Find the answer to your Linux question:
Results 1 to 6 of 6
Hello good people of Linux Forums I recently have upgraded my squid to the version 2.6. Right in the begining encounter problems... It seems this new version changed the way ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2006
    Posts
    26

    Question squid transparency proxy denies access to clients.


    Hello good people of Linux Forums
    I recently have upgraded my squid to the version 2.6.
    Right in the begining encounter problems... It seems this new version changed the way to configure it for a transparency proxy.
    After searching in google i have manage to confiruge it to transparent proxy server. But when a user machine tray to navigate throughout the proxy server it give the error of Access Denied. In the access control i have give permisions for him to use the proxy but it not seem to work.
    This server have to be giving service just for the internal lan. Service are:
    - Access to the internet throughout squid transparent proxy.
    - Internal server for: Web page (httpd), Web Mail (webmail of apache server), ftp (vsftd) and Internal DNS (BIND 9.3.4).

  2. #2
    Just Joined!
    Join Date
    May 2006
    Posts
    26
    So far all work great but the squid does not work. This is the part of log from the file access.log ot the squid while the machine2.internaldomain.home open the mozilla and try to open pages:
    Code:
    ...
    1178674986.492    447 192.168.1.2 TCP_DENIED/403 1346 GET http://www.google.com.py/ - DIRECT/64.233.161.104 text/html
    1178674988.571    668 192.168.1.2 TCP_DENIED/403 1346 GET http://www.google.com.py/ - DIRECT/64.233.161.147 text/html
    ...
    Now here goes my config for the server =D
    Devices configs.
    Conection to the internet:
    Code:
    DEVICE=eth0
    ONBOOT=yes
    BOOTPROTO=none
    HWADDR=xx:xx:xx:xx:xx:xx
    NETMASK=255.255.255.252
    IPADDR=172.18.3.30
    TYPE=Ethernet
    USERCTL=no
    IPV6INIT=no
    PEERDNS=yes
    GATEWAY=172.18.3.29
    Conection to the Internal LAN
    Code:
    TYPE=Ethernet
    DEVICE=eth1
    HWADDR=xx:xx:xx:xx:xx:xx
    BOOTPROTO=none
    NETMASK=255.255.255.0
    IPADDR=192.168.1.254
    ONBOOT=yes
    USERCTL=no
    IPV6INIT=no
    PEERDNS=yes

  3. #3
    Just Joined!
    Join Date
    May 2006
    Posts
    26
    resolv.conf file:
    Code:
    search tekorei.home
    nameserver 127.0.0.1
    named.conf
    Code:
    options {
    Directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    query-source address * port 53;
    listen-on { 127.0.0.1; 192.168.1.254; };
    allow-query { 127.0.0.1; 192.168.1.0/24; };
    };
    ..Deleted content..
    zone "internaldomain.home" IN {
    type master;
    file "data/internaldomain.home.zone";
    allow-update { none; };
    };
    
    zone "1.168.192.in-addr.arpa" IN {
    type master;
    file "data/reverse.internaldomain.home.zone";
    allow-update { none; };
    };
    ..Deleted content..

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    May 2006
    Posts
    26
    internaldomain.home.zone file
    Code:
    ;
    $TTL 1D
    @ IN SOA server.internaldomain.home. sysadmin.internaldomain.home. (
    2007050301 ; Serial
    8H ; Refresh
    2H ; Retry
    4W ; Expire
    1D ) ; Minimum
    IN NS server ; Name Server for Internal Domain
    IN MX 10 servern ; Mail Exchange server
    internaldomain.home. IN A 192.168.1.254
    server IN A 192.168.1.254
    www IN CNAME   server
    ftp IN CNAME   server
    mail IN CNAME   server
    machine1 IN A 192.168.1.1
    machine2 IN A 192.168.1.2
    reverse.internaldomain.home.zone file
    Code:
    ;
    $TTL 1D
    @ IN SOA server.internaldomain.home. sysadmin.internaldomain.home. (
    2007050301 ; Serial
    8H ; Refresh
    2H ; Retry
    4W ; Expire
    1D ; Minimum
    IN NS server.internaldomain.home.
    254 IN PTR server.internaldomain.home.
    1 IN PTR machine1.internaldomain.home.
    2 IN PTR machine2.internaldomain.home.

  6. #5
    Just Joined!
    Join Date
    May 2006
    Posts
    26
    squid.conf file
    Code:
    http_port 3128 transparent
    icp_port 3130
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_dir ufs /var/spool/squid 3000 16 256
    access_log /var/log/squid/access.log squid
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    refresh_pattern ^ftp:		1440	20%	10080
    refresh_pattern ^gopher:	1440	0%	1440
    refresh_pattern .		0	20%	4320
    acl manager proto cache_object
    acl all src 0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl CONNECT method CONNECT
    acl network1 src 192.168.1.0/255.255.255.0<--This line was wrong, ot whas set to acl red1. Now it is correct. Updated 9/may/2007
    always_direct allow all
    http_access allow manager localhost
    http_access deny manager
    http_access deny CONNECT !SSL_ports
    http_access allow network1
    http_access deny all 
    http_reply_access allow all
    icp_access allow all
    error_directory /usr/share/squid/errors/Spanish
    coredump_dir /var/spool/squid

  7. #6
    Just Joined!
    Join Date
    May 2006
    Posts
    26
    iptables config. Default policy are set to accept. No other rules are set besides this ones becose i'm still working on the iptables rules to have default policy to drop.
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
    iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 172.18.3.30
    I also have configured the internal server for web pages (httpd), dovecot and senmail for internal mail and the vsftpd. If needed i will post the config for each one of this services.
    Does someone can help?

    I apologies to the Admins for posting replays, it was the only way that i know to put all the data for a good understanding of my problem.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •