On 07/09/11 18:18, John Kenyon wrote:
Open "icp_port 3130" to receive the packets.
Amos
Hi Amos,
Sorry, I've also got this in my squid.conf:
icp_port 3130
log_icp_queries on
icp_query_timeout 2000
Also, port 3130 is open in iptables. Any other ideas?
From what I understand UDP_DENIED means the ICP query can be denied due to the icp_access rules.
I appear to have resolve the issue. Originally I had this:
acl local_network src 192.168.0.0/16
icp_access allow local_network
icp_access deny all
Which *should* have worked right? Anyway I changed it to the following and now I am not seeing the errors:
acl squid_peers src wp01.example.com wp02.example.com wp03.example.com
icp_access allow squid_peers
icp_access deny all
So the peers have IP addresses outside of 192.168.0.0/16 which they are
using to communicate. Lookup the DNS AAAA and A records for them. Your
http_access rules may need adjusting as well. If the ICP reply indicates
success there will likely be a followup HTTP request using the same IPs.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.15
Beta testers wanted for 3.2.0.11