Search squid archive

still having problems with Mircosoft Update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi All,

I'm Running squid 2.5 on a RedHat Enterprise server. I'm running it as a
transparent proxy, but am having problems getting it to allow users to get
to windowsupdate properly. It can get to the site, but when it checks for
updates, it fails. I've tried adjusting my MTU size, but this did not help.
I think my issue is that WindowsUpdate uses port 443 and I'm not sure if I'm
accommodating this in my configuration correctly. Below is as much info as I
think may be useful.

My iptables rule looks like below. The first line is to redirect all port 80
requests to my squid port of 3128. The other two lines are for DNS:
iptables -t nat -A PREROUTING -s 192.168.144.0/23 -p tcp --dport 80 -j 
REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -p tcp --dport 53 -j SNAT --to-source
x.x.144.200
iptables -t nat -A POSTROUTING -p udp --dport 53 -j SNAT --to-source
x.x.144.200

Within my squid.conf, I am running squid on port 3128. I have a redirector
script, and have the following lines that seem pertinent: 
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 563 443
acl Safe_ports port 80 21 70 210 911 1025-65535
acl Safe_ports port 280         # http-mgmt 
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

redirector_access allow REDIRECT !SSL_ports

As well, to allow windowsupdate sites I have:
acl NoRedirect url_regex -i .*microsoft\.com
acl NoRedirect url_regex -i .*akamai\.net
acl NoRedirect url_regex -i .*akamai\.com
acl NoRedirect url_regex -i .*windows\.com
acl NoRedirect url_regex -i .*windowsupdate\.com
acl NoRedirect url_regex -i .*windowsupdate\.net
acl NoRedirect url_regex -i .*msft\.com
acl NoRedirect url_regex -i .*msft\.net
acl NoRedirect url_regex -i .*nsatc\.com
acl NoRedirect url_regex -i .*nsatc\.net
acl NoRedirect url_regex -i .*edgesuite\.net
acl NoRedirect url_regex -i .*akadns\.com
acl NoRedirect url_regex -i .*akadns\.net
acl NoRedirect url_regex -i .*207.46.*
acl NoRedirect url_regex -i .*64.2.21.*
acl NoRedirect url_regex -i .*unb\.ca.*
acl NoRedirect url_regex -i windowsupdate
redirector_access deny NoRedirect


Any help is greatly appreciated.

Cheers

Matt
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux