Asim Ahmed @ Folio3 wrote:
hi all,
I am using squid 3.0Stable20-1 along with Shorewall 4.4.4-1 on a RHEL5
box. I had a few problems running squid in transparent mode so now I
am running it in non-transparent mode.
Please use the term "interception" instead of "transparent".
Every thing like browsing / IM tools working fine. A major problem
that I am facing is that quite a few users in my staff uses TFS (Team
Foundation Server - A code repository running on port 8080) remotely.
After installing squid they are hving great difficulty connecting to
that server. I am REDIRECTING port 80 traffic from shorewall to squid
on the same box.
Which indicates you are still INTERCEPTING traffic.
I tried same approach and REDIRECTED port 8080 traffic to squid as
well and made an ACL in squid.conf to allow that particular traffic to
that particular server address over port 8080.
Why wouldn't it be allowed? Port 8080 is included in "Safe_ports".
Assuming you are allowing access to your cache based on source IP, you
shouldn't need a special rule allowing traffic to a particular server's
port 8080.
When I see squid access log, traffic shows up there but with HTTP 401
code that means not-authorized request. On TFS screen users also get
"you are not authorized to connect to this server" error. This does
not make any sense because without squid they jsut connect in first
attempt.
Please share your squid.conf (minus comments and blank lines).
Otherwise have a look at
http://wiki.squid-cache.org/SquidFaq/SquidAcl#I_set_up_my_access_controls.2C_but_they_don.27t_work.21__why.3F
Even I tried adding a rule in shorewall to process 8080 traffic before
I redirect traffic to squid, but that makes things unreliable in the
sense that some times it work, and at times it does not!
Can any one help suggesting any measures to get over with this?
Is this squid's normal behaviour to stop shorewall from normal working
when installed?
No.
Does squid takes over control of system ports in use by shorewall?
Only if you configure it to.
Chris
