Re: [squid-users] Connecting MS Explorer to squid problem

From: Tek Bahadur Limbu <teklimbu@dont-contact.us>
Date: Wed, 18 Jul 2007 22:56:49 +0545

Mohan Jayaweera wrote:
> Greetings to everybody!
> I am a newbie
>
> my squid in H/W firewall is with following setting (SeLinux disabled)
> ==================================================
>
> DSL /gateway (192.168.1.1)
> |
> |
> |
> v
> squid's eth0 192.168.1.10/255.255.255.0 gateway 192.168.1.1 (DNS1,2 set)
> | (squid serves the localhost well)
> |
> |
> v
> eth1 192.168.1.11/255.255.255.0 (no gateway-this is for internal network)
> |
> |
> |
> v
> Internal network
> (I can not connect windows IE with these settings >> IP
> 192.168.1.8/255.255.255.0 /Gateway 192.168.1.11 , DNS 192.168.1.11,
> proxy setting 192.168.1.11/3128 from the internal network
>
> *my squid.conf is below, it consist with default settings and some
> other settings from vatious source I tried.
> *squid serves the localhost m/c well but not the other clients like MS IE
> --------------------------------------------
> http_port 3128
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> access_log /var/log/squid/access.log squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> # ACCESS CONTROLS
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> acl our_networks src 192.168.1.0/24 192.168.2.0/24
> http_access allow our_networks
> http_access allow localhost
> http_access deny all
> debug_options ALL, 1 33, 2 28, 9
> acl allow_ip src 192.168.1.0/24
> acl host1 src 192.168.1.8
> http_access allow host1
> http_access allow allow_ip
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> visible_hostname none
> coredump_dir /var/spool/squid
>
> Please help me to solve this problem
> Thanks in advance

Hi Mohan,

As Hendrik suggested, you can change your internal network from
192.168.1.0/24 to 192.168.2.0/24.

Then, you can change the permissions for your relevant files and
directories.
Here, I am just guessing your squid locations.

Try the following:

root@localhost# chown -R nobody:nobody /etc/squid
root@localhost# chown -R nobody:nobody /var/cache
root@localhost# chown -R nobody:nobody /var/spool/squid

You can use the following simple squid.conf :

############ Start of squid.conf ###############

cache_effective_user nobody
cache_effective_group nobody

http_port 3128

cache_dir ufs /var/cache 1024 16 256

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none

emulate_httpd_log on

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

# ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0
acl our_networks src 192.168.1.0/24 192.168.2.0/24

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow our_networks
http_access allow localhost
http_access deny all

http_reply_access allow all
icp_access allow all
visible_hostname none
coredump_dir /var/spool/squid

############# End of squid.conf ###############

Than try using your squid proxy server from your new 192.168.2.0/24
network. It should work!

Thanking you...

>
> Mohan
>
>
>

-- 
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
Received on Wed Jul 18 2007 - 11:12:28 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT