it would be nice if you could paste some of the access.log file or cache.log file here. Somethin must be wrong between firewall and squid. Regards, Chee Chun --- Brian Schonecker <Brian.Schonecker@xxxxxxxx> wrote: > I've got a squid cache server running on my firewall > and I have transparent proxying working. > > I've got all my clients set up _without_ an entry in > the proxy server and I have an iptables PREROUTING > rule set up to force forwarded HTTP requests to port > 8080 on my firewall/gateway/squid server. That > works just fine. > > Squid, however doesn't seem to cache any > data...specifically Microsoft updates. I've got > about 200 PCs going through this server and the > requests to MS update site are saturating my gateway > to the internet. > > If I force the clients to use the proxy via Tools, > Internet Options, etc then caching DOES occurr. > However, I have so many mobile users that setting > the proxy manually in IE isn't feasable (because > that setting won't be valid when they leave my > company). > > Should I even expect transparent proxying to behave > in the way that I want? > > Thanks, Brian > > > > iptables -t nat-A PREROUTING -i eth0 -p tcp -m tcp > --dport 80 -j REDIRECT --to-ports 8080 > > > /etc/squid/squid.conf: > > acl BLOCK url_regex "/usr/local/squid/block.acl" > acl CONNECT method CONNECT > acl QUERY urlpath_regex cgi-bin \? > acl SSL_ports port 443 563 > acl all src 0.0.0.0/0.0.0.0 > acl localhost src 127.0.0.1/255.255.255.255 > acl manager proto cache_object > acl unknown src 192.168.209.0/255.255.255.0 > cache_dir ufs /usr/local/squid 1000 16 256 > hierarchy_stoplist cgi-bin ? > http_access allow localhost > http_access allow manager localhost > http_access allow shop > http_access allow unknown > http_access allow upstairs > http_access allow wireless > http_access allow xtek > http_access deny !Safe_ports > http_access deny BLOCK > http_access deny CONNECT !SSL_ports > http_access deny all > http_access deny manager > http_port 192.168.202.254:8080 > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_uses_host_header on > httpd_accel_with_proxy on > icp_access allow all > log_fqdn on > maximum_object_size 60240 KB > mime_table /usr/share/squid/mime.conf > no_cache deny QUERY > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
