On Thu, Apr 5, 2012 at 10:07 PM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > On 05/04/2012 16:21, Colin Coe wrote: >> >> On Thu, Apr 5, 2012 at 8:32 PM, Eliezer Croitoru<eliezer@xxxxxxxxxxxx> >> wrote: >>> >>> On 05/04/2012 14:51, Colin Coe wrote: >>> <SNIP> >>> >>> >>>> OK, I did >>>> export ftp_proxy=http://benpxy1p:3128 >>>> wget ftp://ftp2.bom.gov.au/anon/gen/fwo >>>> --2012-04-05 19:43:38-- ftp://ftp2.bom.gov.au/anon/gen/fwo >>>> Resolving benpxy1p... 172.22.106.10 >>>> Connecting to benpxy1p|172.22.106.10|:3128... connected. >>>> Proxy request sent, awaiting response... ^C >>>> >>>> An entry appeared in access.log only after I hit ^C. >>>> >>>> Changing ftp_proxy to ftp://benpxy1p:3128 did not change anything. >>>> >>>> CC >>>> >>> well if a access_log entry appears it means that the client is contacting >>> the squid server. >>> did you notice that the size of this list\dir is about 1.8 MB? >>> take something simple such as: >>> ftp://ftp.freebsd.org/pub >>> it should be about 2.9Kb. >>> then if it didnt go within 10 secs try using without upper stream proxys. >>> maybe something is setup wrong on the cache_peer. >>> there are options to debug with a lot of output from squid that can >>> simplify >>> the problem. >>> but i would go to minimum settings and up. >>> use only one proxy and without a name. >>> just use the ip for the cache_peer acls. >>> you can use the debug sections: >>> http://wiki.squid-cache.org/KnowledgeBase/DebugSections >>> to make more use of it. >>> use like this: >>> debug_options ALL,1 section,verbosity_level >>> debug_options ALL,1 9,6 >>> >>> there are couple of sections that will provide you with more network >>> layer >>> info that will help you find the source of the problem. >>> >>> to see the log tail the cahce.log file. >>> >>> well i gave you kind of the worst case scenario i could think of. >>> if you need more help i'm here. >>> >>> Regards, >>> Eliezer >>> >> >> As a test I pointed the client at the corporate proxy. >> >> # export ftp_proxy=http://172.22.0.7:221 >> # wget ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat >> --2012-04-05 20:43:53-- ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat >> Connecting to 172.22.0.7:221... connected. >> Proxy request sent, awaiting response... 200 No headers, assuming HTTP/0.9 >> Length: unspecified >> Saving to: “IDY02128.dat” >> >> [ >> <=> >> ] 232 --.-K/s in 2m 0s >> >> 2012-04-05 20:45:52 (1.94 B/s) - “IDY02128.dat” saved [232] >> >> It took a while but it definitely works. I added the debug lines to >> the squid.conf (and restarted). When pointing the client at the squid >> server (for doing the FTP), there were no additional lines logged in >> either cache.log or access.log. >> >> Again, doing a tcpdump on the squid server shows the client _is_ >> connecting to the squid server. >> >> CC > > > as i was saying...it's not about if it's connecting to the squid server but > what happens from squid to the world. > try to disable the cache_peer settings on squid... > try to use squid as regular proxy without going to the parent bluecoat and > see how it works. > just to see if you do have any problem on squid settings that are not > related to the cache_peer settings. > > as you know i and many more people are using squid for ftp and it works with > no problem. > > i cant point exactly about the point of failure in your setup but one thing > i do know.. > i am using 3 cache peers and it works excellent for me. > just for you i will put a setup to see how my basic settings for squid works > with a parent proxy. (it will take some time ) > > most likely that if in any point you see access log entry it means that you > are not configuring something right on your squid. > > try the next: > in hosts file add the entry: > 172.22.0.7 ftp_proxy > 172.22.0.7 http_proxy > > then in squid.conf add: > cache_peer ftp_proxy parent 221 0 no-query no-digest proxy-only > cache_peer_access ftp_proxy allow ftp_ports > cache_peer_access ftp_proxy deny all > > cache_peer http_proxy parent 8200 0 no-query no-digest proxy-only > cache_peer_access http_proxy deny ftp > cache_peer_access http_proxy allow all > > #remove the : > #always_direct allow Dev > #always_direct allow Prod > > #and add only: > never_direct allow all > > > > Regards, > Eliezer > Hi Eliezer (and thanks for your patience) I think the problem has been with the BlueCoat the whole time. The BlueCoat admin has setup a service account for me and I've configured squid so that all FTP requests are served through the cache_parent hard coded with the service account details. Its working now so were going to leave it like this. Thanks again for your help and patience. CC -- RHCE#805007969328369
