From owner-freebsd-isp Wed Jul 19 9:58:47 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.polytechnic.edu.na (mail.polytechnic.edu.na [196.31.225.2]) by hub.freebsd.org (Postfix) with ESMTP id 8470137BE14 for ; Wed, 19 Jul 2000 09:58:35 -0700 (PDT) (envelope-from tim@polytechnic.edu.na) Received: from ns1.horizon.na ([196.31.225.199] helo=polytechnic.edu.na) by mail.polytechnic.edu.na with esmtp (Exim 3.02 #2) id 13Ez44-00043s-00; Wed, 19 Jul 2000 16:59:28 -0200 Message-ID: <3975DE90.F67BB581@polytechnic.edu.na> Date: Wed, 19 Jul 2000 18:00:00 +0100 From: Tim Priebe Reply-To: tim@iafrica.com.na X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Andreas Klemm Cc: andreas.klemm.ak@bayer-ag.de, "freebsd-isp@freebsd.org" Subject: Re: squid caching proxy behind a firewall ... References: <0006800027735676000002L062*@MHS> <39749AFA.7F8111DD@polytechnic.edu.na> <20000719072954.A77973@titan.klemm.gtn.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andreas Klemm wrote: > > On Tue, Jul 18, 2000 at 06:59:22PM +0100, Tim Priebe wrote: > > I do not have the configs in front of me, but basically you can > > configure it with the option noquery for the parent, ie the "real proxy > > server", and then deny all direct accesses. The standard config file > > explains each. > > I used yesterday (before giving up temporarily and writing to the list ;-): > > cache_peer FQDNofCompanyProxy parent 80 7 no-query For the systems I am doing this sort of thing on I have: cache_peer hostname parent 3128 3130 no-query default > "7" for disabling ICP: > # icp_port: Used for querying neighbor caches about > # objects. To have a non-ICP neighbor > # specify '7' for the ICP port and make sure the > # neighbor machine has the UDP echo port > # enabled in its /etc/inetd.conf file. > > no query for: > # use 'no-query' to NOT send ICP queries to this > # neighbor. > > Well then I configured netscape to use my local squid cache > on port 3128 and I get problems in name resolving .... can you resolve the name of the parent? > Squid usually tries to resolve names into addresses and _then_ > it asks its parent and neighbor caches. > > Since I'm in the intranet and doesn't have access to the outside > DNS server I have a problem here ... > > You are a bit unspecific (sorry) concerning "then deny all direct accesses". > Direct accesses to what ??? Is is the part, where you think of solving this > DNS request ??? I never tweaked this parameter and would be glad if you > could name it explicitely so to give me a more specific hint ! I did not remember the exact name, the setting I use is: never_direct allow all where all is a standard acl. This causes the proxy to always use its parent. It should not try to resolve names that it is not going to get data from directly. If I am mistaken, please let me know. Tim. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message