[squid-users] Setting up proxy with private to public

Chris Bidwell - NOAA Federal chris.bidwell at noaa.gov
Wed Apr 15 13:08:36 UTC 2020


Sure thing.

On Tue, Apr 14, 2020 at 8:32 AM Antony Stone <
Antony.Stone at squid.open.source.it> wrote:

> On Tuesday 14 April 2020 at 16:03:19, Chris Bidwell - NOAA Federal wrote:
>
> > Okay, so I think I'm starting to get somewhere but the connection isn't
> > completing. I can see the connection come through my firewall, but the
> > handshake doesn't appear to be happening.
>
> Tell us more about your network setup.  Is the firewall between the
> clients and
> Squid, between Squid and the Internet, or do you have both?
>

There is a firewall between my internal clients and squid.  There is a
firewall rule allowing tcp/8080 from my clients to the squid server.  And
from the squid server, it is allowed to the internet.

>
> Can you do a simple Ping test from a client machine to the Squid server
> (and
> get replies)?
>
> Can you do the same from the Squid server to some Internet-based web
> server
> (making sure it's one which replies to pings - some machines are badly
> configured and don't do this).
>
> > My squid access log is saying:  TCP_MISS/503.
>
> I'm sure it says a lot more than that, but at least it's an indication
> that
> your client is getting the request through to Squid okay.
>

Here is the full output of my access.log:
1586873819.383      0 192.168.226.241 TAG_NONE/409 4108 CONNECT
www.nginx.com:443 - HIER_NONE/- text/html

>
> Assuming the Ping test from Squid to an Internet web server works, what
> happens if you try wget, lynx, curl or even telnet to port 80, from the
> Squid
> server to some external web server?  Does it indicate that the Squid
> server
> has "Internet access"?
>
>
> Antony.
>

So after looking further.  It looks like when I'm trying to wget from my
squid server, which has the two nics (internal and public), it's trying to
send it through the internal
connection.  It doesn't seem to want to route through the external nic.

>
> --
> Programming is a Dark Art, and it will always be. The programmer is
> fighting against the two most destructive forces in the universe:
> entropy and human stupidity. They're not things you can always
> overcome with a "methodology" or on a schedule.
>
>  - Damian Conway, Perl God
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200415/2c343053/attachment.html>


More information about the squid-users mailing list