squid and apache

Hi, I though i'd try again. I am still having problems getting Squid
working as a transparent proxy while also accelerating Apache.

The server has a public and private NIC, and I'm using IPCHAINS (I'm
using RH 7.1 (2.4.2-2).
I have configured IPCHAINS in the following manner:

IPCHAINS -A input -j REDIRECT 3128 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80

and I also have the Policy for Forward set to MASQ, the policy for
input and output is ACCEPT.
I have also turned on forwarding.

I have told Apache to use 127.0.0.1 port 80 and I have also told Squid
that that's where it can find it. (This solution/idea I found
somewhere on the net, don't know if it is a good one).

I have included both the squid.conf and httpd.conf in the bottom of
this message (appologies to dial-up users for the length, but I feel
it's necessary).

At the moment Squid is working fine as a transparent cache, but when I
try to access Apache from another computer on the LAN or from the
server I get a message from squid but the message depends on wether I
connected via telnet or via a browser (?!) the messages are:

(from telnet)
Connection Lifetime Expired
Squid has terminated the request because it has exceeded the maximum
connection lifetime.

(from a browser)
The following error was encountered:
Connection Failed
The system returned:
(110) Connection timed out

In the squid access.log I just see the request for the page. In the
httpd error.log there is nothing.

It should be noted that if I terminate Squid then I can connect (from
the server offcourse) to 127.0.0.1 port 80 and get the testpage
without problem.

So it seems that Squid can't find the apache server.
Question is..... why not?

I am really stuck. So I hope someone can help me, either with
configuring it this way, or by doing some other trick? Maybe bypass
squid and go straight to apache, but how to do that with IPCHAINS?
Also I can't seem to find any good information anywhere on how to set
it up this way (i.e. transparent cache with acceleration for apache on
same server with two nic's) and I am sure it has been done many times
before so links are welcome!.

Regards,
Tobias Skytte


************************************************** ********************
squid.conf (comments grep'd out, public IP's and domain names
sanitized):
************************************************** ********************

http_port 192.168.10.1:3128
http_port 192.168.10.1:80
http_port 196.28.xxx.yyy:3128
http_port 196.28.xxx.yyy:80
icp_port 0
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
cache_mem 16 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 8192 KB
minimum_object_size 0 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_dir ufs /var/spool/squid 2000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user user@
ftp_passive on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 192.168.10.1-192.168.10.254/255.255.255.0
acl iznogood src 196.28.xxx.yyy/255.255.255.254
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
http_access allow all
icp_access allow all iznogood localhost manager
cache_mgr hostmaster@nowhere
hostname_aliases ftp.nowhere
hostname_aliases www.nowhere
hostname_aliases ns.nowhere
hostname_aliases mail.nowhere
httpd_accel_host 127.0.0.1
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

************************************************** ******************
httpd.conf (comments grep'd out, public IP's and domain names
sanitized):
************************************************** ******************
ServerType standalone
ServerRoot "/etc/httpd"
LockFile /var/lock/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /var/run/httpd.scoreboard
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 20
StartServers 8
MaxClients 150
MaxRequestsPerChild 100
Listen 127.0.0.1:80
BindAddress 127.0.0.1
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule env_module modules/mod_env.so
LoadModule config_log_module modules/mod_log_config.so
LoadModule agent_log_module modules/mod_log_agent.so
LoadModule referer_log_module modules/mod_log_referer.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule includes_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule action_module modules/mod_actions.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule anon_auth_module modules/mod_auth_anon.so
LoadModule db_auth_module modules/mod_auth_db.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
<IfDefine HAVE_PERL>
LoadModule perl_module modules/libperl.so
</IfDefine>
<IfDefine HAVE_PHP>
LoadModule php_module modules/mod_php.so
</IfDefine>
<IfDefine HAVE_PHP3>
LoadModule php3_module modules/libphp3.so
</IfDefine>
<IfDefine HAVE_PHP4>
LoadModule php4_module modules/libphp4.so
</IfDefine>
<IfDefine HAVE_DAV>
LoadModule dav_module modules/libdav.so
</IfDefine>
<IfDefine HAVE_ROAMING>
LoadModule roaming_module modules/mod_roaming.so
</IfDefine>
<IfDefine HAVE_SSL>
LoadModule ssl_module modules/libssl.so
</IfDefine>
ClearModuleList
AddModule mod_vhost_alias.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_log_agent.c
AddModule mod_log_referer.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_db.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_so.c
AddModule mod_setenvif.c
<IfDefine HAVE_PERL>
AddModule mod_perl.c
</IfDefine>
<IfDefine HAVE_PHP>
AddModule mod_php.c
</IfDefine>
<IfDefine HAVE_PHP3>
AddModule mod_php3.c
</IfDefine>
<IfDefine HAVE_PHP4>
AddModule mod_php4.c
</IfDefine>
<IfDefine HAVE_DAV>
AddModule mod_dav.c
</IfDefine>
<IfDefine HAVE_ROAMING>
AddModule mod_roaming.c
</IfDefine>
<IfDefine HAVE_SSL>
AddModule mod_ssl.c
</IfDefine>
Port 80
User apache
Group apache
ServerAdmin hostmaster@nowhere
ServerName www.nowhere
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes Includes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
UserDir public_html
DirectoryIndex index.html index.htm index.shtml index.php index.php4
index.php3 index.cgi
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
CacheNegotiatedDocs
UseCanonicalName On
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /var/log/httpd/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it
LanguagePriority en fr de
<IfModule mod_php4.c>
AddType application/x-httpd-php .php4 .php3 .phtml .php
AddType application/x-httpd-php-source .phps
</IfModule>
<IfModule mod_php3.c>
AddType application/x-httpd-php3 .php3
AddType application/x-httpd-php3-source .phps
</IfModule>
<IfModule mod_php.c>
AddType application/x-httpd-php .phtml
</IfModule>
AddType application/x-tar .tgz
AddType text/html .shtml
AddHandler server-parsed .shtml
AddHandler imap-file map
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
<IfModule mod_perl.c>
Alias /perl/ /var/www/perl/
<Location /perl>
SetHandler perl-script
PerlHandler Apache::Registry
Options +ExecCGI
</Location>
</IfModule>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from .itservices.co.mz
</Location>
Alias /doc/ /usr/share/doc/
<Location /doc>
order deny,allow
deny from all
allow from localhost .localdomain
Options Indexes FollowSymLinks
</Location>
<IfDefine HAVE_SSL>
Listen 443
SSLSessionCache shm:/var/cache/ssl_gcache_data(524288)
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>