Re: [squid-users] Dual homed squid under XP problems

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 24 Aug 2011 15:57:35 +1200

 On Tue, 23 Aug 2011 13:49:19 -0600, knapper wrote:
> Trying to find some help on an issue with configuring squid.
>
> I need some expert help, no flames, and no telling me I
> should run this under linux (I
> don't have the time to climb the learning curve, and besides
> Net Nanny doesn't run under
> linux as I understand it)

 All you need for Squid is a properly Server capable OS. Windows comes
 in various versions tuned for End-Users which lack critical system
 features and this reflects on the available Squid features a LOT.

>
> Very little exists that I can find, on configuring squid as
> dual homed under XP.

 Because there seem to be very few Windows users of Squid, the Squid
 configuration is designed to be portable, and nobody has bothered
 repeating the documentation just to insert the word Windows everywhere.

 FWIW; nothing you talk about below has anything to do with being
 dual-homed (connected to _three_ networks, two being Internet links).
 What you are describing is a perfectly normal router setup with Squid on
 the router, which happens to run Windows XP.

> XP PRO with 2 nics. I need to set squid up to serve as a
> proxy server on one nic, and the other nic is the network
> interface.
> Nic A:
> 192.168.0.195 is the Dell server box and it points to 0.1
> for the internet gateway.
> I can browse the internet just fine without squid.
> Nic B is 192.168.9.195 is the second nic in the Dell box,
> and this is hooked to a WAP for the laptops in the small
> school.
> (not sure where to point it's gateway, but I don't think
> pointing it to 0.195 is going
> to work).
>
> I want to configure squid to listen on the 9.x network, and

   http_port 192.168.9.195:3128

> relay, and cache the traffic out the 0.x network. This way

  acl localnet src 192.168.0.0/24
  http_access allow localnet

> the students will be protected. XP is a must in this case,

 Ah students. That scenario is one I'm quite familiar with.

 When working with squid in school situations you will usually need to
 set it up as a captive portal proxy to prevent a lot of trivial
 bypassing. Look into blocking port 80 and other aliases of it getting to
 the Internet. Adding WPAD protocol to the network and a PAC file doing
 auto-configuration of browsers to use the proxy.
  The squid langpack bundles ship customizable error pages ERR_AGENT_*
 that can be displayed in a captive-portal setup to instruct the users to
 configure their browser properly for portals.

 At which point you don't need NetNany for HTTP. Squid provides a full
 array of URL and request controls. It passes traffic to other software
 (via HTTP or in 3.1+ via ICAP/eCAP) for the complex jobs of handling
 page content filtering.
  NP: NetNanny is not one of those other software AFAIK.

> because I will be needing to run net nanny on the "server".

 Due to this?

 "Net Nanny‚Äôs Bypass Blocker not only filters the content of all web
 proxy sites (http and https), but also aggressively blocks proxy tools
 that have been installed on your computer. Net Nanny is the first, and
 only Internet filter to currently offer this extra level of safety."

 ... makes you wonder why the others don't, huh? Proxies are one of the
 oldest technologies on the Internet.

> I've tried to configure squid to work, but the service fails
> to start. It just hangs. I got past a bunch of format
> errors in the .config file, but need help with the
> configuration, and getting this to work.

 Run 'squid -k parse' to validate the squid.conf content before
 starting.

>
> I'm not at the office, so don't have access to the config
> files, but nothing shows up in the log file. The service
> just hangs with "starting" and never goes to started state.
>
> I'm sure it is a configuration file issue.

 Config file issues are usually complete abort. Check cache.log output
 for the error messages. (I'm not sure where that goes on Windows).

 Amos
Received on Wed Aug 24 2011 - 03:57:51 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 24 2011 - 12:00:10 MDT