Search squid archive

Re: fedora12_tproxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 30/06/2013 7:54 a.m., z fazli wrote:
my squid version is 3.3.2 and made a mistake when discribed

about this part

"localhost.localdomain" is in no way a unique name for your proxy.

what is the problem? how can I solve it ? I followed steps from squid
site and can not understand what is going wrong . can you help more?

When you type "hostname" on the command line of that server what shows up?
It should be a unique name for your server. In Linux it is configured in /etc/hostname, if you use a GUI to configure it may be somewhere else. That name needs to be registered in DNS and pointing at the machines IP address(es), the IPs in turn need to be pointing at that hostname. Squid will check these records when starting.

You can avoid the DNS setup by using visible_hostname directive in squid.conf. But note that on any Internet connected machine there are a lot of software which may require the hostname to be setup in order to work correctly.


If the forwarding loop errors remain after you have made your squid hostname unique you will need to double-check: 1) how you are testing it... you MUST test it by being a client which is intercpeted. Send your requests to port 80, *do not* send requests directly to the Squid listening port. 2) the packet routing and TPROXY rules .... ensure that only traffic *from* the clients or *from* the Internet is being intercepted. Packets leaving Squid in either direction MUST NOT be intercepted back into your Squid.

Amos

On 6/28/13, Amos Jeffries wrote:
On 29/06/2013 3:36 a.m., z fazli wrote:
hi

I have fedora 12 that upgraded it's kernel to 2.6.37 , and iptables
1.4.19 , i installed squid 3.2.2 in tproxy mod on it use steps from
this link

http://wiki.squid-cache.org/Features/Tproxy4#Feature:_TPROXY_version_4.1.2B-_Support

everything seems ok but when I run squid and insert url in browser get
this message


ERROR
The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL:
http://google.com/

Access Denied.

Access control configuration prevents your request from being allowed
at this time. Please contact your service provider if you feel this is
incorrect.

Your cache administrator is webmaster.

Generated Tue, 25 Jun 2013 12:34:53 GMT by localhost.localdomain
(squid/3.3.2)
You say you installed 3.2.2 but some Squid-3.3.2 is responding to you.
Are you sure this is a message from your Squid?

and in terminal this message :

2013/06/26 14:55:35| WARNING: Forwarding loop detected for:
POST
/safebrowsing/downloads?client=navclient-auto-ffox&appver=3.5.4&pver=2.2&wrkey=AKEgNivruGNaM449DFDdRiYv81wyGtp5gMSMU4fMMS_g2YKGXmFhYZxbsymSyj14q22Xr7_cCx0nRwFKaCNyKKvMEev0WhcpRg==
HTTP/1.1
Host: safebrowsing.clients.google.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4)
Gecko/20091027 Fedora/3.5.4-1.fc12 Firefox/3.5.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Content-Length: 110
Content-Type: text/plain
Cookie:
PREF=ID=1b085458083db40f:U=8d54b4985abb086f:FF=0:TM=1371881983:LM=1371882262:S=gjQlM4Sqrueu3KHq;
NID=67=YXYmGeg68fPjuU2-QOne46eStjqotGcE0AZTiWmbRXT2klqJYDLayVduleh1HnEFN-CyfZSTsgJABBKwm3dAP3Cvxi8_yZRnIE5zQSYScyHMc03Tz-37Mu8vur3WU4yH
Via: 1.1 localhost.localdomain (squid/3.3.2)
X-Forwarded-For: 10.1.110.83
Cache-Control: max-age=0
Connection: keep-alive
<snip>
also this in my squid access log

1372164328.471 0 10.1.110.83 TCP_MISS/403 4642 POST
http://safebrowsing.clients.google.com/safebrowsing/downloads? -
HIER_NONE/- text/html
1372164328.471 3 10.1.110.83 TCP_MISS/403 4725 POST
http://safebrowsing.clients.google.com/safebrowsing/downloads? -
HIER_DIRECT/10.1.110.83 text/html
<snip>
what is the problem?
The DNS records for "safebrowsing.clients.google.com" (aka DIRECT) tell
Squid that safebrowsing.clients.google.com is located at 10.1.110.83 ...

... take a guess.

Secondly. The whole purpose of having a hostname assigned to each
machine is to allow automated systems like forwarding loop detection to
determine the difference between any two hosts on the *entire* Internet.
Combining the host name with the site domain name produces a FQDN which
is unique. "localhost.localdomain" is in no way a unique name for your
proxy.

Amos






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux