[squid-users] (111) from â–‘â–’â–“ É¹ÉzÇupÉÉ¥Êž ÉzÉ¹Ä±É¯ â–“â–’â

From: â–‘â–’â–“ É¹ÉzÇupÉÉ¥Êž ÉzÉ¹Ä±É¯ â–“â–’â–‘ <mirza.k_at_gmail.com>
Date: Fri, 22 Aug 2008 10:07:53 +0700

hello
i have problem
please see h++p://amyhost[dot]com/data/1.jpg

and this is my squid conf...
---------start-----------
#logformat squid %>a [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
http_port 2210 transparent
icp_port 3130
snmp_port 3401
cache_mgr admin
emulate_httpd_log off
#cache_peer ip.sumber.squid parent 3128 3130 proxy-only
#cache_peer ip.yang.numpang sibling 3128 3130 proxy-only
#cache_peer 192.168.1.253 sibling 2210 3130 proxy-only
#cache_peer it.gpi-g.com parent 2210 0 no-query default
#cache_peer 202.169.51.119 parent 2210 0 no-query no-digest
no-netdb-exchange default

cache_replacement_policy heap LFUDA
maximum_object_size_in_memory 50 KB
maximum_object_size 50 MB
#minimum_object_size 1 KB

dead_peer_timeout 10 seconds
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
visible_hostname gpi-g.com
cache_mem 5 MB
memory_pools off
log_icp_queries on
buffered_logs on
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95

#never_direct allow all

cache_swap_low 70%
cache_swap_high 90%

#cache_dir aufs /var/spool/squid 40000 16 256
cache_dir aufs /var/spool/squid 4000 16 256
cache_dir aufs /var/spool/squid1 4000 16 256
cache_dir aufs /var/spool/squid2 4000 16 256
cache_dir aufs /var/spool/squid3 4000 16 256

#cache_dir diskd /var/spool/squid 4800 8 64 max-size=-1 Q1=64 Q2=72
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid

forwarded_for on

half_closed_clients off
cache_effective_user proxy
cache_effective_group proxy
cache_mgr mirza.k_at_gpi-g.com

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl website dstdomain "/etc/website"
acl gator dstdomain .gator.com
acl gohip dstdomain .gohip.com
acl kazaa dstdomain .kazaa.com
acl real dstdomain .real.com
acl pornsite url_regex 220.73.222.254
acl LAN src 192.168.222.0/255.255.255.0
acl LAN2 src 172.16.0.0/255.255.0.0
#acl NOC src 192.168.1.0/255.255.255.0
acl snmpcommunity snmp_community nama_snmpcommunity
acl all src 0.0.0.0/0.0.0.0

#acl IIX dst_as 7597
#always_direct allow IIX
acl manager proto cache_object
acl localhost src 127.0.0.1
acl SSL_ports port 443 563
acl Safe_ports port 21 80 81 53 143 2443 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

#acl INSIDE_IP dst 172.16.0.2
#always_direct allow INSIDE_IP
#never_direct allow all

#header_access User-Agent deny all
#header_replace User-Agent Mozilla/5.0 (X11; U; Linux 2.6.8 DEC Alpha)

#follow_x_forwarded_for allow localhost
#log_uses_indirect_client on
#acl_uses_indirect_client on
#delay_pool_uses_indirect_client on
acl acceleratedHost dst 202.169.51.119/255.255.255.255
acl acceleratedPort port 2210
#httpd_accel_single_host off

http_access allow manager localhost LAN
http_access deny !Safe_ports
http_access deny pornsite
http_access deny CONNECT !SSL_ports
snmp_access allow snmpcommunity

http_access deny website
http_access deny gator
http_access deny gohip
http_access deny real
http_access deny kazaa

http_access allow LAN
http_access allow LAN2
#http_access allow NOC
http_access allow localhost
http_access allow acceleratedHost
http_access deny all
snmp_access deny all

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cachemgr_passwd nasigoreng manager
negative_ttl 1 minutes
-----------------
and this is my iptables rules

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

echo "1" > /proc/sys/net/ipv4/ip_forward
/etc/init.d/networking restart
#-----------------------------------------------------
# eth0 = WAN1 = 202.169.51.119
# eth1 = DMZ = 192.168.222.1 ( Konek ke MAILSERVER & WEBSERVER -
sementara simulai hanya mailserver )
# eth2 = LAN = 192.168.222.2 ( Konek ke PROXY SERVER - sementara di
simulai PROXY SERVER = CLIENT )
#------------------------------------------------------

# Tukang sapu
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain
/sbin/iptables -F -t nat

# Jembatan gantung DMZ <=> LAN
/sbin/iptables -A FORWARD -i eth2 -o eth1 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth2 -m state --state
ESTABLISHED,RELATED -j ACCEPT

# Jembatan gantung DMZ <=> Mail Server & Webserver
/sbin/iptables -A FORWARD -i eth1 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

# Jembatan gantung WAN1 <=> LAN
/sbin/iptables -A FORWARD -i eth2 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o eth2 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

## Forward port 25 ke mail server
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119
--dport 25 -j DNAT --to-destination 172.16.0.2

## Forward port 80 ke mail server
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119
--dport 80 -j DNAT --to-destination 172.16.0.2

## Forward port 110 ke mail server
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119
--dport 110 -j DNAT --to-destination 172.16.0.2

## Forward port 2810 ke mail server
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119
--dport 2810 -j DNAT --to-destination 172.16.0.2
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.119
--dport 3810 -j DNAT --to-destination 172.16.0.3
# masqurade
/sbin/iptables --table nat --append POSTROUTING --out-interface eth0
-j MASQUERADE
/sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT

## REDIRECT
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 8080

#transparant proxy - WARNING INI SEMENTARA - LIHAT eth2 -- pake
dansguard port 2211
/sbin/iptables -t nat -A PREROUTING -i eth2 -p tcp -s
192.168.222.0/255.255.255.0 --dport 80 -j DNAT --to 192.168.222.2:2211

exit 0
=============

problem :
i cant browse to my-sub.domain.ext from network
but i can browse my-sub.domain.ext from external ( other place )

my squid = transparant

when i type http://my-sub.domain.ext
it say ( mozzila FF ) "Problem Loading page"

then i put squid / Proxy IP manually
192.168.222.2 and port 2210 at my mozzila FF
it say :
RROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://my-sub.domain.ext/

The following error was encountered:

* Connection to 202.169.51.119 Failed

The system returned:

(111) Connection refused

The remote host or network may be down. Please try the request again.

Your cache administrator is mirza.k_at_domain.ext.
Generated Fri, 22 Aug 2008 02:12:13 GMT by domain.ext (squid/2.6.STABLE18)

---
need help asap
--
-=-=-=-=
-- 
-=-=-=-=

Received on Fri Aug 22 2008 - 03:07:58 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 22 2008 - 12:00:03 MDT