[squid-users] Re: cannot browse website

sorry this is the msg :
========
ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://riset.gpi-g.com/

The following error was encountered:

    * Connection to 202.169.51.119 Failed

The system returned:

    (111) Connection refused

The remote host or network may be down. Please try the request again.

Your cache administrator is mirza.k_at_gpi-g.com.
======

On Fri, Sep 26, 2008 at 10:28 AM, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░
<mirza.k_at_gmail.com> wrote:
> from http://amyhost.com/data/1.jpg
> and ...
> #logformat squid %>a [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
> http_port 2210 transparent
> icp_port 3130
> snmp_port 3401
> cache_mgr admin
> emulate_httpd_log off
> #cache_peer ip.sumber.squid parent 3128 3130 proxy-only
> #cache_peer ip.yang.numpang sibling 3128 3130 proxy-only
> #cache_peer 192.168.1.253 sibling 2210 3130 proxy-only
> #cache_peer it.gpi-g.com parent 2210 0 no-query default
> #cache_peer 202.169.51.119 parent 2210 0 no-query no-digest
> no-netdb-exchange default
> #cache_peer 125.160.0.0/255.255.0.0 sibling 2210 3130 proxy-only
> #cache_peer 202.182.0.0/255.255.0.0 sibling 2210 3130 proxy-only
> #cache_peer 203.128.72.226/255.255.255.255 sibling 2210 3130 proxy-only
> cache_replacement_policy heap LFUDA
> maximum_object_size_in_memory 50 KB
> maximum_object_size 50 MB
> #minimum_object_size 1 KB
>
> dead_peer_timeout 10 seconds
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> visible_hostname gpi-g.com
> cache_mem 5 MB
> memory_pools off
> log_icp_queries on
> buffered_logs on
> quick_abort_min 0 KB
> quick_abort_max 0 KB
> quick_abort_pct 95
>
> #never_direct allow all
>
> cache_swap_low 70%
> cache_swap_high 90%
> #cache_dir aufs /var/spool/squid 40000 16 256
> cache_dir aufs /var/spool/squid 4000 16 256
> cache_dir aufs /var/spool/squid1 4000 16 256
> cache_dir aufs /var/spool/squid2 4000 16 256
> cache_dir aufs /var/spool/squid3 4000 16 256
>
> #cache_dir diskd /var/spool/squid 4800 8 64 max-size=-1 Q1=64 Q2=72
>
> cache_access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> pid_filename /var/run/squid.pid
>
> forwarded_for on
>
> half_closed_clients off
> cache_effective_user proxy
> cache_effective_group proxy
> cache_mgr mirza.k_at_gpi-g.com
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> acl website dstdomain "/etc/website"
> acl domain dstdomain .gpi-g.com
> acl gator dstdomain .gator.com
> acl gohip dstdomain .gohip.com
> acl kazaa dstdomain .kazaa.com
> acl real dstdomain .real.com
> acl pornsite url_regex 220.73.222.254
> acl LAN src 192.168.222.0/255.255.255.0
> acl LAN3 src 192.168.0.0/255.255.0.0
> acl LAN2 src 172.16.0.0/255.255.0.0
> acl NOC src 125.160.0.0/255.255.0.0
> #acl GPI src 202.169.51.0/255.255.255.0
> acl snmpcommunity snmp_community nama_snmpcommunity
> acl all src 0.0.0.0/0.0.0.0
> #acl IIX dst_as 7597
> #always_direct allow IIX
> acl manager proto cache_object
> acl localhost src 127.0.0.1
> acl SSL_ports port 443 563
> acl Safe_ports port 21 80 81 53 143 2443 443 563 70 210 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
>
> #acl INSIDE dstdomain .it.gpi-g.com
> #always_direct allow INSIDE
> #never_direct allow all
>
> #acl INSIDE_IP dst 172.16.0.2
> #always_direct allow INSIDE_IP
> #never_direct allow all
>
> #header_access User-Agent deny all
> #header_replace User-Agent Mozilla/5.0 (X11; U; Linux 2.6.8 DEC Alpha)
> #follow_x_forwarded_for allow localhost
> #log_uses_indirect_client on
> #acl_uses_indirect_client on
> #delay_pool_uses_indirect_client on
> acl acceleratedHost dst 202.169.51.0/255.255.255.0
> acl acceleratedPort port 2210
> #httpd_accel_single_host off
>
> http_access allow manager localhost LAN LAN3
> http_access deny !Safe_ports
> http_access deny pornsite
> http_access deny CONNECT !SSL_ports
> snmp_access allow snmpcommunity
>
> http_access deny website
> http_access deny gator
> http_access deny gohip
> http_access deny real
> http_access deny kazaa
> http_access allow domain
>
>
> http_access allow LAN
> http_access allow LAN3
> http_access allow LAN2
> http_access allow NOC
> #http_access allow GPI
> http_access allow localhost
> http_access allow acceleratedHost
> http_access deny all
> snmp_access deny all
>
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> cachemgr_passwd nasigoreng manager
> negative_ttl 1 minutes
>
> ####
> #acl local-host src 192.168.222.2
> #acl my_other_proxy src 192.168.222.2
> #follow_x_forwarded_for allow local-host
> #follow_x_forwarded_for allow my_other_proxy
> #acl_uses_indirect_client on
> #delay_pool_uses_indirect_client on
> #log_uses_indirect_client on
>
>
> ===
> with rc.local :
> echo "1" > /proc/sys/net/ipv4/ip_forward
> /etc/init.d/networking restart
> #-----------------------------------------------------
> # eth0 = WAN1 = 202.169.51.119
> # eth1 = DMZ = 192.168.222.1 ( Konek ke MAILSERVER & WEBSERVER -
> sementara simulai hanya mailserver )
> # eth2 = LAN = 192.168.222.2 ( Konek ke PROXY SERVER - sementara di
> simulai PROXY SERVER = CLIENT )
> #------------------------------------------------------
>
> # Tukang sapu
> /sbin/iptables --flush
> /sbin/iptables --table nat --flush
> /sbin/iptables --delete-chain
> /sbin/iptables --table nat --delete-chain
> /sbin/iptables -F -t nat
>
> # masqurade
> /sbin/iptables --table nat --append POSTROUTING --out-interface eth0
> -j MASQUERADE
> /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT
>
> # Jembatan gantung DMZ <=> LAN
> iptables -A FORWARD -i eth2 -o eth1 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -i eth1 -o eth2 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
>
> # Jembatan gantung DMZ <=> Mail Server & Webserver
> iptables -A FORWARD -i eth1 -o eth0 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -i eth0 -o eth1 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
> # Jembatan gantung WAN1 <=> LAN
> iptables -A FORWARD -i eth2 -o eth0 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -i eth0 -o eth2 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
> ## Forward port 25 ke mail server
> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d
> 202.169.51.119 --dport 25 -j DNAT --to-destination 172.16.0.2
>
> ## Forward port 80 ke mail server
> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d
> 202.169.51.119 --dport 80 -j DNAT --to-destination 172.16.0.2
>
> ## Forward port 80 ke HRD
> #iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.169.51.120
> --dport 80 -j DNAT --to-destination 172.16.0.4
>
>
>
> #### TEST
> iptables -t nat -A PREROUTING -i eth0 -d 202.169.51.119 -j DNAT
> --to-destination 172.16.0.2
> #iptables -t nat -A PREROUTING -i eth0 -d 202.169.51.120 -j DNAT
> --to-destination 172.16.0.4
> ########
>
>
> ## Forward port 110 ke mail server
> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d
> 202.169.51.119 --dport 110 -j DNAT --to-destination 172.16.0.2
>
> ## Forward port 2810 ke mail server
> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d
> 202.169.51.119 --dport 2810 -j DNAT --to-destination 172.16.0.2
> #### SEMENTARA #iptables -t nat -A PREROUTING -p tcp -i eth0 -d
> 202.169.51.119 --dport 4810 -j DNAT --to-destination 172.16.0.3
>
>
> ## REDIRECT
> # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 8080
>
> #transparant proxy - WARNING INI SEMENTARA - LIHAT eth2
> /sbin/iptables -t nat -A PREROUTING -i eth2 -p tcp -s
> 192.168.222.0/255.255.255.0 --dport 80 -j DNAT --to 192.168.222.2:2210
> =======================================
>
> problem :
> i cant browse domain that hosted at webserver ( 172.16.0.3 - at the
> picture that is wrong ip - the correct one is 172.16.0.3 )
>
> how to solved this
>
> access denied
>
> --
> -=-=-=-=
>

-- 
-=-=-=-=