On 11.12.19 22:04, leonyuuu wrote:
Thanks Amos for quick response! It helps a lot in understanding the previous
logs like "forward proxy port not configured", and I adjusted my
configuration later today to do another test.
However, now the two proxies even doesn't send ICP/HTTP request to each
other anymore for cache digest and the access.log(see below) shows there are
only queries on intercepted traffic.
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377850/access.png>
My new configuration for proxy0:
http_port 3128
http_port 9999 intercept
icp_access allow all
icp_port 3130
cache_peer 192.168.3.2 sibling 3128 3130
cache_peer_access 192.168.3.2 allow all
visible_hostname squid.host.1
Iptables configuration added for proxy0:
// for inter-proxy trafic
"iptables -t nat -A PREROUTING -i veth20 --dport 80 -j REDIRECT
--to-port 3128"
you don't need to and should not redirect inter-proxy traffic from port 80
to 3128.
the sibling proxy explicitly sends HTTP traffic to port 3128.
better remove this rule.
// for intercepted traffic
"iptables -t nat -A PREROUTING -i veth12 --dport 80 -j REDIRECT
--to-port 9999"
With tcpdump(see below) listening on the interface that connects the other
proxy, I can see there are established tcp connections between two proxies,
is this traffic for netdb only? I am really wondering what could potentially
prevent from the Cache Digest being exchanged between siblings.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
