Search squid archive

RE: still having problems with Mircosoft Update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks, but I'm still having problems. Obviously something I'm doing wrong,
hence me asking for help! Haha..

Surely people are doing this successfully as a transparent proxy (I don't
want to cache anything).

Matt Ashfield
Network Analyst
Integrated Technology Services
University of New Brunswick
(506) 447-3033
mda@xxxxxx 


-----Original Message-----
From: trainier@xxxxxxxxxx [mailto:trainier@xxxxxxxxxx] 
Sent: August 4, 2005 12:31 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  still having problems with Mircosoft Update

This issue has been discussed numerous times on this list.
For an archive search, try: 
http://www.google.com/search?q=site:squid-cache.org+%2B%22Windows+Update%22&;
hl=en&lr=&start=30&sa=N

Tim Rainier




"Matt Ashfield" <mda@xxxxxx> 
08/04/2005 11:36 AM
Please respond to
<mda@xxxxxx>


To
<squid-users@xxxxxxxxxxxxxxx>
cc

Subject
 still having problems with Mircosoft Update






Hi All,

I'm Running squid 2.5 on a RedHat Enterprise server. I'm running it as a
transparent proxy, but am having problems getting it to allow users to get
to windowsupdate properly. It can get to the site, but when it checks for
updates, it fails. I've tried adjusting my MTU size, but this did not 
help.
I think my issue is that WindowsUpdate uses port 443 and I'm not sure if 
I'm
accommodating this in my configuration correctly. Below is as much info as 
I
think may be useful.

My iptables rule looks like below. The first line is to redirect all port 
80
requests to my squid port of 3128. The other two lines are for DNS:
iptables -t nat -A PREROUTING -s 192.168.144.0/23 -p tcp --dport 80 -j 
REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -p tcp --dport 53 -j SNAT --to-source
x.x.144.200
iptables -t nat -A POSTROUTING -p udp --dport 53 -j SNAT --to-source
x.x.144.200

Within my squid.conf, I am running squid on port 3128. I have a redirector
script, and have the following lines that seem pertinent: 
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 563 443
acl Safe_ports port 80 21 70 210 911 1025-65535
acl Safe_ports port 280         # http-mgmt 
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

redirector_access allow REDIRECT !SSL_ports

As well, to allow windowsupdate sites I have:
acl NoRedirect url_regex -i .*microsoft\.com
acl NoRedirect url_regex -i .*akamai\.net
acl NoRedirect url_regex -i .*akamai\.com
acl NoRedirect url_regex -i .*windows\.com
acl NoRedirect url_regex -i .*windowsupdate\.com
acl NoRedirect url_regex -i .*windowsupdate\.net
acl NoRedirect url_regex -i .*msft\.com
acl NoRedirect url_regex -i .*msft\.net
acl NoRedirect url_regex -i .*nsatc\.com
acl NoRedirect url_regex -i .*nsatc\.net
acl NoRedirect url_regex -i .*edgesuite\.net
acl NoRedirect url_regex -i .*akadns\.com
acl NoRedirect url_regex -i .*akadns\.net
acl NoRedirect url_regex -i .*207.46.*
acl NoRedirect url_regex -i .*64.2.21.*
acl NoRedirect url_regex -i .*unb\.ca.*
acl NoRedirect url_regex -i windowsupdate
redirector_access deny NoRedirect


Any help is greatly appreciated.

Cheers

Matt






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux