hello i have problem please see h++p://amyhost[dot]com/data/1.jpg and this is my squid conf... ---------start----------- #logformat squid %>a [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh http_port 2210 transparent icp_port 3130 snmp_port 3401 cache_mgr admin emulate_httpd_log off #cache_peer ip.sumber.squid parent 3128 3130 proxy-only #cache_peer ip.yang.numpang sibling 3128 3130 proxy-only #cache_peer 192.168.1.253 sibling 2210 3130 proxy-only #cache_peer it.gpi-g.com parent 2210 0 no-query default #cache_peer 202.169.51.119 parent 2210 0 no-query no-digest no-netdb-exchange default cache_replacement_policy heap LFUDA maximum_object_size_in_memory 50 KB maximum_object_size 50 MB #minimum_object_size 1 KB dead_peer_timeout 10 seconds acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY visible_hostname gpi-g.com cache_mem 5 MB memory_pools off log_icp_queries on buffered_logs on quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 95 #never_direct allow all cache_swap_low 70% cache_swap_high 90% #cache_dir aufs /var/spool/squid 40000 16 256 cache_dir aufs /var/spool/squid 4000 16 256 cache_dir aufs /var/spool/squid1 4000 16 256 cache_dir aufs /var/spool/squid2 4000 16 256 cache_dir aufs /var/spool/squid3 4000 16 256 #cache_dir diskd /var/spool/squid 4800 8 64 max-size=-1 Q1=64 Q2=72 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log pid_filename /var/run/squid.pid forwarded_for on half_closed_clients off cache_effective_user proxy cache_effective_group proxy cache_mgr mirza.k@xxxxxxxxx refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl website dstdomain "/etc/website" acl gator dstdomain .gator.com acl gohip dstdomain .gohip.com acl kazaa dstdomain .kazaa.com acl real dstdomain .real.com acl pornsite url_regex 220.73.222.254 acl LAN src 192.168.222.0/255.255.255.0 acl LAN2 src 172.16.0.0/255.255.0.0 #acl NOC src 192.168.1.0/255.255.255.0 acl snmpcommunity snmp_community nama_snmpcommunity acl all src 0.0.0.0/0.0.0.0 #acl IIX dst_as 7597 #always_direct allow IIX acl manager proto cache_object acl localhost src 127.0.0.1 acl SSL_ports port 443 563 acl Safe_ports port 21 80 81 53 143 2443 443 563 70 210 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT #acl INSIDE_IP dst 172.16.0.2 #always_direct allow INSIDE_IP #never_direct allow all #header_access User-Agent deny all #header_replace User-Agent Mozilla/5.0 (X11; U; Linux 2.6.8 DEC Alpha) #follow_x_forwarded_for allow localhost #log_uses_indirect_client on #acl_uses_indirect_client on #delay_pool_uses_indirect_client on acl acceleratedHost dst 202.169.51.119/255.255.255.255 acl acceleratedPort port 2210 #httpd_accel_single_host off http_access allow manager localhost LAN http_access deny !Safe_ports http_access deny pornsite http_access deny CONNECT !SSL_ports snmp_access allow snmpcommunity http_access deny website http_access deny gator http_access deny gohip http_access deny real http_access deny kazaa http_access allow LAN http_access allow LAN2 #http_access allow NOC http_access allow localhost http_access allow acceleratedHost http_access deny all snmp_access deny all httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cachemgr_passwd nasigoreng manager negative_ttl 1 minutes ----------------- and this is my iptables rules #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. echo "1" > /proc/sys/net/ipv4/ip_forward /etc/init.d/networking restart #----------------------------------------------------- # eth0 = WAN1 = 202.169.51.119 # eth1 = DMZ = 192.168.222.1 ( Konek ke MAILSERVER & WEBSERVER - sementara simulai hanya mailserver ) # eth2 = LAN = 192.168.222.2 ( Konek ke PROXY SERVER - sementara di simulai PROXY SERVER = CLIENT ) #------------------------------------------------------ # Tukang sapu /sbin/iptables --flush /sbin/iptables --table nat --flush /sbin/iptables --delete-chain /sbin/iptables --table nat --delete-chain /sbin/iptables -F -t nat # Jembatan gantung DMZ <=> LAN /sbin/iptables -A FORWARD -i eth2 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT # Jembatan gantung DMZ <=> Mail Server & Webserver /sbin/iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Jembatan gantung WAN1 <=> LAN /sbin/iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A FORWARD -i eth0 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT ## Forward port 25 ke mail server /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119 --dport 25 -j DNAT --to-destination 172.16.0.2 ## Forward port 80 ke mail server /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119 --dport 80 -j DNAT --to-destination 172.16.0.2 ## Forward port 110 ke mail server /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119 --dport 110 -j DNAT --to-destination 172.16.0.2 ## Forward port 2810 ke mail server /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119 --dport 2810 -j DNAT --to-destination 172.16.0.2 /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119 --dport 3810 -j DNAT --to-destination 172.16.0.3 # masqurade /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT ## REDIRECT # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 #transparant proxy - WARNING INI SEMENTARA - LIHAT eth2 -- pake dansguard port 2211 /sbin/iptables -t nat -A PREROUTING -i eth2 -p tcp -s 192.168.222.0/255.255.255.0 --dport 80 -j DNAT --to 192.168.222.2:2211 exit 0 ============= problem : i cant browse to my-sub.domain.ext from network but i can browse my-sub.domain.ext from external ( other place ) my squid = transparant when i type http://my-sub.domain.ext it say ( mozzila FF ) "Problem Loading page" then i put squid / Proxy IP manually 192.168.222.2 and port 2210 at my mozzila FF it say : RROR The requested URL could not be retrieved While trying to retrieve the URL: http://my-sub.domain.ext/ The following error was encountered: * Connection to 202.169.51.119 Failed The system returned: (111) Connection refused The remote host or network may be down. Please try the request again. Your cache administrator is mirza.k@xxxxxxxxxxx Generated Fri, 22 Aug 2008 02:12:13 GMT by domain.ext (squid/2.6.STABLE18) --- need help asap -- -=-=-=-= -- -=-=-=-=
