Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    squid server blocking http

    i have downloaded squid proxy server in my gentoo server i have configured it and then i have configured my iptables .
    the configuration of squid.conf is as follow

    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi_bin \?
    no_cache deny QUERY
    cache_mem 100 MB
    cache_swap_low 90
    cache_swap_high 95
    cache_dir ufs /var/cache/squid 100 16 256
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log
    hosts_file /etc/hosts
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    acl all src
    acl manager proto cache_object
    acl localhost src
    acl to_localhost dst
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    visible_hostname server
    acl our_networks src
    http_access allow our_networks
    http_access allow localhost
    http_access deny all
    http_reply_access allow all
    icp_access allow all
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    memory_pools on
    forwarded_for off
    coredump_dir /var/cache/squid

    and the configurations of my iptables are as follow

    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
    iptables --append FORWARD --in-interface eth0 -j ACCEPT
    iptables -A INPUT -i eth0 -j ACCEPT
    iptables -A OUTPUT -o eth0 -j ACCEPT
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
    iptables -A INPUT -j LOG
    iptables -A INPUT -j DROP

    i have two cards in my server
    eth0 (for LAN)
    eth1 (for internet) and i took the internet from access point and the ip address is have given to eth1

    then when i try to enter any http site it give error and i cant enter but when im trying to open my msn messenger it works well

    so any body can help me

  2. #2
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Hey, From the squid conf file, your proxy is listening on, i.e., on your LAN interface (eth0).

    And from the iptables rules, TCP traffic destined to port 80 are redirected to, i.e., your WAN interface (eth1), on that no proxy is running. So that your web traffic is getting rejected...

    Quote Originally Posted by mister
    n of squid.conf is as follow

    hierarchy_stoplist cgi-bin ?
    ns of my iptables are as follow

    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

    Either change your iptables rules or make ur squid to listen on WAN interface (that is bad idea!!!)

    Hope I understood ur problem correctly and my reply is apt...

    Have fun

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts