Re: [squid-users] Connection Refused in a Very Basic Set Up -- Now What? from Muthukumar on 2004-06-08 (squid-users)

From: Muthukumar <kmuthu_gct@dont-contact.us>
Date: Wed, 9 Jun 2004 10:24:49 +0530

> acl our_networks src 192.168.0.0/24
> http_access allow our_networks
>
> # And finally deny all other access to this proxy
> http_access deny all
>

You are setting an acl for allowing 192.16.*.* machines only to access the internet.

> I set the http_port to 8080

Squid is running on 8080 port. What is the Squid running machine's ip-address.?

> and then configured
> firefox as follows:
>
> HTTP Proxy : 127.0.0.1 Port: 8080
> SSL Proxy : 127.0.0.1 Port :8080
>
> and there is no proxy for localhost, 127.0.0.1

It will not work. What the client tries to do means,it tries to connect the localhost not to the squid running machines local host!
So change the exact ip-address in the browser setting. It will work now!

> Squid is running fine. When I try to open a web page,
> I now get a
> message that says "The connection was refused when
> attempting to
> contact the proxy server you have configured. Please
> check your proxy
> settings and try again."
>

Because of the incorrect proxy server ip-address setting.
Are you trying to invoke the squid in proxy or trans. proxy. If you are trying in trans. proxy, there is no need to set the browser
settings and all.
If you are running the squid on the gateway to the 192.16.*.* machines ,trans proxy is simple and effective.

> I am also running a firewall script as follows, could
> this be part of
> the problem?
>

Did you enable the httpd_accel_* options.
Check this document.,
http://squid.visolve.com/squid/trans_caching.htm
more to know about transparent proxy.

> #!/bin/bash
> #
> # Basic script to keep the nasties out of slack-lap
> # First we make the default policy to drop everything
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> # Allow established connections and programs that use
> loopback
> iptables -A INPUT -m state --state ESTABLISHED,RELATED
> -j ACCEPT
> iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo
> -j ACCEPT
> # Lets allow ssh to connect
> iptables -A INPUT -p tcp --dport 22 -i ppp0 -j ACCEPT
> #end scr

There is a PREROUTING with REDIRECT method needed to redirect all http requests to squid.
And POSTROUTING with MASQUERADE method is useful for ftp,... connections to Internet.

Regards,
Muthukumar.

---
===============  It is a "Virus Free Mail" ===============
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004

Received on Tue Jun 08 2004 - 22:56:10 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT