Environment

Squid Setup
win.client
↕
win.squid → gentoo.squid → internet

So I have squidnt runing on my windows pc, which i then want to connect
to the gentoo squid and then i want that to go get the info from the
internet.


Newtork Path for http/s traffic (this is a bit complicated but it
works, a bit of latency, throughput is fine though)

Browser → win.squid (127.0.0.1:3128) → gentoo.squid
(127.0.0.1:8080) → win.host (192.168.0.24) → ssh tunnel →
gentoo.host (203.x.x.x:443) → gentoo.squid (127.0.0.1:3128) →
Internet (http://www.google.com)

So I have a ssh tunnel between my windows pc and the gentoo box, I have
port 8080 forwarded to 127.0.0.1:3128 & port 8081 forwarded to
127.0.0.1:3130.

This is what i have in my squidnt squid.conf

<<<<<<< begin squid.conf (squidnt) >>>>>>>>>>>>>>>>
cache_peer 127.0.0.1 parent 8080 8081 default
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs c:/squid/var/cache 512 16 256
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
<<<<<<<< end squid.conf (squidnt) >>>>>>>>>>>>>>>>

And this is what I have in my gento.squid squid.conf

<<<<<<< begin squid.conf (gentoo.squid) >>>>>>>>>>>>>>>>
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
forwarded_for off
coredump_dir /var/cache/squid
<<<<<<<< end squid.conf (gentoo.squid) >>>>>>>>>>>>>>>>

This should work shouldn't it?
I've been to http://www.cnn.com and half the site loads under these
conditions, http://www.google.com doesn't load at all.... In the
access.log you see hits/miss's on both boxes.. I have live HTTP Headers
in friefox and both proxy's leave there mark in the headers on requests
that work.....

if i take my squidnt out of the loop and point the browser at
127.0.0.1:8080 as the proxy, everything works fine. I only visit a
handful of sites everyday and I'm trying to reduce the time it takes to
load these sites, some of them have a heap of static images on them for
example. The browser disk cache doesn't help as i have a sync job in
place that syncs my portable firefox config with my desktop at home,
sending this cache is a waste of bandwidth. (When i get a iPod with a
proper harddrive i'll just whack my portable firefox on that, in the
meantime this works great.)

Of course as soon as I get home and configure squidnt to go straight to
the net it works fine, ie taking gentoo.squid out of the cache_peer
arrangement.

the reason i'm doing this is our work firewall/proxy won't let me go to
google.com, works for most users, but there are a few of us that get
blocked, its a stupid block, but it exists, i'm not here to fix that
problem, I'm here to just get a working, unfiltered net connection

my working solution is a ssh tunnel to gentoo.squid. I want to imporve
this by sticking a squid cache on my laptop to help reduce the
bandwidth & latency costs associated with my current working setup.

Thanks for any assistance ou might be able to offer