it would be nice if you could paste some of the
access.log file or cache.log file here. Somethin must
be wrong between firewall and squid.
Regards,
Chee Chun
--- Brian Schonecker <Brian.Schonecker@Xtek.com>
wrote:
> I've got a squid cache server running on my firewall
> and I have transparent proxying working.
>
> I've got all my clients set up _without_ an entry in
> the proxy server and I have an iptables PREROUTING
> rule set up to force forwarded HTTP requests to port
> 8080 on my firewall/gateway/squid server. That
> works just fine.
>
> Squid, however doesn't seem to cache any
> data...specifically Microsoft updates. I've got
> about 200 PCs going through this server and the
> requests to MS update site are saturating my gateway
> to the internet.
>
> If I force the clients to use the proxy via Tools,
> Internet Options, etc then caching DOES occurr.
> However, I have so many mobile users that setting
> the proxy manually in IE isn't feasable (because
> that setting won't be valid when they leave my
> company).
>
> Should I even expect transparent proxying to behave
> in the way that I want?
>
> Thanks, Brian
>
>
>
> iptables -t nat-A PREROUTING -i eth0 -p tcp -m tcp
> --dport 80 -j REDIRECT --to-ports 8080
>
>
> /etc/squid/squid.conf:
>
> acl BLOCK url_regex "/usr/local/squid/block.acl"
> acl CONNECT method CONNECT
> acl QUERY urlpath_regex cgi-bin \?
> acl SSL_ports port 443 563
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl manager proto cache_object
> acl unknown src 192.168.209.0/255.255.255.0
> cache_dir ufs /usr/local/squid 1000 16 256
> hierarchy_stoplist cgi-bin ?
> http_access allow localhost
> http_access allow manager localhost
> http_access allow shop
> http_access allow unknown
> http_access allow upstairs
> http_access allow wireless
> http_access allow xtek
> http_access deny !Safe_ports
> http_access deny BLOCK
> http_access deny CONNECT !SSL_ports
> http_access deny all
> http_access deny manager
> http_port 192.168.202.254:8080
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_uses_host_header on
> httpd_accel_with_proxy on
> icp_access allow all
> log_fqdn on
> maximum_object_size 60240 KB
> mime_table /usr/share/squid/mime.conf
> no_cache deny QUERY
>
>
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Sun Aug 14 2005 - 22:47:55 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT