Re: Squid blocks web page in port 7779

>p3dRø< <ip2trama@xxxxxxxxx> · Tue, 17 Aug 2010 13:14:25 -0500

Hi Amos,

I have my proxy as another host in the network (with only one ethernet
card = eth0). The communication flow is:

Internet <--> Router ADSL <--> Firewall <--> Squid <--> PCs

What I mean with transparent is that all the hosts go to proxy without
authentication and without blocking anything yet. They don't know that
there is any proxy.

I reconfigured my config file and I have this now:

http_port 3128 intercept
cache_mem 100 MB
cache_dir ufs /var/spool/squid 150 16 256
acl red_local src 192.168.1.0/24
acl localhost src 127.0.0.1/32
acl all src all
http_access allow localhost
http_access allow red_local
acl SSL_ports port 443
acl SSL_ports port 7779
acl Safe_ports port 8080
acl Safe_ports port 80
acl Safe_ports port 7779
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
visible_hostname Squid

Log send me this:

1282067264.181    121 192.168.1.110 TCP_MISS/503 4218 GET
http://ww4.essalud.gob.pe:7779/acredita/ - DIRECT/ww4.essalud.gob.pe
text/html

Another debug:

[root@squid]# squid -X
2010/08/17 13:02:52.092| command-line -X overrides: ALL,7
2010/08/17 13:02:52.092| CacheManager::registerAction: registering legacy mem
2010/08/17 13:02:52.092| CacheManager::findAction: looking for action mem
2010/08/17 13:02:52.092| Action not found.
2010/08/17 13:02:52.092| CacheManager::registerAction: registered mem
2010/08/17 13:02:52.092| CacheManager::registerAction: registering
legacy squidaio_counts
2010/08/17 13:02:52.092| CacheManager::findAction: looking for action
squidaio_counts
2010/08/17 13:02:52.092| Action not found.
2010/08/17 13:02:52.092| CacheManager::registerAction: registered
squidaio_counts
2010/08/17 13:02:52.092| CacheManager::registerAction: registering legacy diskd
2010/08/17 13:02:52.092| CacheManager::findAction: looking for action diskd
2010/08/17 13:02:52.092| Action not found.
2010/08/17 13:02:52.092| CacheManager::registerAction: registered diskd
2010/08/17 13:02:52.092| aclDestroyACLs: invoked
2010/08/17 13:02:52.092| ACL::Prototype::Registered: invoked for type src
2010/08/17 13:02:52.092| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.092| ACL::FindByName 'all'
2010/08/17 13:02:52.092| ACL::FindByName found no match
2010/08/17 13:02:52.092| aclParseAclLine: Creating ACL 'all'
2010/08/17 13:02:52.092| ACL::Prototype::Factory: cloning an object
for type 'src'
2010/08/17 13:02:52.092| aclIpParseIpData: all
2010/08/17 13:02:52.092| aclIpParseIpData: magic 'all' found.
2010/08/17 13:02:52.092| aclParseAclList: looking for ACL name 'all'
2010/08/17 13:02:52.092| ACL::FindByName 'all'
2010/08/17 13:02:52.092| Processing Configuration File:
/etc/squid/squid.conf (depth 0)
2010/08/17 13:02:52.093| Processing: 'http_port 3128 intercept'
2010/08/17 13:02:52.093| http(s)_port: found Listen on Port: 3128
2010/08/17 13:02:52.093| http(s)_port: found Listen on wildcard
address: [::]:3128
2010/08/17 13:02:52.093| Starting Authentication on port [::]:3128
2010/08/17 13:02:52.093| Disabling Authentication on port [::]:3128
(interception enabled)
2010/08/17 13:02:52.093| Disabling IPv6 on port [::]:3128 (interception enabled)
2010/08/17 13:02:52.094| Processing: 'cache_mem 100 MB'
2010/08/17 13:02:52.094| Processing: 'cache_dir ufs /var/spool/squid 150 16 256'
2010/08/17 13:02:52.094| file_map_create: creating space for 16384 files
2010/08/17 13:02:52.094| --> 512 words of 4 bytes each
2010/08/17 13:02:52.094| Processing: 'acl red_local src 192.168.1.0/24'
2010/08/17 13:02:52.094| ACL::Prototype::Registered: invoked for type src
2010/08/17 13:02:52.094| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.094| ACL::FindByName 'red_local'
2010/08/17 13:02:52.094| ACL::FindByName found no match
2010/08/17 13:02:52.094| aclParseAclLine: Creating ACL 'red_local'
2010/08/17 13:02:52.094| ACL::Prototype::Factory: cloning an object
for type 'src'
2010/08/17 13:02:52.094| aclIpParseIpData: 192.168.1.0/24
2010/08/17 13:02:52.094| aclIpParseIpData: '192.168.1.0/24' matched:
SCAN3-v4: %[0123456789.]/%[0123456789.]
2010/08/17 13:02:52.094| Ip.cc(517) FactoryParse: Parsed:
192.168.1.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00](/120)
2010/08/17 13:02:52.094| Processing: 'acl localhost src 127.0.0.1/32'
2010/08/17 13:02:52.094| ACL::Prototype::Registered: invoked for type src
2010/08/17 13:02:52.094| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.094| ACL::FindByName 'localhost'
2010/08/17 13:02:52.094| ACL::FindByName found no match
2010/08/17 13:02:52.094| aclParseAclLine: Creating ACL 'localhost'
2010/08/17 13:02:52.094| ACL::Prototype::Factory: cloning an object
for type 'src'
2010/08/17 13:02:52.094| aclIpParseIpData: 127.0.0.1/32
2010/08/17 13:02:52.094| aclIpParseIpData: '127.0.0.1/32' matched:
SCAN3-v4: %[0123456789.]/%[0123456789.]
2010/08/17 13:02:52.094| Ip.cc(517) FactoryParse: Parsed:
127.0.0.1-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff](/128)
2010/08/17 13:02:52.094| Processing: 'acl all src all'
2010/08/17 13:02:52.094| ACL::Prototype::Registered: invoked for type src
2010/08/17 13:02:52.094| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.094| ACL::FindByName 'all'
2010/08/17 13:02:52.094| aclParseAclLine: Appending to 'all'
2010/08/17 13:02:52.094| aclIpParseIpData: all
2010/08/17 13:02:52.094| aclIpParseIpData: magic 'all' found.
2010/08/17 13:02:52.094| aclIpAddrNetworkCompare: compare: [::]/[::]
([::])  vs [::]-[::]/[::]
2010/08/17 13:02:52.094| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2010/08/17 13:02:52.094| WARNING: because of this '::/0' is ignored to
keep splay tree searching predictable
2010/08/17 13:02:52.094| WARNING: You should probably remove '::/0'
from the ACL named 'all'
2010/08/17 13:02:52.095| Processing: 'http_access allow localhost'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'localhost'
2010/08/17 13:02:52.095| ACL::FindByName 'localhost'
2010/08/17 13:02:52.095| Processing: 'http_access allow red_local'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'red_local'
2010/08/17 13:02:52.095| ACL::FindByName 'red_local'
2010/08/17 13:02:52.095| Processing: 'acl SSL_ports port 443'
2010/08/17 13:02:52.095| ACL::Prototype::Registered: invoked for type port
2010/08/17 13:02:52.095| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.095| ACL::FindByName 'SSL_ports'
2010/08/17 13:02:52.095| ACL::FindByName found no match
2010/08/17 13:02:52.095| aclParseAclLine: Creating ACL 'SSL_ports'
2010/08/17 13:02:52.095| ACL::Prototype::Factory: cloning an object
for type 'port'
2010/08/17 13:02:52.095| Processing: 'acl SSL_ports port 7779'
2010/08/17 13:02:52.095| ACL::Prototype::Registered: invoked for type port
2010/08/17 13:02:52.095| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.095| ACL::FindByName 'SSL_ports'
2010/08/17 13:02:52.095| aclParseAclLine: Appending to 'SSL_ports'
2010/08/17 13:02:52.095| Processing: 'acl Safe_ports port 8080'
2010/08/17 13:02:52.095| ACL::Prototype::Registered: invoked for type port
2010/08/17 13:02:52.095| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.095| ACL::FindByName 'Safe_ports'
2010/08/17 13:02:52.095| ACL::FindByName found no match
2010/08/17 13:02:52.095| aclParseAclLine: Creating ACL 'Safe_ports'
2010/08/17 13:02:52.095| ACL::Prototype::Factory: cloning an object
for type 'port'
2010/08/17 13:02:52.095| Processing: 'acl Safe_ports port 80'
2010/08/17 13:02:52.095| ACL::Prototype::Registered: invoked for type port
2010/08/17 13:02:52.095| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.095| ACL::FindByName 'Safe_ports'
2010/08/17 13:02:52.095| aclParseAclLine: Appending to 'Safe_ports'
2010/08/17 13:02:52.095| Processing: 'acl Safe_ports port 7779'
2010/08/17 13:02:52.095| ACL::Prototype::Registered: invoked for type port
2010/08/17 13:02:52.095| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.095| ACL::FindByName 'Safe_ports'
2010/08/17 13:02:52.095| aclParseAclLine: Appending to 'Safe_ports'
2010/08/17 13:02:52.095| Processing: 'acl CONNECT method CONNECT'
2010/08/17 13:02:52.095| ACL::Prototype::Registered: invoked for type method
2010/08/17 13:02:52.095| ACL::Prototype::Registered:    yes
2010/08/17 13:02:52.095| ACL::FindByName 'CONNECT'
2010/08/17 13:02:52.095| ACL::FindByName found no match
2010/08/17 13:02:52.095| aclParseAclLine: Creating ACL 'CONNECT'
2010/08/17 13:02:52.095| ACL::Prototype::Factory: cloning an object
for type 'method'
2010/08/17 13:02:52.095| Processing: 'http_access deny !Safe_ports'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'Safe_ports'
2010/08/17 13:02:52.095| ACL::FindByName 'Safe_ports'
2010/08/17 13:02:52.095| Processing: 'http_access deny CONNECT !SSL_ports'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'CONNECT'
2010/08/17 13:02:52.095| ACL::FindByName 'CONNECT'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'SSL_ports'
2010/08/17 13:02:52.095| ACL::FindByName 'SSL_ports'
2010/08/17 13:02:52.095| Processing: 'visible_hostname Squid'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'all'
2010/08/17 13:02:52.095| ACL::FindByName 'all'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'all'
2010/08/17 13:02:52.095| ACL::FindByName 'all'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'all'
2010/08/17 13:02:52.095| ACL::FindByName 'all'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'all'
2010/08/17 13:02:52.095| ACL::FindByName 'all'
2010/08/17 13:02:52.095| aclParseAclList: looking for ACL name 'all'
2010/08/17 13:02:52.095| ACL::FindByName 'all'
2010/08/17 13:02:52.095| Log definition name 'squid' file
'/var/log/squid/access.log'
2010/08/17 13:02:52.096| wccp2_add_service_list: added service id 0
2010/08/17 13:02:52.096| aclParseAclList: looking for ACL name 'all'
2010/08/17 13:02:52.096| ACL::FindByName 'all'
2010/08/17 13:02:52.096| aclParseAclList: looking for ACL name 'all'
2010/08/17 13:02:52.096| ACL::FindByName 'all'
2010/08/17 13:02:52.096| tools.cc(672) uniqueHostname:  Config: '
2010/08/17 13:02:52.096| tools.cc(672) uniqueHostname:  Config: '
2010/08/17 13:02:52.096| Initializing https proxy context
2010/08/17 13:02:52.097| Using SSLv2/SSLv3.
2010/08/17 13:02:52.098| Setting RSA key generation callback.
2010/08/17 13:02:52.098| Setting certificate verification callback.
2010/08/17 13:02:52.098| Setting CA certificate locations.
2010/08/17 13:02:52.111| leave_suid: PID 10119 called
2010/08/17 13:02:52.111| leave_suid: PID 10119 giving up root, becoming 'squid'
2010/08/17 13:02:52.111| command-line -X overrides: ALL,1

I cant'  connect to that web page, I get:

----
We found the following error when trying to retrieve the URL:
http://ww4.essalud.gob.pe:7779/acredita/

Ww4.essalud.gob.pe connection failed.

The system returned: (13) Permission denied
----

Please help me, thanks in advance.

--
Pedro