Re: [squid-users] External Access to Proxy for School

Mr Wells wrote:
> Hi All,
> I'm unable to access a proxy server ("proxyEXT"). Can anyone please spot what I'm doing wrong?
>
> Note: ISP will only allow 1 connection from us to its service. (unless we pay for second account!) ;-)
>
> overview:
> I have a Squid box ("proxy") serving the whole school. Upstream proxy with main filtering is provided by ISP. Running faultlessly for many years despite 3 hardware upragades & versions of squid. THANK YOU SQUID!
> This box feeds two others. "proxyINT" & "proxyEXT".
> proxyINT provides controlled internet access to boarding pupils, but seperate from main school system via wireless & CAT5.
> proxyEXT it to provide access for remote parts of the school via ADSL.
> Each remote house will have it's own proxy providing individual pupil access control via wireless & CAT5, with proxyEXT as it's upstream parent.
>
> clouds:
> public x.x.x.97 255.255.255.240 (range from .96 to .111 ?)
> private main 10.x.x.x 255.0.0.0
> private boarding 192.168.1.x 255.255.255.0
>
> connection:
> ISP ->ADSL -> CISCO router (x.x.x.97)
>
> router has 3 Boxes connected to it's Cat5 ports
> x.x.x.98 Mail server (internal address 10.1.1.5)
> x.x.x.100 proxy (internal address 10.1.1.6)
> x.x.x.103 proxyEXT (internal address 10.1.1.61)
>
> 10.1.1.x is reserved from DHCP for server addresses.
>
> for info:
> proxyINT (working fine) has an external address 10.1.1.60, internal address 192.168.1.1
>
> Tests:
> A) set a PC to x.x.x.104 using X-cable connect directly to proxyEXT external NIC - configure Firefox to x.x.x.103:3128 - Works
> B) from home - ping x.x.x.103 - Works
> C) from home - VNC into proxyEXT - Works
> D) tracert to x.x.x.103 - Works 17 hops
> E) from home - configure web browser to x.x.x.103:3128 - not working
>
>
> Test E) above. In Firefox I get a general error telling me the server took too long to respond. IE gives the DNS error page.
>
> These errors in E)above can be reproduced by configuring the web browser to a non-existent proxy. e.g. x.x.x.104:3128

step 1) is port 3128 open on the router? ie telnet x.x.x.103 3128

step 2) is the router actually forwarding traffic from that port to
proxtEXT? wireshark/tcpdump will show this.

step 3) is squid proxy listening on pubic-facing IP (10.1.1.61) or
wildcard IP (0.0.0.0) at that port? netstat -antp

>
> History:
> Previously was unable to get test B, C of D to work either. Our ISP decided that the router (ISP maintained) may be at fault and have sent a replacement part.
>
> Kind regards
> Adrian

Amos

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.