RE: [squid-users] Quick quide?, authentication not working (here is the config files)

From: Chris Robertson <crobertson@dont-contact.us>
Date: Wed, 25 May 2005 13:21:22 -0800

> -----Original Message-----
> From: LeRoy Grubbs [mailto:lhgrubbs@earthlink.net]
> Sent: Wednesday, May 25, 2005 9:56 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Quick quide?, authentication not working (here is
> the config files)
>
>
>
> This is on a SLES 9.0 Mini ITX box with SuSEfirewall2, OpenS/wan, DHCP,
DNS. I need
> to get a proxy working with the firewall to redirect the user to login.
I've read
> the SUSE Linux guide, followed the instructions, forced authentication,
now I can't
> get through.
>
> The Firewall worked before turning on Squid.... Is there any known issues?
I'll
> put the config files at
>
> http://www.advbuscomputing.com/squid_conf.html
>
> Thanks in advance for the help.
>
> LeRoy

From the linked documentation I find...

> Followed instructions in the manual "25.3.6. Configuring a Transparent
Proxy"

and

> FW_REDIRECT="10.10.0.0/16,0/0,tcp,80,3128

Firstly: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.16

Intercepting (a.k.a. transparent) proxy + authentication = not working
internet

Second:
> May 26 13:51:34 UIWMO SuSEfirewall2: Firewall rules successfully set in
QUICKMODE for
> device(s) "eth-id-00:40:63:d9:83:7b" plus masquerading
>((EDITED COMMENT) Shouldn't this be the Lan (eth0) instead of the WAN
(eth1)

Reread the documentation about FW_QUICKMODE in SuSEfirewall2. This may be
preventing rules set on the internal interface from being applied (including
the port 80->3128 redirect). I don't know for sure, but I don't see any
related rules in the SuSEfirewall2 status output.

Try setting a browser to explicitly use the proxy, and see if it works. If
not, solve that problem first. Then try to set up interception. But always
keep in mind, interception is unpopular with the devs for a reason (or
three).

Chris
Received on Wed May 25 2005 - 15:21:35 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT