On 14/04/2012 08:34, Colin Coe wrote:
> On Thu, Apr 5, 2012 at 10:07 PM, Eliezer Croitoru<eliezer_at_ngtech.co.il> wrote:
>> On 05/04/2012 16:21, Colin Coe wrote:
>>>
>>> On Thu, Apr 5, 2012 at 8:32 PM, Eliezer Croitoru<eliezer_at_ngtech.co.il>
>>> wrote:
>>>>
>>>> On 05/04/2012 14:51, Colin Coe wrote:
>>>> <SNIP>
>>>>
>>>>
>>>>> OK, I did
>>>>> export ftp_proxy=http://benpxy1p:3128
>>>>> wget ftp://ftp2.bom.gov.au/anon/gen/fwo
>>>>> --2012-04-05 19:43:38-- ftp://ftp2.bom.gov.au/anon/gen/fwo
>>>>> Resolving benpxy1p... 172.22.106.10
>>>>> Connecting to benpxy1p|172.22.106.10|:3128... connected.
>>>>> Proxy request sent, awaiting response... ^C
>>>>>
>>>>> An entry appeared in access.log only after I hit ^C.
>>>>>
>>>>> Changing ftp_proxy to ftp://benpxy1p:3128 did not change anything.
>>>>>
>>>>> CC
>>>>>
>>>> well if a access_log entry appears it means that the client is contacting
>>>> the squid server.
>>>> did you notice that the size of this list\dir is about 1.8 MB?
>>>> take something simple such as:
>>>> ftp://ftp.freebsd.org/pub
>>>> it should be about 2.9Kb.
>>>> then if it didnt go within 10 secs try using without upper stream proxys.
>>>> maybe something is setup wrong on the cache_peer.
>>>> there are options to debug with a lot of output from squid that can
>>>> simplify
>>>> the problem.
>>>> but i would go to minimum settings and up.
>>>> use only one proxy and without a name.
>>>> just use the ip for the cache_peer acls.
>>>> you can use the debug sections:
>>>> http://wiki.squid-cache.org/KnowledgeBase/DebugSections
>>>> to make more use of it.
>>>> use like this:
>>>> debug_options ALL,1 section,verbosity_level
>>>> debug_options ALL,1 9,6
>>>>
>>>> there are couple of sections that will provide you with more network
>>>> layer
>>>> info that will help you find the source of the problem.
>>>>
>>>> to see the log tail the cahce.log file.
>>>>
>>>> well i gave you kind of the worst case scenario i could think of.
>>>> if you need more help i'm here.
>>>>
>>>> Regards,
>>>> Eliezer
>>>>
>>>
>>> As a test I pointed the client at the corporate proxy.
>>>
>>> # export ftp_proxy=http://172.22.0.7:221
>>> # wget ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
>>> --2012-04-05 20:43:53-- ftp://ftp2.bom.gov.au/anon/gen/fwo/IDY02128.dat
>>> Connecting to 172.22.0.7:221... connected.
>>> Proxy request sent, awaiting response... 200 No headers, assuming HTTP/0.9
>>> Length: unspecified
>>> Saving to: “IDY02128.dat”
>>>
>>> [
>>> <=>
>>> ] 232 --.-K/s in 2m 0s
>>>
>>> 2012-04-05 20:45:52 (1.94 B/s) - “IDY02128.dat” saved [232]
>>>
>>> It took a while but it definitely works. I added the debug lines to
>>> the squid.conf (and restarted). When pointing the client at the squid
>>> server (for doing the FTP), there were no additional lines logged in
>>> either cache.log or access.log.
>>>
>>> Again, doing a tcpdump on the squid server shows the client _is_
>>> connecting to the squid server.
>>>
>>> CC
>>
>>
>> as i was saying...it's not about if it's connecting to the squid server but
>> what happens from squid to the world.
>> try to disable the cache_peer settings on squid...
>> try to use squid as regular proxy without going to the parent bluecoat and
>> see how it works.
>> just to see if you do have any problem on squid settings that are not
>> related to the cache_peer settings.
>>
>> as you know i and many more people are using squid for ftp and it works with
>> no problem.
>>
>> i cant point exactly about the point of failure in your setup but one thing
>> i do know..
>> i am using 3 cache peers and it works excellent for me.
>> just for you i will put a setup to see how my basic settings for squid works
>> with a parent proxy. (it will take some time )
>>
>> most likely that if in any point you see access log entry it means that you
>> are not configuring something right on your squid.
>>
>> try the next:
>> in hosts file add the entry:
>> 172.22.0.7 ftp_proxy
>> 172.22.0.7 http_proxy
>>
>> then in squid.conf add:
>> cache_peer ftp_proxy parent 221 0 no-query no-digest proxy-only
>> cache_peer_access ftp_proxy allow ftp_ports
>> cache_peer_access ftp_proxy deny all
>>
>> cache_peer http_proxy parent 8200 0 no-query no-digest proxy-only
>> cache_peer_access http_proxy deny ftp
>> cache_peer_access http_proxy allow all
>>
>> #remove the :
>> #always_direct allow Dev
>> #always_direct allow Prod
>>
>> #and add only:
>> never_direct allow all
>>
>>
>>
>> Regards,
>> Eliezer
>>
>
> Hi Eliezer (and thanks for your patience)
>
> I think the problem has been with the BlueCoat the whole time. The
> BlueCoat admin has setup a service account for me and I've configured
> squid so that all FTP requests are served through the cache_parent
> hard coded with the service account details.
>
> Its working now so were going to leave it like this.
>
> Thanks again for your help and patience.
>
> CC
>
i'm happy you solved the problem.
if you need something always glad to help.
Eliezer
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Sat Apr 14 2012 - 17:42:58 MDT
This archive was generated by hypermail 2.2.0 : Sun Apr 15 2012 - 12:00:03 MDT