Greetings,
If anyone has any suggestions on my curious problem I'd be very
grateful to receive them!
I am presently using Squid/2.2.STABLE on RedHat 6.0 with great
success - until I started playing with a firewall using iptables.
In short, I have a Windows NT workstation machine running
(you'll love this) MS Personal Web server. This psuedo-web server dishes
out a mirror copy of my county's Intranet to my local LAN.
This workstation has a non-routable name (in this case
"jamescity") the IP of which is entered in all of the WIN9X "hosts" files
so they know where to go. Clients have historically had no trouble
whatsoever getting to the intranet server as long as their hosts file was
present and had the right address in it.
I've placed this machine behind a RedHat 7.1 iptables firewall
which now has the old NT Workstations IP address and the appropriate
forwarding statements for port 80.
Works like a champ for machines going directly to that server's
old IP. Forwarding works good, all links on the server are accessible.
But, when I try to access the machine via Squid (from clients
that are either behind the firewall or have true routable IP addresses) I
get the "(113) No route to Host" error.
On most clients (again, either behind or in front of the firewall)
the initial (uppermost) page seems to come up fine, and *some* links
pointing to the intranet server do too, but others - all of which have the
same domain pointer - get the 113 error.
Maybe some are already cached and some aren't - don't know.
I've examined the squid logs and when the timeouts occur there are
no statements in either access.log or cache.log that indicate a problem.
Here's an example:
994617333.207 11 209.96.177.236 TCP_HIT/200 14073 GET http://jamescity/ - NONE/- text/html
994617333.776 566 209.96.177.236 TCP_HIT/200 36034 GET http://jamescity/jccanet.jpg - NONE/- image/jpeg
994617460.489 98992 209.96.177.236 TCP_MISS/503 1061 GET http://jamescity/VirtualWater/Ship'sLog/Ship'sLogHomepage.htm -
DIRECT/jamescity -
That last entry is the one that timed out. There was nothing in
the cache log at all about this.
I tried inserting an always_direct statement like so:
acl local-servers dst 209.96.177.236
always_direct allow local-servers
But that doesn't seem to help.
Many thanks in advance for any help anybody has the time to offer.
Brett Charbeneau, Network Administrator Tel: 757-259-7750
Williamsburg Regional Library FAX: 757-259-7798
7770 Croaker Road brett@wrl.org
Williamsburg, VA 23188-7064 http://www.wrl.org
Received on Sun Jul 08 2001 - 12:49:56 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:02 MST