RE: [squid-users] Firewall problems

From: De Leeuw Guy <G.De_Leeuw@dont-contact.us>
Date: Thu, 22 Aug 2002 12:28:44 +0200

With netstat -a : I see the that squid handle correctly the client request
        WorldGate.eurofer.be:3128 pcGDL.eurofer.be:xxx ESTABLISHED
but squid does'nt return the page requested.
        gwWorld:32774 xx.xx.xx.xx:8080 SYN_SENT

the squid access.log file give the message :
        TCP_MISS/504 1026 GET http:.... - NONE/- -

The squid cache.log file content the message :
        TCP connection to proxy.skynet.be/8080 failed

If I remove this line :
 iptables -t nat -A PREROUTING -i eth0 -p tcp -dport http -j
REDIRECT --to-port 3128
all work

Guy

> -----Original Message-----
> From: Jan Humme [mailto:jan.humme@xs4all.nl]
> Sent: Wednesday, August 21, 2002 5:15 PM
> To: De Leeuw Guy; squid-users@squid-cache.org
> Subject: Re: [squid-users] Firewall problems
>
>
> On Wednesday 21 August 2002 16:20, De Leeuw Guy wrote:
> > Hello all,
> >
> > I have a firewall configuration problem :
> > Before June if have a internet provider that give me an
> range adress like
> > 195.0.50.X,
> > from start of july I change my provider that give me only
> one IP adress.
> > I change my firewall configuration ( Linux + iptables).
> > But now squid doesn't work. Can you help me ?
>
> "Squid doesn't work"?
>
> Maybe you can be just a bit more specific, and tell us about
> the things that
> DO and the things that DON'T work?
>
> > Firewall :
> > internet -------eth1 eth0---- Private network
> >
> > eth0 : hostname WorldGate.eurofer.be IP 192.168.3.190
> > eth1 : hostname gwWorld.eurofer.be IP 10.10.10.2
> > Public IP 194.78.206.16
> >
> > iptables :
> > ==========
> > iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j SNAT --to-source
> > 194.78.206.16
> > iptables -t nat -A PREROUTING -i eth0 -p tcp -dport http -j
> > REDIRECT --to-port 3128
>
> Did you "echo 1 >/proc/sys/net/ipv4/ip_forward" to enable the router?
>
> Use "cat /proc/sys/net/ipv4/ip_forward" to check.
>
> >
> > squid :
> > =======
> > cache-peer proxy.skynet.be parent 8080 3130 no-query
> > visible-host-name WorldGate.eurofer.be
> >
> > What is missing ?
> >
> > Thank in advance
> > Guy
>
> JH.
Received on Thu Aug 22 2002 - 04:29:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:48 MST