Hi There On the firewall, are there rules in place to allow port 3130 UDP to and from the outside proxy to the internal one ?
Take out the never_direct allow all Set half_closed_connections to off make sure the parent proxy line reads cache_peer squid-cache-2.sun.ac.za parent 3128 3130 Let us know Regards Gert Brits -----Original Message----- From: Johann Spies [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 06, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: [squid-users] VBScript runtime error We have three proxy servers on the campus - two outside the firewall and one inside the firewall. The last one is the library's proxy. It is configured to use the outside proxies as parents and also have the acl: never_direct allow all The library is paying for internet traffic to certain cites. One of those sites is http://www.woordeboek.co.za which works perfectly when one uses the outside proxies but not through the inside proxy. When we try to use the lib-proxy to access it some browsers (like Mozilla and at least one IE) reports: --------------- Microsoft VBScript runtime error '800a000d' Type mismatch: '[string: "30, 146.232.75.208"]' /includes/ipauthentication.asp, line 3 ---------------- Others just get the message "This site could not be displayed" or something similar. An effort to make a connection to www.woordeboek.co.za using lib-proxy caused these entries in the access.logs of lib-proxy (146.232.75.208): 1089094746.154 0 146.232.128.30 TCP_MISS/500 629 GET http://www.woordeboek.co.za/ - ANY_PARENT/squid-cache-2.sun.ac.za text/html And in squid-cache-2 (196.168.1.2): 1089094746.193 0 192.168.1.1 UDP_MISS/000 49 ICP_QUERY http://www.woordeboek.co.za/ - NONE/- - 1089094747.193 1000 146.232.75.208 TCP_MISS/500 584 GET http://www.woordeboek.co.za/ - DIRECT/196.2.63.90 text/html 1089094747.193 0 192.168.1.1 UDP_MISS/000 49 ICP_QUERY http://www.woordeboek.co.za/ - NONE/- - 1089094747.193 0 146.232.75.208 TCP_MISS/500 584 GET http://www.woordeboek.co.za/ - DIRECT/196.2.63.90 text/html In squid-cache-1 (192.168.1.1): 1089094747.185 64 146.232.75.208 TCP_MISS/500 640 GET http://www.woordeboek.co.za/ - TIMEOUT_DIRECT/196.2.63.90 text/html 1089094747.189 0 192.168.1.2 UDP_MISS/000 49 ICP_QUERY http://www.woordeboek.co.za/ - NONE/- - 1089094747.331 65 146.232.75.208 TCP_MISS/500 640 GET http://www.woordeboek.co.za/ - DIRECT/196.2.63.90 text/html 1089094747.336 0 192.168.1.2 UDP_MISS/000 49 ICP_QUERY http://www.woordeboek.co.za/ - NONE/- - I have read about a similar problem during a google search but there the solution was to use allways_direct deny all never_direct allow all which did not provide a solution to me. The acl for the site in squid.conf looks like this: acl openhosts dstdomain .woordeboek.co.za Any ideas? Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you." Matthew 7:7
