver 3.5.27
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Dec 12 08:54:16 UTC 2019
On 11.12.19 22:04, leonyuuu wrote:
>Thanks Amos for quick response! It helps a lot in understanding the previous
>logs like "forward proxy port not configured", and I adjusted my
>configuration later today to do another test.
>
>However, now the two proxies even doesn't send ICP/HTTP request to each
>other anymore for cache digest and the access.log(see below) shows there are
>only queries on intercepted traffic.
>
><http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377850/access.png>
>
>My new configuration for proxy0:
> http_port 3128
> http_port 9999 intercept
> icp_access allow all
> icp_port 3130
>
> cache_peer 192.168.3.2 sibling 3128 3130
> cache_peer_access 192.168.3.2 allow all
> visible_hostname squid.host.1
>
>Iptables configuration added for proxy0:
> // for inter-proxy trafic
> "iptables -t nat -A PREROUTING -i veth20 --dport 80 -j REDIRECT
>--to-port 3128"
you don't need to and should not redirect inter-proxy traffic from port 80
to 3128.
the sibling proxy explicitly sends HTTP traffic to port 3128.
better remove this rule.
> // for intercepted traffic
> "iptables -t nat -A PREROUTING -i veth12 --dport 80 -j REDIRECT
>--to-port 9999"
>
>With tcpdump(see below) listening on the interface that connects the other
>proxy, I can see there are established tcp connections between two proxies,
>is this traffic for netdb only? I am really wondering what could potentially
>prevent from the Cache Digest being exchanged between siblings.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!
More information about the squid-users
mailing list