On 11.12.19 22:04, leonyuuu wrote:
Thanks Amos for quick response! It helps a lot in understanding the previous logs like "forward proxy port not configured", and I adjusted my configuration later today to do another test. However, now the two proxies even doesn't send ICP/HTTP request to each other anymore for cache digest and the access.log(see below) shows there are only queries on intercepted traffic. <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377850/access.png> My new configuration for proxy0: http_port 3128 http_port 9999 intercept icp_access allow all icp_port 3130 cache_peer 192.168.3.2 sibling 3128 3130 cache_peer_access 192.168.3.2 allow all visible_hostname squid.host.1 Iptables configuration added for proxy0: // for inter-proxy trafic "iptables -t nat -A PREROUTING -i veth20 --dport 80 -j REDIRECT --to-port 3128"
you don't need to and should not redirect inter-proxy traffic from port 80 to 3128. the sibling proxy explicitly sends HTTP traffic to port 3128. better remove this rule.
// for intercepted traffic "iptables -t nat -A PREROUTING -i veth12 --dport 80 -j REDIRECT --to-port 9999" With tcpdump(see below) listening on the interface that connects the other proxy, I can see there are established tcp connections between two proxies, is this traffic for netdb only? I am really wondering what could potentially prevent from the Cache Digest being exchanged between siblings.
-- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question! _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
