Hi
I got it half working My chat is working I can search google, but I cant browse websites ,acl mynet src 116.72.152.37 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow mynet
http_access allow localhost
http_access allow all
http_port 3129
http_port 3128 intercept
cache_dir ufs /usr/local/cache 10000 16 256
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200
refresh_pattern . 0 20% 4320
root@squid:/home/squid# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 77928 packets, 4272K bytes)
pkts bytes target prot opt in out source destination
290 17312 DNAT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.0.200:3128
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain INPUT (policy ACCEPT 75943 packets, 4074K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
847 56477 MASQUERADE all -- * eth0 192.168.0.0/24 0.0.0.0/0
On Thu, Jun 4, 2015 at 12:13 PM, Reet Vyas <reet.vyas28@xxxxxxxxx> wrote:
Hi,I changed the iptables still no luck :( but I am using squid 3.3 only can I didn't understand why you have configured 3129 ,3130 and 3128 port?On Wed, Jun 3, 2015 at 1:04 PM, Klavs Klavsen <kl@xxxxxxx> wrote:Your client needs to use your squid server as default gateway.
And then you need the iptables rules I wrote about to direct traffic into squid for certain ports.
Reet Vyas wrote on 06/03/2015 08:50 AM:
Hi
Thanks for reply. As of now we don't have router I have directly
connected my machine to internet and other to LAN and I have configured
client machine ubuntu to test squid which is in switch where other users
are connected using gateway of router 192.168.0.1.
I read your valuable suggestions, but I still confused with IPtables and
squid 3.3 setting ,transparent and intercept options .
root@squid:/home/squid# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 <http://127.0.0.1/8> scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:1e:67:cf:59:74 brd ff:ff:ff:ff:ff:ff
inet 116.72.*.*/22 brd 116.72.155.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::21e:67ff:fecf:5974/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:1e:67:cf:59:75 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.200/24 <http://192.168.0.200/24> brd 192.168.0.255
scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::21e:67ff:fecf:5975/64 scope link
valid_lft forever preferred_lft forever
root@squid:/home/squid# ip -4 route show
default via 116.72.152.1 dev eth0
116.72.152.0/22 <http://116.72.152.0/22> dev eth0 proto kernel scope
link src 116.72.152.37
192.168.0.0/24 <http://192.168.0.0/24> dev eth1 proto kernel scope
link src 192.168.0.200
To use transparent/intercept what I have to set in my config file
http_port 3128 intercept or transparent
and Iptables rules , I have tried this rules
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect
But not working
Can you please tell me the firewall rules and let me know why my
firewall rules are not working.
On Tue, Jun 2, 2015 at 8:14 PM, Klavs Klavsen <kl@xxxxxxx
<mailto:kl@xxxxxxx>> wrote:
Amos Jeffries wrote on 06/02/2015 04:34 PM:
On 3/06/2015 1:20 a.m., Klavs Klavsen wrote:
I have this in my squid server for it to work:
The key words there are ... *in my Squid server*
indeed :)
NOTE to Klavs:
loading the "multiport" kernel module seems overkill for a
single-port
match.
it's puppets firewall module.. haven't had enough time to fix that
module :)
FYI: DONT_VERIFY_PEER, "always_direct allow all", and
"slproxy_cert_error allow all" have not been good ideas since 3.2.
dont-verify actually inhibits the Mimic functions which give
server-first bumping most of its usefulness.
Thank you for those tips.
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx <mailto:kl@xxxxxxx> -
http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
