[squid-users] cache peer problem with two squid one Tproxy --->normal Porxy
Ahmed Allzaeem
ahmed.zaeem at netstream.ps
Thu Nov 13 00:02:09 UTC 2014
Thanks amos
I have added option notproxy on the tproxy one
It became :
cache_peer 77.221.104.97 parent 3127 0 no-tproxy
also I changed hostnames in /etc.hosts for both servers and added visible hostname squid for both
now on the normal proxy I can see the logs access
but still not traffic
it give me access denied from the parent proxy ?!!
any help ?
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Amos Jeffries
Sent: Wednesday, November 12, 2014 5:38 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] cache peer problem with two squid one Tproxy --->normal Porxy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 13/11/2014 11:55 a.m., Ahmed Allzaeem wrote:
> Hi all
>
> I have two proxies
>
>
>
> 1(tproxy) and configured it to get from another normal proxy
>
> So , my topology is as below
>
>
>
>
>
> Tproxy- listen on 6000------------------->normal proxy listen 3127
>
>
>
> The problem is done on the normal proxy , I sont see hit or access
> logs but I can see logs as below :
>
>
>
>
>
> 2014/11/12 15:17:25 kid1| WARNING: Forwarding loop detected for:
>
> GET /favicon.ico HTTP/1.1
>
> Host: 108.61.172.74
>
> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0)
> Gecko/20100101 Firefox/33.0
>
> Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>
> Accept-Language: en-US,en;q=0.5
>
> Accept-Encoding: gzip, deflate
>
> Via: 1.1 localhost.localdomain (squid/3.4.3)
Problem #1: The *public* domain name for your proxy is apparently "localhost".
Any traffic it receives from any other proxy calling itself or resolving to the domain "localhost" will die horribly.
Since Squid claims a forwarding loop I guess your proxies are either both configured to call themselves "localhost", or possibly there really is a forwarding loop. You wont be able to know for sure until you fix the proxy servers hostname.
>
> As we see , the request reach from the tproxy to the normal proxy ,
> but not processed well @ the normal proxy.
>
> Here are config file for the tproxy for the cache peer :
>
> cache_peer xxxxxx parent 3127 0 default
>
Problem #2:
Your cache_peer directive is missing the no-tproxy option.
As a result the tproxy Squid is sending TCP packets to the peer using the client address as src-IP.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUY2LBAAoJELJo5wb/XPRj3A0H/1oXy6AGSF1jCMa5nI4dptNn
6nuWV2t4c3NbMhFo2JzkhXQiSFjpZX+/UH7yxm5aMuU90jLC4bpXD7hfbhMUyl6P
2nHOrDu2iK/pwMUAFg6fBJEUYsVzb032FEI0FHk2HySEDEmj/Svk1MB6/RVG8D5P
flNFIyzQ5x/RBuRiVHqwnq1o0KSBf8NQAWRteSWVLr7vNnYTi5xRWdjkJEall7nc
2fV3ye6UUm6vwJFjyAXhqsi808D1nvnvGcnBzecl04ZuD5n4Xb2g0BbmfPR/Rh1O
s/kjpzx25VlMFUQz/nyHOwCDRN9egRiAFstwKlSoGcmodtJbej4QrKXnRPIRhq8=
=lMrh
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list