how to route www traffic from a squid box to another

ITDataCenter
ITDataCenter used Ask the Experts™
on
Hello Expert,
I have just installed a squid3+dansguardian with Ubuntu 9. My project is to remove a MS ISA 2004 server and move the caching-proxy services to this new ubuntu-squid machine.

how can i temporarely route the www traffic made by this new squid box to another proxy? in this staging I do not have corporate firewall ports open for the new squid server so I would first have a proxy chaning than move it as normal. (if works ;))

staging:
new squid > proxy chain > firewall > internet
future:
new squid > firewall > internet


Thanks all,
ciao
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2005

Commented:
cache_peer ms-isa parent 8080 7 no-query
cache_peer_access ms-isa allow all
never_direct allow all

Author

Commented:
Thanks Ravenpl,
i believe these lines have to be added into the squid.config file, right?
that's it? where do I specify what is the up level proxy name or ip? I apologize, i'm a newbie in the linux world.
thanks!
Top Expert 2005

Commented:
> cache_peer ms-isa parent 8080 7 no-query
the ms-isa is the name of the parent proxy server, 8080 is the port it is listening for proxy requests. "7 no-query" means don't ask the parent proxy for co-operation (with icp queries).
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
I added the following lines into squid.config but I get an error message, any idea?
#Recommended minimum configuration:
cache_peer proxyname.mydomain.org parent 80 7 no-query
cache_peer_access proxyname.mydomain.org allow all
never_direct allow all

2009/07/20 20:18:06| ACL name 'all' not defined!
FATAL: Bungled squid.conf line 602: cache_peer_access proxyname.mydomain.org allow all
Squid Cache (Version 2.7.STABLE3): Terminated abnormally.
Top Expert 2005
Commented:
1. try adding at the end of squid.conf file
2. instead of "all" use locallans

#catch all 192.168. and 10.
acl locallan1 src 192.168.0.0/255.255.0.0
acl locallan2 src 10.0.0.0/255.0.0.0
cache_peer proxyname.mydomain.org parent 80 7 no-query
cache_peer_access proxyname.mydomain.org allow locallan1
never_direct allow locallan1
cache_peer_access proxyname.mydomain.org allow locallan2
never_direct allow locallan2

Author

Commented:
2009/07/20 21:26:09| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '10.88.196.0-10.88.197.254/255.255.254.0'
i moved the lines to the end of the config file
when i start up squid i get this error message:

2009/07/20 21:26:09| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '129.100.16.0-129.100.19.254/255.255.252.0'
2009/07/20 21:26:09| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '10.88.196.0-10.88.197.254/255.255.254.0'
2009/07/20 21:26:09| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '129.100.16.0-129.100.19.254/255.255.252.0'

Top Expert 2005

Commented:
What exactly have You put into the config?
Those two ACLs I provided were just examples (though it may work anyway). The idea was to put there all local IPs.

Author

Commented:

yesss ! it works!!!  I replaced the subnet mask with the subnet bit, instead of 255.255.252.0 i used /22 and the error has gone. Squid is now cascading to the other proxy.

Thanks again for your assistance, you are a GREAT Expert ;)

Ciao

Author

Commented:

if a error message appears just replace the subnet mask with its subnet bit. i.e. /255.255.255.0  = /22

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial