Date: Wed, 19 Jul 2000 18:00:00 +0100 From: Tim Priebe <tim@polytechnic.edu.na> To: Andreas Klemm <andreas@klemm.gtn.com> Cc: andreas.klemm.ak@bayer-ag.de, "freebsd-isp@freebsd.org" <freebsd-isp@FreeBSD.ORG> Subject: Re: squid caching proxy behind a firewall ... Message-ID: <3975DE90.F67BB581@polytechnic.edu.na> References: <0006800027735676000002L062*@MHS> <39749AFA.7F8111DD@polytechnic.edu.na> <20000719072954.A77973@titan.klemm.gtn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andreas Klemm wrote: > > On Tue, Jul 18, 2000 at 06:59:22PM +0100, Tim Priebe wrote: > > I do not have the configs in front of me, but basically you can > > configure it with the option noquery for the parent, ie the "real proxy > > server", and then deny all direct accesses. The standard config file > > explains each. > > I used yesterday (before giving up temporarily and writing to the list ;-): > > cache_peer FQDNofCompanyProxy parent 80 7 no-query For the systems I am doing this sort of thing on I have: cache_peer hostname parent 3128 3130 no-query default > "7" for disabling ICP: > # icp_port: Used for querying neighbor caches about > # objects. To have a non-ICP neighbor > # specify '7' for the ICP port and make sure the > # neighbor machine has the UDP echo port > # enabled in its /etc/inetd.conf file. > > no query for: > # use 'no-query' to NOT send ICP queries to this > # neighbor. > > Well then I configured netscape to use my local squid cache > on port 3128 and I get problems in name resolving .... can you resolve the name of the parent? > Squid usually tries to resolve names into addresses and _then_ > it asks its parent and neighbor caches. > > Since I'm in the intranet and doesn't have access to the outside > DNS server I have a problem here ... > > You are a bit unspecific (sorry) concerning "then deny all direct accesses". > Direct accesses to what ??? Is is the part, where you think of solving this > DNS request ??? I never tweaked this parameter and would be glad if you > could name it explicitely so to give me a more specific hint ! I did not remember the exact name, the setting I use is: never_direct allow all where all is a standard acl. This causes the proxy to always use its parent. It should not try to resolve names that it is not going to get data from directly. If I am mistaken, please let me know. Tim. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3975DE90.F67BB581>