Search squid archive

Re: squid transparent proxy + parent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 28/05/11 04:16, Phillip Evans wrote:

You just said this was for "for external users.". Did you mean internal/LAN
users? The requirements and limits are very different.


My apologies, these are internal lan users but external to the
organisations users i.e. visitors.

We want to allow them to just plug in their machines without
configuring anything to access the internet


Also, it is unsafe to set the flags on port 3128. There are at least two
popular softwares around which scan port 80 and 3128 for transparent proxies
to abuse. Pick a random port for Squid and consider it a secret for use only
between squid and iptables. The main 3128 can stay open for management or
normal proxy traffic if you like.



  http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
OR
  http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect


Thanks. I'll change the proxy port once we've got it working.

I tried both of the solutions in your links but neither worked.


There is something strange happening on your network.
One of those two configs are how thousands of other networks around the world do it and have done for most of the decade. 



Some more info: We have access to a normal broadband line (but can
only use this for testing) so in the mean time i hooked up the squid
box to this and the client could access the internet fine. I could see
the requests in the squid access.log so I guess the port redirection
and transparency must have been working.

But when I put it back on our network and add the parent cache again
it stops working (but still works if the client puts the squid proxy
details in)
K. "something strange" is the bit between the wire plugged into Squid box and the client PC. 



Just found out the external proxy is websense if that helps?


As I understand the situation you have now:
 * tested the link to the parent successfully.
 * tested the NAT interception on the Squid box
 * verified that client to port 3128 on the squid box is fine.
* verified that client to random web IP port 80 does not get to the Squid box.
Its pretty clear you have some device between Squid and the client which is guarding port 80. Or failing to route global port 80 traffic to the Squid box. 

What is the network topology from the client all the way to Squid?

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.7 and 3.1.12.1
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux