> I have a brand new Gentoo Linux install set up with the following: > > Arno's Firewall 1.8.4d is firewalling my internet connection and > forwarding all outgoing port 80 traffic through a transparent proxy > setup. Cool. Is it doing the same for outgoing port 443? If not, that's why secure websites aren't working. Tim Rainier Information Services, Kalsec, INC trainier@xxxxxxxxxx > > -----Original Message----- > > From: rance@xxxxxxxxxxxxxxx [mailto:rance@xxxxxxxxxxxxxxx] > > Sent: Saturday, October 29, 2005 4:35 PM > > To: squid-users@xxxxxxxxxxxxxxx > > Subject: secure web sites wont show on my clients > > > > > > I have a brand new Gentoo Linux install set up with the following: > > > > Arno's Firewall 1.8.4d is firewalling my internet connection and > > forwarding all outgoing port 80 traffic through a transparent proxy > > setup. > > > > Is it preventing clients from accessing the outside world on port 443? > > > dnsmasq is both my dns server and dhcp server (both of these > > work no problem. > > > > I've installed dansguardian with the default config file (for now) > > > > Ive install squid 2.5 stable11 with an alered > > /etc/squid/squid.conf file. > > > > My sequence is internal internet request -> dansguardian -> squid -> > > out to internet > > > > I just couldnt follow all the comments in such a large config > > file so I > > copied the sample one that comes with squid to squid.conf.sample > > > > and started over with a blank squid.conf file > > > > here it is: > > > > > > http_port 127.0.0.1:3128 > > httpd_accel_host virtual > > httpd_accel_port 80 > > httpd_accel_with_proxy on > > httpd_accel_uses_host_header on > > > > > > acl all src 0.0.0.0/0.0.0.0 > > acl localhost src 127.0.0.1 > > follow_x_forwarded_for allow localhost > > acl_uses_indirect_client on > > delay_pool_uses_indirect_client on > > log_uses_indirect_client on > > > > > > acl homenet src 192.168.0.0/24 > > > > http_access allow localhost > > http_access allow homenet > > http_access deny all > > > > Ok: > > > > this setup seems to work for regular port 80 traffic ok > > So Squid is working fine... > > > > > (please note, Im going for an unfiltered setup for now, I > > want to make > > sure everything that needs to work does, BEFORE the access > > rules start > > changing stuff, I want to know for sure that my problem was > > in my last > > rule change, not a setup issue > > > > My problem with this setup is web sites that require you to log in. > > > > EG www.hotmail.com > > > > dont work for the log in part. > > > > there are no error messages, just timeouts on the connection and > > windows shows the DNS error page. > > It's likely not a squid problem. You can't intercept SSL traffic > (and it doesn't look like you are trying), so you have to let it go > direct, (and obviously let the responses back in). Check your firewall rules. > > > > > What am I missing? Is it safe_ports? (I read about those in > > my master > > copy of the .conf.default file) > > > > I want to make sure that squid allows all of my normal > > traffic before I > > start restricting any. > > > > Could someone please tell me what I've missed here, Thanks > > > > Rance > > > > > > Chris
