Mohan Jayaweera wrote:
Greetings to everybody!
I am a newbie
my squid in H/W firewall is with following setting (SeLinux disabled)
==================================================
DSL /gateway (192.168.1.1)
|
|
|
v
squid's eth0 192.168.1.10/255.255.255.0 gateway 192.168.1.1 (DNS1,2 set)
| (squid serves the localhost well)
|
|
v
eth1 192.168.1.11/255.255.255.0 (no gateway-this is for internal network)
|
|
|
v
Internal network
(I can not connect windows IE with these settings >> IP
192.168.1.8/255.255.255.0 /Gateway 192.168.1.11 , DNS 192.168.1.11,
proxy setting 192.168.1.11/3128 from the internal network
*my squid.conf is below, it consist with default settings and some
other settings from vatious source I tried.
*squid serves the localhost m/c well but not the other clients like MS IE
--------------------------------------------
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
debug_options ALL, 1 33, 2 28, 9
acl allow_ip src 192.168.1.0/24
acl host1 src 192.168.1.8
http_access allow host1
http_access allow allow_ip
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname none
coredump_dir /var/spool/squid
Please help me to solve this problem
Thanks in advance
Hi Mohan,
As Hendrik suggested, you can change your internal network from
192.168.1.0/24 to 192.168.2.0/24.
Then, you can change the permissions for your relevant files and
directories.
Here, I am just guessing your squid locations.
Try the following:
root@localhost# chown -R nobody:nobody /etc/squid
root@localhost# chown -R nobody:nobody /var/cache
root@localhost# chown -R nobody:nobody /var/spool/squid
You can use the following simple squid.conf :
############ Start of squid.conf ###############
cache_effective_user nobody
cache_effective_group nobody
http_port 3128
cache_dir ufs /var/cache 1024 16 256
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
emulate_httpd_log on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0
acl our_networks src 192.168.1.0/24 192.168.2.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname none
coredump_dir /var/spool/squid
############# End of squid.conf ###############
Than try using your squid proxy server from your new 192.168.2.0/24
network. It should work!
Thanking you...
Mohan
--
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np