Find the answer to your Linux question:
Results 1 to 2 of 2
i have downloaded squid proxy server in my gentoo server i have configured it and then i have configured my iptables . the configuration of squid.conf is as follow http_port ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2007
    Posts
    4

    squid server blocking http


    i have downloaded squid proxy server in my gentoo server i have configured it and then i have configured my iptables .
    the configuration of squid.conf is as follow

    http_port 192.168.3.1:8080
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi_bin \?
    no_cache deny QUERY
    cache_mem 100 MB
    cache_swap_low 90
    cache_swap_high 95
    cache_dir ufs /var/cache/squid 100 16 256
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log
    hosts_file /etc/hosts
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    visible_hostname server
    acl our_networks src 192.168.3.0/24
    http_access allow our_networks
    http_access allow localhost
    http_access deny all
    http_reply_access allow all
    icp_access allow all
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    memory_pools on
    forwarded_for off
    coredump_dir /var/cache/squid

    and the configurations of my iptables are as follow

    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
    iptables --append FORWARD --in-interface eth0 -j ACCEPT
    iptables -A INPUT -i eth0 -j ACCEPT
    iptables -A OUTPUT -o eth0 -j ACCEPT
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.1:8080
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
    iptables -A INPUT -j LOG
    iptables -A INPUT -j DROP

    i have two cards in my server
    eth0 192.168.3.1 (for LAN)
    eth1 192.168.1.1 (for internet) and i took the internet from access point and the ip address is 192.168.55.106 have given to eth1

    then when i try to enter any http site it give error and i cant enter but when im trying to open my msn messenger it works well

    so any body can help me

  2. #2
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    Hey, From the squid conf file, your proxy is listening on 192.168.3.1:8080, i.e., on your LAN interface (eth0).

    And from the iptables rules, TCP traffic destined to port 80 are redirected to 192.168.1.1:8080, i.e., your WAN interface (eth1), on that no proxy is running. So that your web traffic is getting rejected...

    Quote Originally Posted by mister
    n of squid.conf is as follow

    http_port 192.168.3.1:8080
    hierarchy_stoplist cgi-bin ?
    ns of my iptables are as follow

    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.1:8080
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

    Either change your iptables rules or make ur squid to listen on WAN interface (that is bad idea!!!)

    Hope I understood ur problem correctly and my reply is apt...

    Have fun

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •