AAaaargh! Sorry, I meant to reply to the list, but that doesn't seem to be the default. Sorry. Amos, Many thanks for the reply; I had almost given up! On Jan 7, 2008 12:52 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > So this is a webserver accelerator too? > Think about adding defaultsite= option to cope with the many broken web > clients that may be accessing your server. The main requirement is for some kind of control over the user's browsing habits. > This port is also the cause of your problem. You are running squid as a > non-privileged user. To access a special port <1024 you MUST run squid > as root and let it drop down to unprivileged by itself at the right times. Yes it is being started as root with /etc/init.d/squid restart, or by the boot sequence. The line http_port 192.168.60:80 vhost vport=8080 has a typo, which I have since corrected. In fact I have been researching this quite extensively and have tried a number of different configurations of squid.conf without success so far. My squid.conf now looks like this: visible_hostname Base acl IQNetwork src 192.168.60.0/24 acl all src 0.0.0.0/0.0.0.0 http_access allow IQNetwork http_port 3128 transparent hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 > Please use Squid 2.6STABLE17 or 3.0STABLE1. > There are serious security advisories out on all earlier releases. I have downloaded and recompiled Squid2.6.STABLE17 as part of the ongoing effort to get it working, but still no joy. My iptables look like this: root@Base:/home/dave# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:www to:192.168.60.254:3128 DNAT tcp -- anywhere anywhere tcp dpt:https to:192.168.60.254:3128 DNAT tcp -- anywhere anywhere tcp dpt:3128 to:192.168.60.254:3128 DNAT tcp -- anywhere anywhere tcp dpt:webcache to:192.168.60.254:3128 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE 0 -- 192.168.60.0/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination But still no joy....
