Cascading a proxy with another one.
Hi,
I have my gateway proxy server with ip 195.168.1.1 with port 8080(ACL, Site restriction given), running in Red Hat Linux 3.2.3-20. Now I am with new proxy with ip 195.168.1.254 port 9000 with OS version Red Hat Linux 3.2.3-20. The second proxy will be used for upcountry,
Now i need to cascade 195.168.1.254 port 9000 with 195.168.1.1 with port 8080.Also i am able to browse in te second proxy configuring 195.168.1.1 as proxy server in mozila browser.
Kindly guide to configure in the squid for 195.168.1.254 port 9000 .
I have my gateway proxy server with ip 195.168.1.1 with port 8080(ACL, Site restriction given), running in Red Hat Linux 3.2.3-20. Now I am with new proxy with ip 195.168.1.254 port 9000 with OS version Red Hat Linux 3.2.3-20. The second proxy will be used for upcountry,
Now i need to cascade 195.168.1.254 port 9000 with 195.168.1.1 with port 8080.Also i am able to browse in te second proxy configuring 195.168.1.1 as proxy server in mozila browser.
Kindly guide to configure in the squid for 195.168.1.254 port 9000 .
ASKER
HI,
Thanks . I am a beginner and teh recomendations is not working . Herewith attcahing the model diagram and conf required.
Proxy-Access.jpg
143-squid.doc
Thanks . I am a beginner and teh recomendations is not working . Herewith attcahing the model diagram and conf required.
Proxy-Access.jpg
143-squid.doc
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HI ,
Thanks. Now i have changed my gateway proxy to 192.168.100.1:9000. The above steps have ben followed. Previously when i connected my clients it was giveing error as Acess denieed.
Now it is giving page cannot be displayed.
New-Shot2.jpg
143-versquid.doc
Thanks. Now i have changed my gateway proxy to 192.168.100.1:9000. The above steps have ben followed. Previously when i connected my clients it was giveing error as Acess denieed.
Now it is giving page cannot be displayed.
New-Shot2.jpg
143-versquid.doc
Hi, Spice_Telecom.
the same problem with config, http_port and https_port can't be the same!
Now you are using 9001:
http_port 9001
https_port 9001
but that's incorrect. Use http_port 9000 as in previous config and https_port 9001.
> Previously when i connected my clients it was giveing error as Acess denieed.
That's new info. So if you got Access denied, that's a problem in ACL rules. Every user, that uses 192.168.1.254:9000 as a proxy server will be visible as 192.168.1.1 parent proxy (because of cascading) and real IP address will be hidden, so Wite list and Black list on 192.168.1.1 should consider that HTTP access will be from 192.168.1.254.
Also tell me from what client are you trying to connect (IP address) and to what server?
the same problem with config, http_port and https_port can't be the same!
Now you are using 9001:
http_port 9001
https_port 9001
but that's incorrect. Use http_port 9000 as in previous config and https_port 9001.
> Previously when i connected my clients it was giveing error as Acess denieed.
That's new info. So if you got Access denied, that's a problem in ACL rules. Every user, that uses 192.168.1.254:9000 as a proxy server will be visible as 192.168.1.1 parent proxy (because of cascading) and real IP address will be hidden, so Wite list and Black list on 192.168.1.1 should consider that HTTP access will be from 192.168.1.254.
Also tell me from what client are you trying to connect (IP address) and to what server?
ASKER
hi i am getting error as stated below
[root@SSP-VM squid]# /etc/init.d/squid reload
2008/07/16 20:01:35| squid.conf line 12: reply_body_max_size 0
2008/07/16 20:01:35| aclParseAccessLine: missing 'allow' or 'deny'.
squid: ERROR: No running copy
[root@SSP-VM squid]# /etc/init.d/squid reload
2008/07/16 20:01:35| squid.conf line 12: reply_body_max_size 0
2008/07/16 20:01:35| aclParseAccessLine: missing 'allow' or 'deny'.
squid: ERROR: No running copy
In a config you have sent in 1st post there is a line:
reply_body_max_size 0 allow all
Probably in most recent config you have no 'allow all', check it.
reply_body_max_size 0 allow all
Probably in most recent config you have no 'allow all', check it.
Do you need to configure 192.168.1.254 to use 1.1 or vice versa?
Read squid.conf file and find a cache_peer option. I recommend you to enable ICP protocol for inter-cache communication. If you can't use it:
"To have a non-ICP neighbor
# specify '7' for the ICP port and make sure the
# neighbor machine has the UDP echo port
# enabled in its /etc/inetd.conf file.
"
On down most (I guess it's a 1.254) proxy use the following squid.conf options on it:
http_port 9000
...[skipped]...
cache_peer 195.168.1.1 8080 7 [default]
If it is 1.1, use :
http_port 8080
cache_peer 195.168.1.254 9000 7 [default]