Search squid archive

AW: Re: Squid and Intranet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Listing the rules with -nv options as well will show the additional fields
and packet counters.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
  Current Beta Squid 3.1.0.14



Hello,

there are no other rules.
I had deleted all.
For this I used following script:

iptables -F
iptables -X
iptables -t nat -F

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -t nat -A PREROUTING -d 192.168.0.0/24 -i eth1 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j
REDIRECT --to-port 880

iptables-save

On my Windows client I defined as gateway the proxy
server, but when I am sending a request without having
configured the proxy in my browser I can't access the web.

I know the iptables is very unsecure. It was for a test.

Following routing table I use:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
subnet.nic.corp 53.141.218.1    255.255.255.0   UG    0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
53.141.218.0    *               255.255.255.0   U     0      0        0 eth0
link-local      *               255.255.0.0     U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         53.141.218.1    0.0.0.0         UG    0      0        0 eth0

When I use my "secure" iptables configuration I get following
logs.
2009/10/12 17:02:16| comm_udp_sendto: FD 6, 53.146.91.248, port 53: (1)
Operation not permitted
2009/10/12 17:02:16| idnsSendQuery: FD 6: sendto: (1) Operation not
permitted

I can't imagine what is going wrong with the server.
Here's the important part of my squid.conf:

cache_peer 53.141.233.100 parent 80 880 proxy-only no-query no-delay
login=A023098:Sept2009
http_port 880 transparent
acl all src 0.0.0.0/0.0.0.0
# definiert die Gruppe servers
acl servers src 192.168.0.1-192.168.0.254/255.255.255.255

#definiert die Gruppe labor
acl labor src 192.168.1.1-192.168.1.254/255.255.255.255

# definiert die Gruppe clients
acl clients src 192.168.1.11-192.168.1.254/255.255.255.255

acl local dst 192.168.0.0/24
always_direct allow local

# subnet ausgegrenzt fuer test - alle ueber ips

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 210 443 563 1025-65535
acl CONNECT method CONNECT

#Eintrag fuer Suchanfragen ueber Formulare
never_direct allow servers

#Default configuration:
#http_access allow QUERY
#http_access allow manager localhost
#http_access allow localhost
#http_access allow clients

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

http_access allow servers
# erlaubt der Gruppe servers Zugriff
http_access deny manager
http_access allow servers

# verweigert der Gruppe clients Zugriff
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny clients

# verweigert dem Rest den Zugriff
#  TAG: icp_access
#       Reply to all ICP queries we receive
#
icp_access deny all

Regards,
Chris
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux