On 2/03/2016 6:05 p.m., John Pearson wrote: > Hi, > > I have squid installed on a machine with two NICs. > eth0 - wan > eth1 - lan - 10.0.1.1 > > Squid server is running on eth1. > I am trying to use the squidclient to fetch a url so that squid will cache > it. Like prefetching. > > Example: > > squidclient -v -h 10.0.1.1 -p 3128 -m GET http://www.apple.com > Problem #1; you are missing a '/' on the end of the URL. That type of URL is not valid in HTTP/1.0. It has only recently become acceptible in HTTP/1.1, so not all services support it. > Result > ----------- > Request: > GET http://www.apple.com HTTP/1.0 > Host: www.apple.com > User-Agent: squidclient/3.5.9 > Accept: */* > Connection: close > > . > > -------------------- > > The cursor just blinks below the dot (after "Connection:close". Hard to > see) and nothing happens. I have to manually exit. > > When I exit, squid log shows A LOT of these lines: > > 10.0.1.1 TCP_MISS_ABORTED/000 0 GET http://www.apple.com - ORIGINAL_DST/ > 10.0.1.1 - Problem #2; you are sending the request to an intercept port without having gone through the NAT system. If you left it to run, your machine would eventually crash as all networking sockets and resources were consumed by the forwarding loop. squidclient needs to use a forward-proxy port to connect to Squid. Usually that is 3128, which is the port registered for Squid forward-proxy ctraffic. Recommended practice is to leave port 3128 for proxy administrative access and tools like squidclient. Movine the intercept port to another random number and firewall it (in iptables with mangle tables rule) to prevent anything except NAT'd traffic reaching that random port. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
