Find the answer to your Linux question:
Results 1 to 3 of 3
Hi! i am trying to set up squid just so i can monitor traffic and web caching my network is 192.168.1.0/255.255.255.0 i found a config file that i modified a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2008
    Posts
    2

    Squid Proxy Configuration


    Hi!

    i am trying to set up squid just so i can monitor traffic and web caching

    my network is 192.168.1.0/255.255.255.0

    i found a config file that i modified a little. i started squid (no errors) but when i set my browser (on an other pc) to use the proxy i get "proxy server is refusing connections"

    here is my config:

    visible_hostname squidtest.mansef
    unique_hostname squidtest.mansef
    # The port on which squid will listen for requests
    http_port 8080
    # If 'cgi-bin' or '?' is in query, squid should not check with neighbours'/parents' cache
    # and should go to target web-server.
    hierarchy_stoplist cgi-bin ?
    # If url contains 'cgi-bin' or '?', then it must not be cached
    acl QUERY urlpath_regex cgi-bin \?
    cache deny QUERY
    acl apache rep_header Server ^Apache
    #broken_vary_encoding allow apache
    # Absolute path to squid access log.
    access_log /var/log/squid/access.log squid
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    # Access control list to control every IP address
    #TEST
    acl all src 0.0.0.0/0.0.0.0
    acl network src 192.168.1.0/255.255.255.0
    # Access control list for source machine in LAN
    acl lan_src src 192.168.1.0/24
    # Access control list for destination machine in LAN
    acl lan_dst dst 192.168.1.0/24
    # Access control list to manage squid cache
    acl manager proto cache_object
    # Access control list to define IP address allowed for source localhost
    acl localhost src 127.0.0.1/255.255.255.255
    # Access control list to define IP addresses allowed for localhost as destination
    acl to_localhost dst 127.0.0.0/8
    # Access control list to define Safe ports that should be allowed by default
    acl SSL_ports port 443 563 1863 5190 5222 5050 6667
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    #TEST
    http_access allow network
    icp_access allow network
    # Allow cache management only from localhost
    http_access allow manager localhost
    # Deny cache management from remote hosts
    http_access deny manager
    # Deny http access via all the ports which are not listed as safe
    http_access deny !Safe_ports
    # Deny all connections via all ports which are not listed as safe
    http_access deny CONNECT !SSL_ports
    # Allow http access from localhost
    http_access allow localhost
    # Allow http access from machines on LAN
    http_access allow lan_src
    http_access deny all
    http_reply_access allow all
    icp_access allow all
    # Deny caching for everyone so that there is not caching at all
    cache deny all
    coredump_dir /var/spool/squid
    # Never allow direct connection to machines on the internet
    prefer_direct off
    never_direct allow all
    # Allow direct connetion if the destination machine is on LAN
    always_direct allow lan_dst
    # Delete this line if you don't have /etc/hosts file
    hosts_file /etc/hosts
    # Allow AIM connections
    # Delete the following 9 lines if you don't want people to connect to AIM
    acl AIM_ports port 5190 9898 6667
    acl AIM_domains dstdomain .oscar.aol.com .blue.aol.com .freenode.net
    acl AIM_domains dstdomain .messaging.aol.com .aim.com
    acl AIM_hosts dstdomain login.oscar.aol.com login.glogin.messaging.aol.com toc.oscar.aol.com irc.freenode.net
    acl AIM_nets dst 64.12.0.0/255.255.0.0
    acl AIM_methods method CONNECT
    http_access allow AIM_methods AIM_ports AIM_nets
    http_access allow AIM_methods AIM_ports AIM_hosts
    http_access allow AIM_methods AIM_ports AIM_domains
    # Allow connections to Yahoo Messenger
    # Delete the following 6 lines if you don't want people to connect to Yahoo Messenger
    acl YIM_ports port 5050
    acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp
    acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp
    acl YIM_methods method CONNECT
    http_access allow YIM_methods YIM_ports YIM_hosts
    http_access allow YIM_methods YIM_ports YIM_domains
    # Allow connections to Google Talk
    # Delete the following 6 lines if you don't want people to connect to Google Talk
    acl GTALK_ports port 5222 5050
    acl GTALK_domains dstdomain .google.com
    acl GTALK_hosts dstdomain talk.google.com
    acl GTALK_methods method CONNECT
    http_access allow GTALK_methods GTALK_ports GTALK_hosts
    http_access allow GTALK_methods GTALK_ports GTALK_domains
    # Allow connections to MSN
    # Delete the following 6 lines if you don't want people to connect to Google Talk
    acl MSN_ports port 1863 443 1503
    acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com
    acl MSN_hosts dstdomain messenger.hotmail.com
    acl MSN_nets dst 207.46.111.0/255.255.255.0
    acl MSN_methods method CONNECT
    http_access allow MSN_methods MSN_ports MSN_hosts

    please help!!

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    I don't think it matters, but why do you have the network defined twice and in 2 different ways?
    Code:
    acl network src 192.168.1.0/255.255.255.0
    # Access control list for source machine in LAN
    acl lan_src src 192.168.1.0/24
    are there any errors being logged on the server

  3. #3
    Just Joined!
    Join Date
    Aug 2008
    Posts
    2
    i saw it done like that (mask both ways) on some sites so i did it like that also. i tried it without "acl network src 192.168.1.0/255.255.255.0" and when it was refused, i added it.. but it didn't help.

    no errors in cache.log.. is there another place to look?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •