Re: More specific squid problem

[cloudmaster <cloudmaster@cloudmaster.com>]

Steven Pritchard wrote:
> 
> Can you just ping the names that squid doesn't like?

Uhh, I don't know.  Lemme look...  No, I can't ping the site either.  Not
that I can ping any of the MS sites, but that's neither here nor there...

Anyway, I discovered this eveing that I get unknown host for that MS site I
was using as an example when I try to telnet on port 80 (or telnet at all),
but from the router machine I can connect on 80.  It's only some sites that
I can't connect to though, so I know masquerading is working.  I'm using
ipfwadm since ipchains aren't hapy with the 2.0 kernel I have, and I
haven't gotten the machine converted over to glibc2 yet - that's coming in
a couple of weeks though.  Anyway, in more detail:

cloud120:/home/nfs/sauer # ipfwadm -Al
IP accounting rules
 pkts bytes dir prot source               destination          ports
45371   12M i/o all  cloud120.cloudmaster.com anywhere             n/a
45497   25M i/o all  anywhere             cloud120.cloudmaster.com n/a
cloud120:/home/nfs/sauer # ipfwadm -Il
IP firewall input rules, default policy: accept
cloud120:/home/nfs/sauer # ipfwadm -Ml
IP masquerading entries
prot expire   source               destination          ports
tcp  14:53.06 cloud233.cloudmaster.com oxygen.cstone.net    1618 (61190) ->
www
cloud120:/home/nfs/sauer # ipfwadm -Ol
IP firewall output rules, default policy: accept

I fixed the default accept rule (doh), but other than that - all this looks
OK to me...  /etc/nsswitch.conf looks OK too, but I've been known to not
know what the heck's going on with that too... :)

--Danny

--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.