On 12/01/2013 12:41 PM, janwen wrote:
> thanks,i telnet ssh port is ok:telent ip 22
> and how can i ping squid proxy port 3142?
>
If telnet to ssh port is ok, than ip connection is fine and we get back
to theory of firewall. If you need proof that there is some firewall
between your client and squid server, just start tcpdump on squid proxy
(e.g. # tcpdump -i any 'port 3128'). Then try telnet from client again.
You will not see anything in capture on server.
> On 2013-12-1 17:37, Pavel Kazlenka wrote:
>> On 12/01/2013 12:32 PM, janwen wrote:
>>> thanks for your reply:
>>> all your suggest,i tried before i send the email for help.
>>> netstat -tulpn | grep ':3128'
>>> (No info could be read for "-p": geteuid()=1000 but you should be
>>> root.)
>>> tcp6 0 0 :::3128
>>>
>>> telnet localhost 3128
>>> Trying 127.0.0.1...
>>> Connected to ubuntu.San.
>>> Escape character is '^]'.
>>>
>>> so squid start ok.no firewall settings.
>>>
>>>
>>
>> Then you have no ip connect between client and squid server. Check
>> using ping.
>>
>> P.S. Please, don't CC me, use 'reply to list' action (if available in
>> your client).
>>
>>>
>>> On 2013-12-1 17:29, Pavel Kazlenka wrote:
>>>> TCP (telnet) timeout means that you have networking issue.
>>>> Check firewalls, routing as well as if squid is started and is
>>>> listening on port (#netstat -ntpl on squid node).
>>>>
>>>> On 12/01/2013 12:24 PM, janwen wrote:
>>>>> just try to use squid,i try to setup squid 2 days.
>>>>> i use squidclient http://www.googe.com get response on local machine,
>>>>> but when i try to connect to from remote ip(any ip is allowed for
>>>>> test),
>>>>> i use:
>>>>> telnet ip 3128 just get timeout exception.
>>>>>
>>>>> my squid.conf as follow:
>>>>> #
>>>>> # Recommended minimum configuration:
>>>>> #
>>>>> #user
>>>>> cache_effective_user squid
>>>>> cache_effective_group squid
>>>>>
>>>>> visible_hostname beerdark.com
>>>>> # Example rule allowing access from your local networks.
>>>>> # Adapt to list your (internal) IP networks from where browsing
>>>>> # should be allowed
>>>>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>>>>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>>>>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>>>>> acl localnet src fc00::/7 # RFC 4193 local private network range
>>>>> acl localnet src fe80::/10 # RFC 4291 link-local (directly
>>>>> plugged) machines
>>>>> #acl all src 0.0.0.0/0.0.0.0
>>>>> acl SSL_ports port 443
>>>>> acl Safe_ports port 80 # http
>>>>> acl Safe_ports port 21 # ftp
>>>>> acl Safe_ports port 443 # https
>>>>> acl Safe_ports port 70 # gopher
>>>>> acl Safe_ports port 210 # wais
>>>>> acl Safe_ports port 1025-65535 # unregistered ports
>>>>> acl Safe_ports port 280 # http-mgmt
>>>>> acl Safe_ports port 488 # gss-http
>>>>> acl Safe_ports port 591 # filemaker
>>>>> acl Safe_ports port 777 # multiling http
>>>>> acl CONNECT method CONNECT
>>>>> acl testip src 222.73.112.140
>>>>>
>>>>> http_access allow all
>>>>> http_access allow testip
>>>>> #
>>>>> # Recommended minimum Access Permission configuration:
>>>>> #
>>>>> # Deny requests to certain unsafe ports
>>>>> http_access deny !Safe_ports
>>>>>
>>>>> # Deny CONNECT to other than secure SSL ports
>>>>> http_access deny CONNECT !SSL_ports
>>>>>
>>>>> # Only allow cachemgr access from localhost
>>>>> http_access allow localhost manager
>>>>> http_access deny manager
>>>>>
>>>>> # We strongly recommend the following be uncommented to protect
>>>>> innocent
>>>>> # web applications running on the proxy server who think the only
>>>>> # one who can access services on "localhost" is a local user
>>>>> #http_access deny to_localhost
>>>>>
>>>>> #
>>>>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>>>> #
>>>>>
>>>>> # Example rule allowing access from your local networks.
>>>>> # Adapt localnet in the ACL section to list your (internal) IP
>>>>> networks
>>>>> # from where browsing should be allowed
>>>>> http_access allow localnet
>>>>> http_access allow localhost
>>>>> http_access allow testip
>>>>> # And finally deny all other access to this proxy
>>>>> #http_access allow all
>>>>> http_access deny all
>>>>> # Squid normally listens to port 3128
>>>>> http_port 3128
>>>>>
>>>>> # Uncomment and adjust the following to add a disk cache directory.
>>>>> #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
>>>>>
>>>>> # Leave coredumps in the first cache dir
>>>>> coredump_dir /usr/local/squid/var/cache/squid
>>>>>
>>>>> #
>>>>> # Add any of your own refresh_pattern entries above these.
>>>>> #
>>>>> refresh_pattern ^ftp: 1440 20% 10080
>>>>> refresh_pattern ^gopher: 1440 0% 1440
>>>>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>>>>> refresh_pattern . 0 20% 4320
>>>>>
>>>>
>>>
>>
>
Received on Sun Dec 01 2013 - 09:48:59 MST
This archive was generated by hypermail 2.2.0 : Sun Dec 01 2013 - 12:00:03 MST