On 1/03/2012 12:00 a.m., Nick Urbanik wrote:
Dear Folks,
After a yum upgrade to this Fedora 16 box a few days ago, I now have
squid-3.2.0.15-1.fc16.x86_64, and now have this message appearing in
my /var/log/squid/cache.log:
ERROR: No forward-proxy ports configured.
I changed these lines:
http_port 192.168.0.1:3128 transparent
http_port 127.0.0.1:3128 transparent
to
http_port 192.168.0.1:3128 intercept
http_port 127.0.0.1:3128 intercept
Good. That needed doing anyway, but is unrelated to the particular
message. A forward-proxy port is a port without any specialised traffic
mode configured. For example the default "http_port 3128" is a forward
proxy port. "http_port ... intercept" is an interception proxy port.
Why?
Now that intercept ports have stricter security enforcement you need
a forward proxy port in order to service the regular management
requests, icons, inter-proxy requests etc. which your Squid needs to do
during its operation. The error pages and FTP/Gopher directory listings
need this port and yoru visible_hostname value to generate URLs for
loading the icon images. You can also use accel ports to service those
requests in the scope of the domain(s) being accelerated. But a
forward-proxy port is best, and so what gets mentioned.
<snip>
The machine is set up with two network interfaces, one to the internal
network on 192.168.0.1, the other on the Internet. There are iptables
rules using redirects.
You may also need to check your iptables rules include the mangle table
protections for your intercept port(s).
see http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
You can run "squid -k parse" to check for other less visible issues.
I saw "refresh_pattern (cgi-bin|\?) 0 0% 0 " in your config.
We advise this now:
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
Amos
