On Monday 04 August 2003 07.52, Larry M. Smith wrote:
> I am trying to set up Squid 2.5-STABLE3 as a transparent proxy with
> a Cisco 7204 VXR (running IOS 12.2(6))and am running across a
> maddening problem - works in test network, doesn't work in
> production network.
> will show the redirected packet counter incrementing, access.log is
> logging client accesses, cache.log shows no abnormalities, and
> barely breaking a sweat (squid taking < 1% of CPU), but the clients
> never get pages and eventually time out. Did a sniff of the
Have you instructed your router to not intercept Squid's own traffic?
Same thing in the interception rules on your Squid server? (but if you
disable the interception on the Cisco I don't think this is the
problem..)
> The only difference between the production and test networks (other
> than client load) is the production network is redirecting off of
> atm1/0 while the test network is redirecting off of fa0/0 (and the
> requisite addressing/configuration changes). I don't believe that
> to be cause of the functionality problem as in the production
> network I do see the packets being redirected to Squid.
If you see traffic in access.log then the redirection is working.
If you have enabled interception and then normal proxying does not
work then the interception is intercepting too much, preventing the
proxy itself from doing what it should. Remember that the proxy is
just a HTTP client like any other in the eye of interception rules
and if the proxy uses the same router as your clients then rules is
needed to instruct the router on what to do with the traffic.
A very good test when verifying networing, interception rules etc is
to start by verifying that browsing directly from the proxy server
without using the proxy always works. For this purpose you can use
lynx/wgetor even squidclient (just remember to specify host and port
options to squidclient, or else it assumes you want to ask the
proxy..). If browsing from the proxy server does not work then there
is networking errors and proxying via the same can not work until the
networking errors are corrected.
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon Aug 04 2003 - 01:54:29 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:34 MST