Spam detection software, running on the system "master.squid-cache.org",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: From what I know, localnet resumes to 10.x.x.x 172.16.x.x
and 192.168.x.x RFC net ranges. You might try creating a new ACL and allow
it. acl mynet src 66.159.32.0/24 http_access allow mynet and check your browser,
you should point it to port 3128 and not 3129, which is set to iptables intercept
mode only. [...]
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL
was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[187.113.211.85 listed in list.dnswl.org]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[187.113.211.85 listed in bb.barracudacentral.org]
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[187.113.211.85 listed in zen.spamhaus.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: cronomagic.com]
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
--- Begin Message ---
- Subject: Re: squid-3.4.8 intercept
- From: Cassiano Martin <cassiano@xxxxxxxxxxxxx>
- Date: Tue, 18 Nov 2014 16:35:38 -0200
- In-reply-to: <546B8FA1.6050200@cronomagic.com>
>From what I know, localnet resumes to 10.x.x.x 172.16.x.x and
192.168.x.x RFC net ranges. You might try creating a new ACL and allow
it.
acl mynet src 66.159.32.0/24
http_access allow mynet
and check your browser, you should point it to port 3128 and not 3129,
which is set to iptables intercept mode only.
2014-11-18 16:27 GMT-02:00 Frank <frank@xxxxxxxxxxxxxx>:
> Hi,
>
> Thank you for answering me.
>
> Yup I tried that too. You can see there is a # in front of it and the allow
> all is above it.
> I tried both allow all and allow my network (# removed) 66.159.32.0/24.
>
> acl localnet src 66.159.32.0/24
>
>
> But i would figure that
>
> acl localnet src all
>
> Should allow everything??
>
>
> On 14-11-18 01:14 PM, Cassiano Martin wrote:
>
> Thats because you have not set your local network to squid. You have
> to allow your network range 66.159.32.0/24
>
> 2014-11-18 15:59 GMT-02:00 Frank <frank@xxxxxxxxxxxxxx>:
>
> Hi,
>
> Since upgrading from 3.1.22 to 3.4.8 I have been unable to get the
> transparent mode
> to accept my IP. I am seeing permission denied in the transaction when I do
> a packet dump.
> I have read the documentation making changes for 3.4.8.
> I even allowed everything and no go.
>
> I also compiled squid and here is my configure script:
>
> ./configure \
> --prefix=/usr/share/squid-3.4.8 \
> --libdir=/usr/lib${LIBDIRSUFFIX} \
> --sysconfdir=/etc/squid \
> --localstatedir=/var/log/squid \
> --datadir=/usr/share/squid-3.4.8 \
> --with-pidfile=/var/run/squid/squid.pid \
> --mandir=/usr/man \
> --with-logdir=/var/log/squid \
> --enable-snmp \
> --enable-ipf-transparent \
> --enable-ipfw-transparent
> # --enable-auth="basic" \
> # --enable-basic-auth-helpers="NCSA" \
> # --enable-linux-netfilter \
> # --enable-async-io \
> # --disable-strict-error-checking
>
> My machine the browser is on:
>
> 66.159.32.31
>
> The machine that is running squid:
>
> 66.159.47.22
>
> Here is my squid.conf
>
> ===================================================================================
>
> #
> # Recommended minimum configuration:
> #
>
> cache_effective_user squid
> cache_effective_group squid
>
> # Example rule allowing access from your local networks.
> # Adapt to list your (internal) IP networks from where browsing
> # should be allowed
> acl localnet src all # RFC1918 possible internal network
> #acl localnet src 66.159.32.0/24 # RFC1918 possible internal network
> #acl localnet src 108.161.167.0/24 # RFC1918 possible internal network
> #acl localnet src 66.159.47.0/24 # RFC1918 possible internal network
> #acl localnet src 127.0.0.0/24 # RFC1918 possible internal network
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> ########http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
> ###########http_access deny CONNECT !SSL_ports
>
> # Only allow cachemgr access from localhost
> ###############http_access allow localhost manager
>
> ###############http_access deny manager
>
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> ############http_access deny to_localhost
>
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
>
> http_access allow localnet
> http_access allow localhost
>
> # And finally deny all other access to this proxy
> #http_access deny all
> http_access allow all
>
> # Squid normally listens to port 3128
> http_port 3128
> http_port 3129 intercept
>
> always_direct allow all
>
> # Uncomment and adjust the following to add a disk cache directory.
> cache_dir ufs /usr/share/squid/cache 100 32 512
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/log/squid/cache/squid
>
> #
> # Add any of your own refresh_pattern entries above these.
> #
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> ==================================================================================
>
> And I have configured my browser to use HTTP Proxy 66.159.47.22 Port 3129
>
> I also setup iptables on my machine as follows and that didn't work either.
> Same permission
> denied.
>
>
> /sbin/iptables -t nat -A OUTPUT -p tcp -s 66.159.32.31 --dport 80 -j DNAT
> --to 66.159.47.22:3129
>
> Let me know if further info is needed. Any help would be greatly
> appreciated.
>
> --
> Regards,
> Frank Torontour
> Network Administrator
> frank@xxxxxxxxxxxxxx
> 514-341-1579 EXT-214
> 1-800-427-6012 Ext-214
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> --
> Regards,
> Frank Torontour
> Network Administrator
> frank@xxxxxxxxxxxxxx
> 514-341-1579 EXT-214
> 1-800-427-6012 Ext-214
--- End Message ---
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users