Re: [squid-users] non-transparent squid and port 8080 traffic from Chris Robertson on 2009-12-10 (squid-users)

From: Chris Robertson <crobertson_at_gci.net>
Date: Thu, 10 Dec 2009 12:28:50 -0900

Asim Ahmed @ Folio3 wrote:
> hi all,
>
> I am using squid 3.0Stable20-1 along with Shorewall 4.4.4-1 on a RHEL5
> box. I had a few problems running squid in transparent mode so now I
> am running it in non-transparent mode.

Please use the term "interception" instead of "transparent".

> Every thing like browsing / IM tools working fine. A major problem
> that I am facing is that quite a few users in my staff uses TFS (Team
> Foundation Server - A code repository running on port 8080) remotely.
> After installing squid they are hving great difficulty connecting to
> that server. I am REDIRECTING port 80 traffic from shorewall to squid
> on the same box.

Which indicates you are still INTERCEPTING traffic.

> I tried same approach and REDIRECTED port 8080 traffic to squid as
> well and made an ACL in squid.conf to allow that particular traffic to
> that particular server address over port 8080.

Why wouldn't it be allowed? Port 8080 is included in "Safe_ports".
Assuming you are allowing access to your cache based on source IP, you
shouldn't need a special rule allowing traffic to a particular server's
port 8080.

> When I see squid access log, traffic shows up there but with HTTP 401
> code that means not-authorized request. On TFS screen users also get
> "you are not authorized to connect to this server" error. This does
> not make any sense because without squid they jsut connect in first
> attempt.

Please share your squid.conf (minus comments and blank lines).
Otherwise have a look at
http://wiki.squid-cache.org/SquidFaq/SquidAcl#I_set_up_my_access_controls.2C_but_they_don.27t_work.21__why.3F

>
> Even I tried adding a rule in shorewall to process 8080 traffic before
> I redirect traffic to squid, but that makes things unreliable in the
> sense that some times it work, and at times it does not!
> Can any one help suggesting any measures to get over with this?
>
> Is this squid's normal behaviour to stop shorewall from normal working
> when installed?

No.

> Does squid takes over control of system ports in use by shorewall?

Only if you configure it to.

Chris
Received on Thu Dec 10 2009 - 21:28:58 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 11 2009 - 12:00:02 MST