Ok guys im trying to setup my existing and fully functional squid 3.1.6
box on squeeze to talk to an identical squid box upstream, but it is not
working, I cant see any requests in access.log on the upstream box of
the downstream box fetching from it.
cache.log shows the following
upstream box (parent):
2012/01/23 00:17:15| Adding nameserver 192.168.1.1 from squid.conf
2012/01/23 00:17:15| Accepting HTTP connections at 192.168.1.205:3128,
FD 11.
2012/01/23 00:17:15| Accepting ICP messages at [::]:3129, FD 12.
2012/01/23 00:17:15| HTCP Disabled.
2012/01/23 00:17:15| Configuring Sibling 192.168.1.40/3128/3129
2012/01/23 00:17:15| Loaded Icons.
2012/01/23 00:17:15| Ready to serve requests.
downstream box (sibling):(should I even conf this as a sibling?
2012/01/23 00:19:11| Adding nameserver 10.10.1.1 from squid.conf
2012/01/23 00:19:11| Accepting HTTP connections at 10.10.1.105:3128, FD
11.
2012/01/23 00:19:11| Accepting ICP messages at [::]:3129, FD 12.
2012/01/23 00:19:11| HTCP Disabled.
2012/01/23 00:19:11| Configuring Parent 192.168.1.205/3128/3129
2012/01/23 00:19:11| Loaded Icons.
2012/01/23 00:19:11| Ready to serve requests.
======================================================================
relevant squid.conf entries
upstream box (parent)
http_port 192.168.1.205:3128
hierarchy_stoplist cgi-bin ?
icp_port 3129
cache_peer 192.168.1.40 sibling 3128 3129 default
icp_access allow all
downstream box (sibling):
http_port 10.10.1.105:3128
hierarchy_stoplist cgi-bin ?
icp_port 3129
cache_peer 192.168.1.205 parent 3128 3129 default
prefer_direct off
icp_access allow all
======================================================================
Also note that Nmap UDP -sU port scans from both hosts to eachother,
show no open port on 3129 which im using for my ICP port.
Yes I have them open in iptables with
-A INPUT -p udp -m udp --dport 3129 -j ACCEPT
and tried
-A INPUT -p udp --dport 3129 -j ACCEPT
======================================================================
Gentlemen, the fail whales tail is slapping me in the face repeatedly
what am I doing wrong???
======================================================================
deviant:/var/www# squid3 -v
Squid Cache: Version 3.1.6
configure options: '--build=i486-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
'--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=i486-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' --with-squid=/build/buildd-squid3_3.1.6-1.2+squeeze2-i386-PV_6Lv/squid3-3.1.6
