On Tue, 23 Aug 2011 13:49:19 -0600, knapper wrote:
Trying to find some help on an issue with configuring squid.
I need some expert help, no flames, and no telling me I
should run this under linux (I
don't have the time to climb the learning curve, and besides
Net Nanny doesn't run under
linux as I understand it)
All you need for Squid is a properly Server capable OS. Windows comes
in various versions tuned for End-Users which lack critical system
features and this reflects on the available Squid features a LOT.
Very little exists that I can find, on configuring squid as
dual homed under XP.
Because there seem to be very few Windows users of Squid, the Squid
configuration is designed to be portable, and nobody has bothered
repeating the documentation just to insert the word Windows everywhere.
FWIW; nothing you talk about below has anything to do with being
dual-homed (connected to _three_ networks, two being Internet links).
What you are describing is a perfectly normal router setup with Squid on
the router, which happens to run Windows XP.
XP PRO with 2 nics. I need to set squid up to serve as a
proxy server on one nic, and the other nic is the network
interface.
Nic A:
192.168.0.195 is the Dell server box and it points to 0.1
for the internet gateway.
I can browse the internet just fine without squid.
Nic B is 192.168.9.195 is the second nic in the Dell box,
and this is hooked to a WAP for the laptops in the small
school.
(not sure where to point it's gateway, but I don't think
pointing it to 0.195 is going
to work).
I want to configure squid to listen on the 9.x network, and
http_port 192.168.9.195:3128
relay, and cache the traffic out the 0.x network. This way
acl localnet src 192.168.0.0/24
http_access allow localnet
the students will be protected. XP is a must in this case,
Ah students. That scenario is one I'm quite familiar with.
When working with squid in school situations you will usually need to
set it up as a captive portal proxy to prevent a lot of trivial
bypassing. Look into blocking port 80 and other aliases of it getting to
the Internet. Adding WPAD protocol to the network and a PAC file doing
auto-configuration of browsers to use the proxy.
The squid langpack bundles ship customizable error pages ERR_AGENT_*
that can be displayed in a captive-portal setup to instruct the users to
configure their browser properly for portals.
At which point you don't need NetNany for HTTP. Squid provides a full
array of URL and request controls. It passes traffic to other software
(via HTTP or in 3.1+ via ICAP/eCAP) for the complex jobs of handling
page content filtering.
NP: NetNanny is not one of those other software AFAIK.
because I will be needing to run net nanny on the "server".
Due to this?
"Net Nanny’s Bypass Blocker not only filters the content of all web
proxy sites (http and https), but also aggressively blocks proxy tools
that have been installed on your computer. Net Nanny is the first, and
only Internet filter to currently offer this extra level of safety."
... makes you wonder why the others don't, huh? Proxies are one of the
oldest technologies on the Internet.
I've tried to configure squid to work, but the service fails
to start. It just hangs. I got past a bunch of format
errors in the .config file, but need help with the
configuration, and getting this to work.
Run 'squid -k parse' to validate the squid.conf content before
starting.
I'm not at the office, so don't have access to the config
files, but nothing shows up in the log file. The service
just hangs with "starting" and never goes to started state.
I'm sure it is a configuration file issue.
Config file issues are usually complete abort. Check cache.log output
for the error messages. (I'm not sure where that goes on Windows).
Amos
