Re: [squid-users] No forward-proxy ports error in 3.3

Looking at the explanation you gave it seems that forward_proxy is not
a necessary if my setup allows for it. My case is that of simple
forward proxy. I do not have any proxy peers, nor am i accessing the
cachemgr.cgi. So in the case of normal webpage requests e.g
www.google.com none of these should come into play and my setup should
work. Correct me if i am wrong.

Lets say my squid is running on a machine 192.168.8.40 and i choose
port 8080 as the proxy_forward port. Then i will configure it like
this

http_port 192.168.8.40:8080

The error page that you mentioned, will that be transferred to the
client via this port? If that is the case, then how is my client going
to associate that as response for one of its requests. Lets say client
is at 192.168.8.39. He makes a request for a page which is not
accesible. Squid will return the error page to client via its 8080
port?

Actually i am getting confused by usage of this in 3.2/3.3 versus
earlier version of 3.1. So bear with me if you can :)

Coming back to my original problem of some webpages not opening for my
3.3 setup. Any suggestions? Some of the web pages are not opening and
some are opening. Something weird is happening. e.g www.yahoo.com wont
open, but http://www.squid-cache.org/ will open. For the pages that
donot open, the client sends a GET request to the resolved IP but
there is no http response. I verified that on wireshark.

My squid conf is: transparent proxy config

http_port 192.168.8.40:3128 intercept ssl-bump
cert=/home/talha/squid/www.sample.com.pem
key=/home/talha/squid/www.sample.com.pem
https_port 192.168.8.40:3129 intercept
cert=/home/talha/squid/www.sample.com.pem
key=/home/talha/squid/www.sample.com.pem
http_port 192.168.8.40:8080

Client is at 192.168.8.39.

On Wed, Apr 25, 2012 at 7:52 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 25/04/2012 1:48 a.m., Ahmed Talha Khan wrote:
>>
>> Hey Amos,,
>>
>> Can you explain a little how this forward-proxy will be used by squid?
>> So i might be able to make a plausible cause for my setup not working.
>
>
> Sure.
>
> 1) When producing an error page there are CSS embeded images(s),
> 2) When generating FTP directory listing there are icons for each file on
> the list,
> 3) When generating FTP directory listing there are icons for each file on
> the list,
> 4) The cachemgr.cgi API can be accessed via HTTP or HTTPS protocol through
> thsis port.
> 5) URLs inside any HTML manager reports may use this port to target
> particular worker for servicing a request.
>
> The visible_hostname and forward-proxy port are used to generate the URLs in
> these responses.
>
> For example:
>  http_port 192.168.0.1:3128
>  visible_hostname f.example.com
>
> generates:
>   http://f.example.com:3128/squid-internal-icons/text.png
>   http://f.example.com:3128/squid-internal-mgr/
>   http://f.example.com:3128/squid-internal-mgr/menu
>
> It is important that the proxy be directly addressible for these types of
> things . There are many proxies operating on the Internet, and while the
> icons request may be serviced by any of them the mgr interface you
> definitely do not want to proxy-A to respond or perform management requests
> intended fro proxy-B.
>
> 5) to exchange traffic between proxy peers a forward-proxy port is required
> by cache_peer as the http-port option. This gets used for all traffic
> fetched through that peer, including cache digests, netdb exchanges and
> background live/dead monitoring probes.
>
> There are likely some other things I've forgotten, but those are the main
> ones.
>
> Amos
>

-- 
Regards,
-Ahmed Talha Khan