[squid-users] Sibling peer cache not working, ver 3.5.27
Amos Jeffries
squid3 at treenet.co.nz
Wed Dec 11 12:59:03 UTC 2019
On 11/12/19 5:47 pm, leonyuuu wrote:
> For cache digest requests between two interception squid proxies, it will
> actually display "forward loop detection" in the cache.log and the last Via
> host for that query(cache-digest-db) is itself. So is it also the root cause
> why the cache-miss forwarding between two proxies is not working?
You have set the "intercept" option on your proxies port 3128 line.
You have used port 3128 as the port the two proxies are communicating
with each other. This requires an explicit/forward proxy port.
I suggest leave port 3128 for the normal proxying traffic and move the
intercept and NAT rules to a randomly selected other port number. This
other port *must not* be able to receive traffic directly, only the
machines NAT system and Squid may use it.
> Since the
> proxy1 actually never knows the cache digest content of proxy0.
>
> Another question, why the interception squid proxy will append itself onto
> the Via field of request?
To allow detection and debug analysis of exactly the mistake you have
made. That is the purpose of Via.
> It actually forward the request by iptables
> PREROUTING phase, which is before the packet is accepted by the squid
> program.
>
That idea is wrong. The digest exchange is between two proxies, which
know about each other - you configured the details of how they
communicate in cache_peer config lines.
Amos
More information about the squid-users
mailing list