Mr Wells wrote:
Hi All,
I'm unable to access a proxy server ("proxyEXT"). Can anyone please spot what I'm doing wrong?
Note: ISP will only allow 1 connection from us to its service. (unless we pay for second account!) ;-)
overview:
I have a Squid box ("proxy") serving the whole school. Upstream proxy with main filtering is provided by ISP. Running faultlessly for many years despite 3 hardware upragades & versions of squid. THANK YOU SQUID!
This box feeds two others. "proxyINT" & "proxyEXT".
proxyINT provides controlled internet access to boarding pupils, but seperate from main school system via wireless & CAT5.
proxyEXT it to provide access for remote parts of the school via ADSL.
Each remote house will have it's own proxy providing individual pupil access control via wireless & CAT5, with proxyEXT as it's upstream parent.
clouds:
public x.x.x.97 255.255.255.240 (range from .96 to .111 ?)
private main 10.x.x.x 255.0.0.0
private boarding 192.168.1.x 255.255.255.0
connection:
ISP ->ADSL -> CISCO router (x.x.x.97)
router has 3 Boxes connected to it's Cat5 ports
x.x.x.98 Mail server (internal address 10.1.1.5)
x.x.x.100 proxy (internal address 10.1.1.6)
x.x.x.103 proxyEXT (internal address 10.1.1.61)
10.1.1.x is reserved from DHCP for server addresses.
for info:
proxyINT (working fine) has an external address 10.1.1.60, internal address 192.168.1.1
Tests:
A) set a PC to x.x.x.104 using X-cable connect directly to proxyEXT external NIC - configure Firefox to x.x.x.103:3128 - Works
B) from home - ping x.x.x.103 - Works
C) from home - VNC into proxyEXT - Works
D) tracert to x.x.x.103 - Works 17 hops
E) from home - configure web browser to x.x.x.103:3128 - not working
Test E) above. In Firefox I get a general error telling me the server took too long to respond. IE gives the DNS error page.
These errors in E)above can be reproduced by configuring the web browser to a non-existent proxy. e.g. x.x.x.104:3128
step 1) is port 3128 open on the router? ie telnet x.x.x.103 3128
step 2) is the router actually forwarding traffic from that port to
proxtEXT? wireshark/tcpdump will show this.
step 3) is squid proxy listening on pubic-facing IP (10.1.1.61) or
wildcard IP (0.0.0.0) at that port? netstat -antp
History:
Previously was unable to get test B, C of D to work either. Our ISP decided that the router (ISP maintained) may be at fault and have sent a replacement part.
Kind regards
Adrian
Amos
--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
