WG: [SQU] Squid behind firewall - DNS Problem

From: Stolle, Martin <[email protected]>
Date: Fri, 15 Dec 2000 16:41:53 +0100

-----Urspr�ngliche Nachricht-----
Von: Stolle, Martin
Gesendet: Freitag, 15. Dezember 2000 16:41
An: 'Magnus Ullberg'
Betreff: AW: [SQU] Squid behind firewall - DNS Problem
Wichtigkeit: Hoch

Try to start squid with

/usr/sbin/squid -sYD

which will prevent the reverse name lookup.

This is the reason, why this problem didn't happen with my squid.

When I removed -sYD, the reverse name lookup also happened on my squid.

Yours,

Martin Stolle
Administrator
KIV in Hessen

-----Urspr�ngliche Nachricht-----
Von: Magnus Ullberg [mailto:UllbergM@abcbank.com]
Gesendet: Freitag, 15. Dezember 2000 16:29
An: 'Stolle, Martin'
Cc: 'squid-users@ircache.net'
Betreff: RE: [SQU] Squid behind firewall - DNS Problem

I'm using Squid2.3STABLE4
So do I have to modify the code to have it not do a lookup?

Thanks,
Magnus Ullberg
Network Coordinator

Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301

 -----Original Message-----
From: Stolle, Martin [mailto:MStolle@KIV.DE]
Sent: Friday, December 15, 2000 8:59 AM
To: 'Magnus Ullberg'
Cc: 'squid-users@ircache.net'
Subject: AW: [SQU] Squid behind firewall - DNS Problem

I use SQUID 2.2

In my original squid.conf, there is the following comment:
# For dstdomain and dstdom_regex a reverse lookup is tried if a IP
# # based URL is used. The name "none" is used if the reverse lookup
# # fails.
#
This is the reason.
However, on my squid behind a firewall this problem does not happen.

I tried
never_direct deny test.abc.de
never_direct allow all

always_direct allow test.abc.de
always_direct allow all

I tried Squid 2.2stable5

Yours,

Martin Stolle

-----Urspr�ngliche Nachricht-----
Von: Magnus Ullberg [mailto:UllbergM@abcbank.com]
Gesendet: Freitag, 15. Dezember 2000 15:24
An: 'Stolle, Martin'
Cc: 'squid-users@ircache.net'
Betreff: RE: [SQU] Squid behind firewall - DNS Problem

Yes..
I forgot to include my configuration in my last email.. this is what I
have.. I believe that the dstdomain acl may be the problem.. to me it looks
like maybe its trying to resolve the ipaddresses to hostnames to see if they
are in the .abc.net domain..

acl intranet dstdomain .abc.net
never_direct deny intranet
never_direct allow all

always_direct allow intranet
always_direct deny all

The internal proxy has the ICP port for both parent caches set.

Magnus Ullberg
Network Coordinator

Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301

 -----Original Message-----
From: Stolle, Martin [mailto:MStolle@KIV.DE]
Sent: Friday, December 15, 2000 7:58 AM
To: 'Magnus Ullberg'
Cc: 'squid-users@ircache.net'
Subject: AW: [SQU] Squid behind firewall - DNS Problem

Did you use the statement "never direct allow all" in your squid.conf ?
This will prevent the client cache to ask directly the internet.

Another Possibility: Did you allow UDP Port 3130 (for ICP requests) through
your firewall and configured your client to use it
e.g.

cache peer 195.27.54.3 parent 3128 3130

for with internet-proxy on IP-Adress 195.27.54.3, proxy-port 3128 and
ICP-Port 3130

Otherwise, your client will time out.

Greetings,

Martin Stolle

-----Urspr�ngliche Nachricht-----
Von: Magnus Ullberg [mailto:UllbergM@abcbank.com]
Gesendet: Freitag, 15. Dezember 2000 15:00
An: squid-users@ircache.net
Betreff: [SQU] Squid behind firewall - DNS Problem

I've got a problem. This is my setup:

Proxy1 Proxy2
    | |
    \_____________/
                 |
            IntProxy

Proxy 1 & 2 is on the internet while IntProxy is only on the internal
network. Everything works fine except when you try to access a website using
their IP address.
It hangs for a couple of minutes before showing the page. I think I've
narrowed it down to what is happening. It looks like it does a reverse dns
lookup on the ip address and it has to wait for that to time out.

Any suggestions for me?

Thanks,
Magnus Ullberg
Network Coordinator

Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Dec 15 2000 - 09:03:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:59 MST