Search squid archive

intercept vs. accel vhost allow-direct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm running a hotspot(CoovaChilli, Freeradius, etc.) server where
Squid-3.4.8(SSL enabled) for caching and logging. My machine is running on
Debian 8.1.1 with 2 NIC card. One for WAN and another for LAN to manage
hotspot AP(s).

ERROR
The requested URL could not be retrieved

Below configuration is throwing this above error page :
http_port 3128
http_port 3127 intercept

Instead, I have to use this :
http_port 3128 accel vhost allow-direct                                                                                                                                                                                                                   

Now it works! Squid is not throwing any error log for both cases. Why
INTERCEPT is not working?


I've attached my iptables rules below for a deeper look.

====================

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i eth1 -j DROP
-A INPUT -d 10.1.0.1/32 -i tun0 -p icmp -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 2812 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -d 10.1.0.1/32 -i tun0 -j DROP
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i tun0 ! -o eth0 -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
-A FORWARD -o tun0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -o eth1 -j DROP
-A FORWARD -i eth1 -j DROP

====================

Chain INPUT (policy ACCEPT 693 packets, 123K bytes)
 pkts bytes target     prot opt in     out     source              
destination
  652 80697 DROP       all  --  eth1   any     anywhere             anywhere
    2   702 ACCEPT     icmp --  tun0   any     anywhere             10.1.0.1
   95  6428 ACCEPT     udp  --  tun0   any     anywhere             10.1.0.1            
udp dpt:domain
    0     0 ACCEPT     udp  --  tun0   any     anywhere             10.1.0.1            
udp dpts:bootps:bootpc
    0     0 ACCEPT     udp  --  tun0   any     anywhere            
255.255.255.255      udp dpts:bootps:bootpc
  191 29716 ACCEPT     tcp  --  tun0   any     anywhere             10.1.0.1            
tcp dpt:3128
  200 22838 ACCEPT     tcp  --  tun0   any     anywhere             10.1.0.1            
tcp dpt:3990
    0     0 ACCEPT     tcp  --  tun0   any     anywhere             10.1.0.1            
tcp dpt:domain
    0     0 ACCEPT     tcp  --  tun0   any     anywhere             10.1.0.1            
tcp dpt:2812
    0     0 ACCEPT     tcp  --  tun0   any     anywhere             10.1.0.1            
tcp dpt:ssh
    0     0 ACCEPT     tcp  --  tun0   any     anywhere             10.1.0.1            
tcp dpt:https
  239 25386 ACCEPT     tcp  --  tun0   any     anywhere             10.1.0.1            
tcp dpt:http
    0     0 ACCEPT     tcp  --  tun0   any     anywhere             10.1.0.1            
tcp dpt:4990
    0     0 ACCEPT     tcp  --  tun0   any     anywhere             10.1.0.1            
tcp dpt:3990
    0     0 DROP       all  --  tun0   any     anywhere             10.1.0.1

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source              
destination
 1259  191K ACCEPT     all  --  tun0   eth0    anywhere             anywhere
    0     0 DROP       all  --  tun0   !eth0   anywhere             anywhere
  274 16408 TCPMSS     tcp  --  any    any     anywhere             anywhere            
tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
 1127 1186K ACCEPT     all  --  any    tun0    anywhere             anywhere
    0     0 ACCEPT     all  --  tun0   any     anywhere             anywhere
    0     0 DROP       all  --  any    eth1    anywhere             anywhere
 1503  228K DROP       all  --  eth1   any     anywhere             anywhere

Chain OUTPUT (policy ACCEPT 1192 packets, 490K bytes)
 pkts bytes target     prot opt in     out     source              
destination

====================



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux