[squid-users] Problems getting squid to cache objects

Hi everybody!

I am having serious trouble getting squid to work as a transparent
(intercepting?) cache

We use a Cabletron SmartSwitch 2000 router to intercept http-traffic going
out from our
network and redirect it to the squid.
Machine running squid has 2 interfaces where eth0 has a public adress (used
for recieving
requests from router) eth1 is on a local network, only used for
administrative actions

Router redirects to port 80 (eth0)
Ipchains is supposed to redirect from 80 to 3128 (squid)
And then the squid is supposed to do it´s job but nothing gets cahced

When i kill squid browsing doesn´t work
When squid is running browsing works but nothing gets cahed
When i use squid ip/port as proxy settings in my webbrowser everything is
working fine, even caching

I am at a loss, what is wrong?

I have included some of the configs i use and result from ipchains --list
(possibly sensitive information is excluded and written as [IP-adress])

Please Help Me.... I am going NUTS!

Andreas Lidberg

############################################################################
##############
        My setup of ipchains
############################################################################
##############
#/bin/sh

# rc.firewall Linux kernel firewalling rules
# Leon Brooks (leon at brooks dot fdns dot net)

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_always_defrag

FW=/sbin/ipchains
ADD="$FW -A"

# Flush rules, for testing purposes
for i in input output forward # A # If we enabled accounting too
    do
        ${FW} -F $i
    done

# Default policies:
    ${FW} -P input REJECT # Incoming policy: reject (quick error)
    ${FW} -P output ACCEPT # Output policy: accept
    ${FW} -P forward DENY # Forwarding policy: deny

# Input Rules:
# Redirect to Squid proxy server:
    ${ADD} input -p tcp -d 0/0 80 -i eth0 -j REDIRECT 3128
# Allow comm to and from DNS
    ${ADD} input -p all -s [DNS-IP] -d 0/0 -i eth0 -j ACCEPT
    ${ADD} input -p all -s [DNS-IP] -d 0/0 -i eth0 -j ACCEPT
# Allow ping from Router
    ${ADD} input -p icmp -s [Redirecting Router Interface] -i eth0 -j ACCEPT
# Loopback-interface (local access, eg, to local nameserver):
    ${ADD} input -j ACCEPT -s localhost/32 -d localhost/32

# Accept packets from local network:
# $FW -A input -j ACCEPT -s [local network]/24 -d [proxy local IP]/24 -i
eth1
    ${ADD} input -i eth1 -j ACCEPT

############################################################################
##############
        ipchains --list --line-numbers -v
############################################################################
##############

Chain input (policy REJECT: 4394 packets, 600391 bytes):
num pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
1 0 0 REDIRECT tcp ------ 0xFF 0x00 eth0
anywhere anywhere any -> www => squid
2 3 593 ACCEPT all ------ 0xFF 0x00 eth0
dns1.hinet.nu anywhere n/a
3 0 0 ACCEPT all ------ 0xFF 0x00 eth0
dns2.hinet.nu anywhere n/a
4 1 64 ACCEPT icmp ------ 0xFF 0x00 eth0
gw-hinet-020.halmstadinternet.se anywhere any -> any
5 0 0 ACCEPT all ------ 0xFF 0x00 any
squid.halmstadinternet.se squid.halmstadinternet.se n/a
6 1633 142K ACCEPT all ------ 0xFF 0x00 eth1
anywhere anywhere n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
Chain output (policy ACCEPT: 29318 packets, 15638230 bytes):

############################################################################
##############
        My Squid.conf
############################################################################
##############

# NETWORK OPTIONS
# --------------------------------------------------------------------------

---
http_port 3128
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# --------------------------------------------------------------------------
---
# OPTIONS WHICH AFFECT THE CACHE SIZE
# --------------------------------------------------------------------------
---
cache_mem  16 MB
cache_swap_low  90
cache_swap_high 95
maximum_object_size 32768 KB
minimum_object_size 0 KB
ipcache_size 1024
ipcache_low  90
ipcache_high 95
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# --------------------------------------------------------------------------
---
cache_dir ufs /squid/cache 1024 16 256
cache_access_log /squid/logs/access.log
cache_log /squid/logs/cache.log
cache_store_log /squid/logs/store.log
cache_swap_log /squid/logs/cache_swap_log
mime_table /squid/program/etc/mime.conf
log_mime_hdrs off
pid_filename /squid/logs/squid.pid
debug_options ALL,2
log_fqdn off
client_netmask 255.255.255.255
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# --------------------------------------------------------------------------
---
# OPTIONS FOR TUNING THE CACHE
# --------------------------------------------------------------------------
---
#Default:
refresh_pattern         ^ftp:           1440    20%     10080
refresh_pattern         ^gopher:        1440    0%      1440
refresh_pattern         .               0       20%     4320
# TIMEOUTS
# --------------------------------------------------------------------------
---
# ACCESS CONTROLS
# --------------------------------------------------------------------------
---
#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow all
icp_access allow all
miss_access allow all
# ADMINISTRATIVE PARAMETERS
# --------------------------------------------------------------------------
---
cache_mgr [SomeMailadress@our.domain]
cache_effective_user nobody
cache_effective_group nobody
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# --------------------------------------------------------------------------
---
# HTTPD-ACCELERATOR OPTIONS
# --------------------------------------------------------------------------
---
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# MISCELLANEOUS
# --------------------------------------------------------------------------
---
dns_testnames netscape.com internic.net nlanr.net microsoft.com
acl FTP proto FTP
always_direct allow FTP
############################################################################
##############
	cache.log (last restart)
############################################################################
##############
2001/04/20 09:15:32| Restarting Squid Cache (version 2.4.STABLE1)...
2001/04/20 09:15:32| FD 11 Closing HTTP connection
2001/04/20 09:15:32| FD 12 Closing ICP connection
2001/04/20 09:15:32| Cache dir '/squid/cache' size remains unchanged at
1048576 KB
2001/04/20 09:15:32| DNS Socket created on FD 4
2001/04/20 09:15:32| Adding nameserver 212.112.42.66 from /etc/resolv.conf
2001/04/20 09:15:32| Adding nameserver 212.112.42.67 from /etc/resolv.conf
2001/04/20 09:15:32| Accepting HTTP connections at 0.0.0.0, port 3128, FD 8.
2001/04/20 09:15:32| Accepting ICP messages at 0.0.0.0, port 3130, FD 10.
2001/04/20 09:15:32| WCCP Disabled.
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '596'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '521'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '516'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '504'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '492'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '535'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '520'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '542'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '543'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '534'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '528'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '543'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '523'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '525'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '523'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '531'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '521'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '535'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '525'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '536'
2001/04/20 09:15:32| storeCreate: Selected dir '0' for obj size '560'
2001/04/20 09:15:32| Loaded Icons.
2001/04/20 09:15:32| Ready to serve requests.