Hi Chris, thanks for your support... I did everything you recommended, but when I make a request to the website (running on the same server), this error now in browser: ?Unable to forward this request at this time. This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that: ?The cache administrator does not allow this cache to make direct connections to origin servers, and ?All configured parent caches are currently unreachable. And the Apache2 webserver (I repeat: ON THE SAME SERVER THAT SQUID 2.7) launch this error: Starting web server: apache2(98)Address already in use: make_sock: could not bind to address [::]:80 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs failed! But if I comment the line in the squid.conf, both errors (the browser and Apache2) disappear completely ... http_port 80 accel defaultsite=mysite.com vhost Besides, I can access the site from the internal network and from outside, it is clear that without Accelerator mode ... Ricardo -----Mensaje original----- De: Chris Robertson [mailto:crobertson@xxxxxxx] Enviado el: miércoles, 02 de septiembre de 2009 05:11 p.m. Para: squid-users@xxxxxxxxxxxxxxx Asunto: Re: Squid 2.7: Request from LAN UNABLE to FORWARD or CONNECTION REFUSED or ACCESS DENIED RicardoCh wrote: > When I try, from the internal LAN, to load any page of my website running on > server (Debian Lenny iptables-apache2-Squid2.7-samba3, ALL ON SAME SERVER), > the Squid launches some of this 3 pages error warn: > > 1) Unable to forward this request at this time > 2) (111) Conection refused > 3) Access denied > > In Squid.conf I have these lines: > > http_port 192.168.000.1:3128 transparent > http_port 127.0.0.1:80 accel defaultsite=mysite.com vhost > cache_peer 127.0.0.1 parent 80 0 no-query originserver name=Ricardo > > cache_peer_access mysite.com allow MyWeb > cache_peer_access mysite.com deny all > > Where the acl "MyWeb" is: > acl myweb dstdomain mysite.com mysite1.com mysite2.com.ar > (The sites are all on the same Apache, Virtual directory) > > In iptables I have only these lines to the webserver: > > # WWW > $IPTABLES -A tcp_packets -p TCP -s 0/0 -dport 80 -j allowed > > $IPTABLES-t nat-A PREROUTING -s $LAN_IP_RANGE -p tcp -dport 80 -j REDIRECT > -to-ports 3128 > > > Any idea? > Thanks in advance > Wow... You are intercepting ALL port 80 traffic and passing it to Squid on port 3128. You have Squid in accelerator mode passing traffic to itself. Finally, you have a cache_peer_access setup that doesn't match any peers. First, I would advise not redirecting traffic destined for the accelerated site. Assuming mysite.com (and its variants) resolves to 192.168.0.1, replace your iptables redirection rule with... $IPTABLES -t nat -A PREROUTING -s $LAN_IP_RANGE -d !192.168.0.1 -p tcp -dport 80 -j REDIRECT -to-ports 3128 Next, don't have Squid listen on localhost port 80. That's where Apache should be listening. Instead have Squid listen to the "publicly" accessible IP address... http_port 192.168.0.1:80 accel defaultsite=mysite.com vhost Finally, the first argument to cache_peer_access should match SOMETHING about the defined cache_peer. With the peer defined as... cache_peer 127.0.0.1 parent 80 0 no-query originserver name=Ricardo ...use either the IP... cache_peer_access 127.0.0.1 allow MyWeb ...or the name... cache_peer_access Ricardo allow MyWeb ...in the cache_peer_access definition. Chris
