Re: No forward-proxy ports error in 3.3

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

On 24/04/2012 6:04 p.m., Ahmed Talha Khan wrote:
> How would i define it then in a forward proxy mode? I am getting the

port 3128 is the registered service port for HTTP proxies. It is best to 
pick another port randomly and firewall it so that clients cannot 
connect directly to that NAT intercept port. But we can get to that 
later, any port will do for a forward-proxy port.

> following in my access.log file.
>
> 1335250139.466  29498 192.168.8.39 NONE_ABORTED/000 0 GET
> http://www.nvidia.com/ - HIER_NONE/- -
>
> The NONE_ABORTED squid request status shows that it is aborting the
> request. This is happening for all the requests.No pages are opening.
> The initial requests to get processed but later ones are stuck. Squid
> is running on 192.168.8.40:3128. My clients are in the 192.168.8.0/24
> range as you can see.

This is not related to the warning or forward-proxy port. Something else 
is going on.

> I tried to put this line in squid.conf but did not work.
>
> http_port 192.168.8.40:8080

This is a forward-proxy port. The syntax is correct. Please explain "did 
not work".


> On Mon, Apr 23, 2012 at 4:38 PM, Amos Jeffries wrote:
> > On 23/04/2012 11:06 p.m., Ahmed Talha Khan wrote:
> > > So this port which is squid needs has to have connection with the
> > > client?or with itself? How will i do that?
> > >
> > > http_port 127.0.0.1:3128 ? would this work?
> >
> > It is for the clients and peers to contact. Localhost would stop the
> > warning, but not solve the problems.
> >
> > Amos
> >
> > > -talha
> > >
> > >
> > > On Mon, Apr 23, 2012 at 4:03 PM, Amos Jeffries wrote:
> > > > On 23/04/2012 9:07 p.m., Ahmed Talha Khan wrote:
> > > > > Hey,
> > > > > I am using 3.3 sources to make a transparent proxy. i have configured
> > > > > the http port in the squid like this
> > > > >
> > > > >
> > > > > http_port 192.168.8.40:3128 intercept ssl-bump
> > > > > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> > > > > cert=/home/talha/squid/www.sample.com.pem
> > > > > key=/home/talha/squid/www.sample.com.pem
> > > > >
> > > > > But when i run squid i get these error at the start and my webpages
> > > > > wont open. I think these errors are the problem showing something in
> > > > > forwarding .
> > > > >
> > > > > 2012/04/23 16:06:44| ERROR: No forward-proxy ports configured.
> > > > > 2012/04/23 16:06:44| ERROR: No forward-proxy ports configured.
> > > > > 2012/04/23 16:06:44| ERROR: No forward-proxy ports configured.
> > > > >
> > > > >
> > > > >
> > > > > The above definition of http_port is exactly that of a forward-proxy
> > > > > port! isnt it?
> > > >
> > > > No it is an interception port. Forward proxy port has no special mode
> > > > settings (intercept/tproxy/accel).
> > > >
> > > >
> > > > >   So why is squid screaming about this?
> > > >
> > > > Squid needs at least one port to serve the error page, FTP and gopher
> > > > icons,
> > > > and other proxy-proxy communications from. Interception port mode now
> > > > (3.2+)
> > > > has security checks which cause problems for that traffic.
> > > >
> > > >
> > > > >    This runs in 3.1
> > > > > btw. May be 3.2/3.3 have some changes. Running squid -k parse also
> > > > > shows no issue. Heres the relevant output of -k parse
> > > >
> > > > Hmm. It should have. Thank you.
> > > >
> > > > Amos