Solved

Cascading a proxy with another one.

Posted on 2008-06-25
10
1,937 Views
Last Modified: 2013-12-16
Hi,
I have my gateway proxy server with ip 195.168.1.1 with port 8080(ACL, Site restriction given), running in Red Hat Linux 3.2.3-20. Now I am with  new proxy with ip 195.168.1.254 port 9000 with OS version Red Hat Linux 3.2.3-20. The second proxy will be used for upcountry,
Now i need to cascade 195.168.1.254 port 9000 with 195.168.1.1 with port 8080.Also i am able to browse in te second proxy configuring 195.168.1.1 as proxy server in mozila browser.
Kindly guide to configure in the squid for 195.168.1.254 port 9000 .
0
Comment
Question by:Spice_Telecom
  • 4
  • 3
10 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 21896130
> Now i need to cascade 195.168.1.254 port 9000 with 195.168.1.1 with port 8080

Do you need to configure 192.168.1.254 to use 1.1 or vice versa?

Read squid.conf file and find a cache_peer option. I recommend you to enable ICP protocol for inter-cache communication. If you can't use it:
"To have a non-ICP neighbor
#                    specify '7' for the ICP port and make sure the
#                    neighbor machine has the UDP echo port
#                    enabled in its /etc/inetd.conf file.
"

On down most (I guess it's a 1.254) proxy use the following squid.conf options on it:

http_port 9000
...[skipped]...
cache_peer 195.168.1.1 8080 7 [default]

If it is 1.1, use :
http_port 8080
cache_peer 195.168.1.254 9000 7 [default]



0
 

Author Comment

by:Spice_Telecom
ID: 21907417
HI,
Thanks . I am a beginner and teh recomendations is not working . Herewith attcahing the model diagram and conf required.


Proxy-Access.jpg
143-squid.doc
0
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 21912585
You are using incorrect address/mask for internal network, 195.168.x.x is a legal Internet IP address space, so your clients can't access these IPs, you are warned.

1) HTTP port and HTTPS ports can't be the same:

http_port 9000
https_port 9000

fix your config like:
http_port 9000
https_port 9443

2) Not right:
cache_peer 195.168.1.1 parent 8080 0 default no-query

change to:
cache_peer 195.168.1.1 parent 8080 7 default no-query
#        icp_port:  Used for querying neighbor caches about
#                 objects.  To have a non-ICP neighbor
#                 specify '7' for the ICP port and make sure the
#                 neighbor machine has the UDP echo port
#                 enabled in its /etc/inetd.conf file.

Also open UDP port 7 (echo) on 195.168.1.1, uncomment:
/etc/inetd.conf:
#echo   dgram   udp     wait    root    internal
and restart inetd. Also open firewall rules for that port.

If you have some specific errors, please specify them also.
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 

Author Comment

by:Spice_Telecom
ID: 21923049
HI ,
Thanks. Now i have changed my gateway proxy to 192.168.100.1:9000. The above steps have ben followed. Previously when i connected my clients it was giveing error as Acess denieed.

Now it is giving page cannot be displayed.


New-Shot2.jpg
143-versquid.doc
0
 
LVL 27

Expert Comment

by:Nopius
ID: 21925128
Hi, Spice_Telecom.

the same problem with config, http_port and https_port can't be the same!

Now you are using 9001:
http_port 9001
https_port 9001

but that's incorrect. Use http_port 9000 as in previous config and https_port 9001.

> Previously when i connected my clients it was giveing error as Acess denieed.

That's new info. So if you got Access denied, that's a problem  in ACL rules. Every user, that uses 192.168.1.254:9000 as a proxy server will be visible as 192.168.1.1 parent proxy (because of cascading) and real IP address will be hidden, so Wite list and Black list on 192.168.1.1 should consider that HTTP access will be from 192.168.1.254.

Also tell me from what client are you trying to connect (IP address) and to what server?

0
 

Author Comment

by:Spice_Telecom
ID: 22016279
hi i am getting error as stated below

[root@SSP-VM squid]# /etc/init.d/squid reload
2008/07/16 20:01:35| squid.conf line 12: reply_body_max_size 0
2008/07/16 20:01:35| aclParseAccessLine: missing 'allow' or 'deny'.
squid: ERROR: No running copy
0
 
LVL 27

Expert Comment

by:Nopius
ID: 22020820
In a config you have sent in 1st post there is a line:

reply_body_max_size 0 allow all


Probably in most recent config you have no 'allow all', check it.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
docker invalid registry name 2 106
Linux Mint 18 31 76
nagios 1 21
Choosing CentOS 16 50
This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now