Squid help

William M. Quarles walrus at bellsouth.net
Thu Jun 3 02:01:59 UTC 2004 

James Kosin wrote:
> William M. Quarles wrote:
> | I'm trying to set up Squid on my computer, and it seems very difficult
> | to get working.  Here is my log file from when it started:
> |
> | 2004/06/01 00:33:40| Starting Squid Cache version 2.5.STABLE3 for
> | i386-redhat-linux-gnu...
> | 2004/06/01 00:33:40| Process ID 9266
> | 2004/06/01 00:33:40| With 1024 file descriptors available
> | 2004/06/01 00:33:40| Performing DNS Tests...
> | 2004/06/01 00:33:40| Successful DNS name lookup tests...
> | 2004/06/01 00:33:40| DNS Socket created at 0.0.0.0, port 32798, FD 4
<snip>
> | 2004/06/01 00:33:40| Accepting HTTP connections at 0.0.0.0, port 3128,
> | FD 10.
> | 2004/06/01 00:33:40| Accepting ICP messages at 0.0.0.0, port 3130, FD 11.
> | 2004/06/01 00:33:40| WCCP Disabled.
> | 2004/06/01 00:33:40| Ready to serve requests.
> |
> | Are the 0.0.0.0's for the IP addresses normal operation?
> |
> | Thanks,
> | William
> |
> 
> William,
> 
> The 0.0.0.0 is usually normal.  It means that the service will accept
> requests on any network interface.  A sort of global listen on all
> interfaces.
> 
> Some system administrators will say this is BAD practice, but, it really
> depends on your network setup as to how you may want to restrict access
> to squid.  One good example, you may want to restrict access to a
> specific network card (IP address/range) so sales people can get squid
> access, but the engineering department (on another network/IP
> address/range) to get no squid access.  And of course, the network card
> attached to the outside Internet to have no squid access (this prevents
> people from using your server as a caching jumping point for junk web
> sites).
> 
> Even with all this, your iptables setup will also effect squid.

James,

Thanks for your e-mail.  I'm glad to know that the 0.0.0.0 is not an
abnormal response.

I set up my access control list so that only IP addresses on my internal
network and loopback will have access to the cache.  I'll just say that
for now, using the access control list and not specifying an IP for
Squid to be operating from is the best situation for me right now.

I'm not trying to set up a monster caching proxy, I just need to be able
to redirect to a filtering program for parental control purposes.  Right
now I'm trying squidGuard, later I want to try setting up DansGuardian.

However, while trying to use my own computer as the cache (so setting my
Mozilla proxy to be 127.0.0.1:3128), I get this Squid error page:

The following error was encountered:

      * Forwarding Denied.

This cache will not forward your request because it is trying to enforce
a sibling relationship. Perhaps the client at 127.0.0.1 is a cache which
has been misconfigured.

I'm not aware of ever enabling a sibling relationship!

My configuration file is at 
http://physstud.jmu.edu/quarlewm/squid.conf.txt (sorry, it seems that 
attachments on the
list aren't allowed!), if anybody can find a glaring
problem (other than not specifying an IP address for Squid), please let
me know!

Peace,
William

More information about the fedora-list mailing list