[squid-users] Transparent proxy testing from the proxy server from Leah Kubik on 2007-05-01 (squid-users)

From: Leah Kubik <leah@dont-contact.us>
Date: Tue, 1 May 2007 21:45:34 -0400

Hi,

I'm trying to set up squid as a transparent proxy on a Centos 4.x system.
Unfortunately, this means the system is stuck with the default system RPM's
(Version 2.5.STABLE6) (unless someone is making an RPM for CentOS for 4.6,
but I could not find one.)

When I configure the server to redirect it's own requests to the squid proxy
in the firewall (to test as I don't have access to the lan clients beind it)
I get failed ACL:

1178066297.760 0 127.0.0.1 TCP_DENIED/403 1339 GET http://google.com/ -
NONE/- text/html
1178066297.761 3 127.0.0.1 TCP_MISS/403 1378 GET http://google.com/ -
DIRECT/64.233.167.99 text/html

I am wondering if anyone might have an example configuration from a CentOS 4.x
system for a transparent squid proxy that works that I could try, or if
anyone would be willing to take a look at my configuration and suggest what
might be wrong.

The configuration I am using is:

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl lan src 64.233.167.99 192.168.1.0/24
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid

Thanks for any help,
Leah

-- 
Leah Kubik : d416-585-9971x692 : d416-703-5977 : m416-559-6511
Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada
MSN: leah@frauerpower.com | AIM: frauerpower | Yahoo: h3inous
F9B6 FEFE 080B 8299 D7EA  1270 005C EC73 47C9 B7A6

Received on Tue May 01 2007 - 19:40:27 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT