<snip>William M. Quarles wrote: | I'm trying to set up Squid on my computer, and it seems very difficult | to get working. Here is my log file from when it started: | | 2004/06/01 00:33:40| Starting Squid Cache version 2.5.STABLE3 for | i386-redhat-linux-gnu... | 2004/06/01 00:33:40| Process ID 9266 | 2004/06/01 00:33:40| With 1024 file descriptors available | 2004/06/01 00:33:40| Performing DNS Tests... | 2004/06/01 00:33:40| Successful DNS name lookup tests... | 2004/06/01 00:33:40| DNS Socket created at 0.0.0.0, port 32798, FD 4
| 2004/06/01 00:33:40| Accepting HTTP connections at 0.0.0.0, port 3128, | FD 10. | 2004/06/01 00:33:40| Accepting ICP messages at 0.0.0.0, port 3130, FD 11. | 2004/06/01 00:33:40| WCCP Disabled. | 2004/06/01 00:33:40| Ready to serve requests. | | Are the 0.0.0.0's for the IP addresses normal operation? | | Thanks, | William |
William,
The 0.0.0.0 is usually normal. It means that the service will accept requests on any network interface. A sort of global listen on all interfaces.
Some system administrators will say this is BAD practice, but, it really depends on your network setup as to how you may want to restrict access to squid. One good example, you may want to restrict access to a specific network card (IP address/range) so sales people can get squid access, but the engineering department (on another network/IP address/range) to get no squid access. And of course, the network card attached to the outside Internet to have no squid access (this prevents people from using your server as a caching jumping point for junk web sites).
Even with all this, your iptables setup will also effect squid.
James,
Thanks for your e-mail. I'm glad to know that the 0.0.0.0 is not an abnormal response.
I set up my access control list so that only IP addresses on my internal network and loopback will have access to the cache. I'll just say that for now, using the access control list and not specifying an IP for Squid to be operating from is the best situation for me right now.
I'm not trying to set up a monster caching proxy, I just need to be able to redirect to a filtering program for parental control purposes. Right now I'm trying squidGuard, later I want to try setting up DansGuardian.
However, while trying to use my own computer as the cache (so setting my Mozilla proxy to be 127.0.0.1:3128), I get this Squid error page:
The following error was encountered:
* Forwarding Denied.
This cache will not forward your request because it is trying to enforce a sibling relationship. Perhaps the client at 127.0.0.1 is a cache which has been misconfigured.
I'm not aware of ever enabling a sibling relationship!
My configuration file is at http://physstud.jmu.edu/quarlewm/squid.conf.txt (sorry, it seems that attachments on the
list aren't allowed!), if anybody can find a glaring
problem (other than not specifying an IP address for Squid), please let
me know!
Peace, William
