RE: [squid-users] secure web sites wont show on my clients

> -----Original Message-----
> From: rance@frontiernet.net [mailto:rance@frontiernet.net]
> Sent: Saturday, October 29, 2005 4:35 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] secure web sites wont show on my clients
>
>
> I have a brand new Gentoo Linux install set up with the following:
>
> Arno's Firewall 1.8.4d is firewalling my internet connection and
> forwarding all outgoing port 80 traffic through a transparent proxy
> setup.
>

Is it preventing clients from accessing the outside world on port 443?

> dnsmasq is both my dns server and dhcp server (both of these
> work no problem.
>
> I've installed dansguardian with the default config file (for now)
>
> Ive install squid 2.5 stable11 with an alered
> /etc/squid/squid.conf file.
>
> My sequence is internal internet request -> dansguardian -> squid ->
> out to internet
>
> I just couldnt follow all the comments in such a large config
> file so I
> copied the sample one that comes with squid to squid.conf.sample
>
> and started over with a blank squid.conf file
>
> here it is:
>
>
> http_port 127.0.0.1:3128
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
>
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1
> follow_x_forwarded_for allow localhost
> acl_uses_indirect_client on
> delay_pool_uses_indirect_client on
> log_uses_indirect_client on
>
>
> acl homenet src 192.168.0.0/24
>
> http_access allow localhost
> http_access allow homenet
> http_access deny all
>
> Ok:
>
> this setup seems to work for regular port 80 traffic ok

So Squid is working fine...

>
> (please note, Im going for an unfiltered setup for now, I
> want to make
> sure everything that needs to work does, BEFORE the access
> rules start
> changing stuff, I want to know for sure that my problem was
> in my last
> rule change, not a setup issue
>
> My problem with this setup is web sites that require you to log in.
>
> EG www.hotmail.com
>
> dont work for the log in part.
>
> there are no error messages, just timeouts on the connection and
> windows shows the DNS error page.

It's likely not a squid problem. You can't intercept SSL traffic (and it doesn't look like you are trying), so you have to let it go direct, (and obviously let the responses back in). Check your firewall rules.

>
> What am I missing? Is it safe_ports? (I read about those in
> my master
> copy of the .conf.default file)
>
> I want to make sure that squid allows all of my normal
> traffic before I
> start restricting any.
>
> Could someone please tell me what I've missed here, Thanks
>
> Rance
>
>

Chris
Received on Mon Oct 31 2005 - 12:51:09 MST