From owner-freebsd-isp Tue Jul 18 22:30:41 2000 Delivered-To: freebsd-isp@freebsd.org Received: from picalon.gun.de (picalon.gun.de [192.109.159.1]) by hub.freebsd.org (Postfix) with ESMTP id EABF037BCDB for ; Tue, 18 Jul 2000 22:30:36 -0700 (PDT) (envelope-from andreas@klemm.gtn.com) Received: (from uucp@localhost) by picalon.gun.de (8.9.3/8.9.3) id HAA24055; Wed, 19 Jul 2000 07:30:18 +0200 (MET DST) >Received: (from andreas@localhost) by klemm.gtn.com (8.9.3/8.9.3) id HAA78260; Wed, 19 Jul 2000 07:29:54 +0200 (CEST) (envelope-from andreas) Date: Wed, 19 Jul 2000 07:29:54 +0200 From: Andreas Klemm To: tim@iafrica.com.na Cc: andreas.klemm.ak@bayer-ag.de, "freebsd-isp@freebsd.org" Subject: Re: squid caching proxy behind a firewall ... Message-ID: <20000719072954.A77973@titan.klemm.gtn.com> References: <0006800027735676000002L062*@MHS> <39749AFA.7F8111DD@polytechnic.edu.na> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <39749AFA.7F8111DD@polytechnic.edu.na>; from tim@polytechnic.edu.na on Tue, Jul 18, 2000 at 06:59:22PM +0100 X-Operating-System: FreeBSD 4.1-RC SMP X-Disclaimer: A free society is one where it is safe to be unpopular Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jul 18, 2000 at 06:59:22PM +0100, Tim Priebe wrote: > I do not have the configs in front of me, but basically you can > configure it with the option noquery for the parent, ie the "real proxy > server", and then deny all direct accesses. The standard config file > explains each. I used yesterday (before giving up temporarily and writing to the list ;-): cache_peer FQDNofCompanyProxy parent 80 7 no-query "7" for disabling ICP: # icp_port: Used for querying neighbor caches about # objects. To have a non-ICP neighbor # specify '7' for the ICP port and make sure the # neighbor machine has the UDP echo port # enabled in its /etc/inetd.conf file. no query for: # use 'no-query' to NOT send ICP queries to this # neighbor. Well then I configured netscape to use my local squid cache on port 3128 and I get problems in name resolving .... Squid usually tries to resolve names into addresses and _then_ it asks its parent and neighbor caches. Since I'm in the intranet and doesn't have access to the outside DNS server I have a problem here ... You are a bit unspecific (sorry) concerning "then deny all direct accesses". Direct accesses to what ??? Is is the part, where you think of solving this DNS request ??? I never tweaked this parameter and would be glad if you could name it explicitely so to give me a more specific hint ! Thanks a lot Andreas /// but squid tried to resolv -- Andreas Klemm http://people.FreeBSD.ORG/~andreas http://www.freebsd.org/~fsmp/SMP/SMP.html powered by Symmetric MultiProcessor FreeBSD New APSFILTER 542 and songs from our band - http://people.freebsd.org/~andreas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message