[squid-users] proxy server chained to another proxy server from Bill Shannon on 2008-03-03 (squid-users)

From: Bill Shannon <bill.shannon@dont-contact.us>
Date: Mon, 03 Mar 2008 11:29:42 -0800

I'm trying to set up a proxy server on my home machine (nissan) that
forwards *all* requests over a VPN connection to a proxy server
(webcache.sfbay.sun.com, *not* running squid) on Sun's internal network
(SWAN). Here's the changes to squid.conf that I've made:

589a590
> acl localnet src 192.168.1.0/255.255.255.0
633a635
> http_access allow localnet
939c941
< http_port 3128

---
> http_port 8180
1500a1503
> cache_peer webcache.sfbay.sun.com parent 8080 7 no-query
2974a2978
> cache_mgr     shannon
3017a3022
> cache_effective_group nobody
3033a3039
> visible_hostname      nissan.home.sfbay.sun.com
4071a4078
> #never_direct allow all
4219a4227
> dns_testnames localhost
I've tried adding "default" to the cache_perr line, but it makes
no difference.
My /etc/resolv.conf is (these are all Sun-internal DNS servers):
domain sfbay.sun.com
search sun.com sfbay.sun.com
nameserver 129.146.11.51
nameserver 129.145.155.226
nameserver 129.147.62.34
I'm running into these problems:
1. My home machine uses Sun's internal sfbay DNS servers when connected via
VPN, but these DNS servers can't resolve internet host names, thus my
dns_testnames change.  But really, I don't understand why it needs to resolve
*any* hostnames if I set it up to proxy everything.  Is there no way to
disable DNS lookups entirely?
2. I think the never_direct entry above should cause it to proxy everything
to the parent proxy server, is that correct?   With that line enabled, all
my requests time out.  With that line disabled, it can at least proxy for
requests on SWAN.
3. Probably related to the above problems, with never_direct commented out,
requests to (e.g.) sunweb.central fail, but requests to sunweb.central.sun.com
work.  DNS lookups from my home machine *do* resolve "sunweb.central".
4. Even when things are more or less working, it's darn slow.  The first
request seems to take forever to respond, and subsequent requests aren't
much better.  It took minutes to display the sunweb.central page.
Any idea what I'm doing wrong?
I'm using squid-2.6.STABLE16 on Solaris 10, which is part of Sun's
"Cool Stack" download.  http://cooltools.sunsource.net/coolstack/
Note that I am also running a version of the Netscape proxy server on my
home machine and it's able to handle this networking configuration just
fine.
Thanks for your help!

Received on Mon Mar 03 2008 - 12:37:31 MST

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:04 MDT