Re: Connecting MS Explorer to squid problem

[Tek Bahadur Limbu <teklimbu@xxxxxxxxxxxx>]

Mohan Jayaweera wrote:
> Greetings to everybody!
> I am a newbie
>
> my squid in H/W firewall is with following setting (SeLinux disabled)
> ==================================================
>
> DSL /gateway (192.168.1.1)
> |
> |
> |
> v
> squid's eth0 192.168.1.10/255.255.255.0 gateway 192.168.1.1 (DNS1,2 set)
> | (squid serves the localhost well)
> |
> |
> v
> eth1 192.168.1.11/255.255.255.0 (no gateway-this is for internal network)
> |
> |
> |
> v
> Internal network
> (I can not connect windows IE with these settings >> IP
> 192.168.1.8/255.255.255.0 /Gateway 192.168.1.11 , DNS 192.168.1.11,
> proxy setting 192.168.1.11/3128  from the internal network
>
> *my squid.conf is below, it consist with default settings and some
> other settings from vatious source I tried.
> *squid serves the localhost m/c well but not the other clients like MS IE
> --------------------------------------------
> http_port 3128
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> access_log /var/log/squid/access.log squid
> refresh_pattern ^ftp:        1440    20%    10080
> refresh_pattern ^gopher:    1440    0%    1440
> refresh_pattern .        0    20%    4320
> # ACCESS CONTROLS
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80        # http
> acl Safe_ports port 21        # ftp
> acl Safe_ports port 443        # https
> acl Safe_ports port 70        # gopher
> acl Safe_ports port 210        # wais
> acl Safe_ports port 1025-65535    # unregistered ports
> acl Safe_ports port 280        # http-mgmt
> acl Safe_ports port 488        # gss-http
> acl Safe_ports port 591        # filemaker
> acl Safe_ports port 777        # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> acl our_networks src 192.168.1.0/24 192.168.2.0/24
> http_access allow our_networks
> http_access allow localhost
> http_access deny all
> debug_options ALL, 1 33, 2 28, 9
> acl allow_ip src 192.168.1.0/24
> acl host1 src 192.168.1.8
> http_access allow host1
> http_access allow allow_ip
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> visible_hostname none
> coredump_dir /var/spool/squid
>
> Please help me to solve this problem
> Thanks in advance

Hi Mohan,

As Hendrik suggested, you can change your internal network from 
192.168.1.0/24 to 192.168.2.0/24.

Then, you can change the permissions for your relevant files and 
directories.
Here, I am just guessing your squid locations.

Try the following:


root@localhost#  chown -R nobody:nobody /etc/squid
root@localhost#  chown -R nobody:nobody /var/cache
root@localhost#  chown -R nobody:nobody /var/spool/squid


You can use the following simple squid.conf :


############ Start of squid.conf ###############

cache_effective_user nobody
cache_effective_group nobody

http_port 3128

cache_dir ufs /var/cache 1024 16 256

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none

emulate_httpd_log on

refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .       	 0    20%    4320

# ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0
acl our_networks src 192.168.1.0/24 192.168.2.0/24

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow our_networks
http_access allow localhost
http_access deny all



http_reply_access allow all
icp_access allow all
visible_hostname none
coredump_dir /var/spool/squid


############# End of squid.conf ###############

Than try using your squid proxy server from your new 192.168.2.0/24 
network. It should work!

Thanking you...


> Mohan


--

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np