Re: [squid-users] can not connect squid from remote machine

tcpdump on squid server get follow:
janwen_at_ubuntu:/usr/local/squid$ sudo tcpdump -i any 'port 3128'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes

and then telnet from client,squid server output follow:it seems that the
request connect to squid server,but client shows Connection timed out.
and i use my google chrome to connect the squid server,it's not work.

10:05:46.555224 IP xxx .57922 > ubuntu.San.3128: Flags [S], seq
2416550145, win 14600, options [mss 1460,sackOK,TS val 422202410 ecr
0,nop,wscale 7], length 0
10:05:46.555271 IP ubuntu.San.3128 > 222.73.112.140.57922: Flags [S.],
seq 1908335791, ack 2416550146, win 14480, options [mss 1460,sackOK,TS
val 3545032717 ecr 422202410,nop,wscale 8], length 0
On 2013-12-1 17:48, Pavel Kazlenka wrote:
> On 12/01/2013 12:41 PM, janwen wrote:
>> thanks,i telnet ssh port is ok:telent ip 22
>> and how can i ping squid proxy port 3142?
>>
> If telnet to ssh port is ok, than ip connection is fine and we get
> back to theory of firewall. If you need proof that there is some
> firewall between your client and squid server, just start tcpdump on
> squid proxy (e.g. # tcpdump -i any 'port 3128'). Then try telnet from
> client again. You will not see anything in capture on server.
>
>
>> On 2013-12-1 17:37, Pavel Kazlenka wrote:
>>> On 12/01/2013 12:32 PM, janwen wrote:
>>>> thanks for your reply:
>>>> all your suggest,i tried before i send the email for help.
>>>> netstat -tulpn | grep ':3128'
>>>> (No info could be read for "-p": geteuid()=1000 but you should be
>>>> root.)
>>>> tcp6 0 0 :::3128
>>>>
>>>> telnet localhost 3128
>>>> Trying 127.0.0.1...
>>>> Connected to ubuntu.San.
>>>> Escape character is '^]'.
>>>>
>>>> so squid start ok.no firewall settings.
>>>>
>>>>
>>>
>>> Then you have no ip connect between client and squid server. Check
>>> using ping.
>>>
>>> P.S. Please, don't CC me, use 'reply to list' action (if available
>>> in your client).
>>>
>>>>
>>>> On 2013-12-1 17:29, Pavel Kazlenka wrote:
>>>>> TCP (telnet) timeout means that you have networking issue.
>>>>> Check firewalls, routing as well as if squid is started and is
>>>>> listening on port (#netstat -ntpl on squid node).
>>>>>
>>>>> On 12/01/2013 12:24 PM, janwen wrote:
>>>>>> just try to use squid,i try to setup squid 2 days.
>>>>>> i use squidclient http://www.googe.com get response on local
>>>>>> machine,
>>>>>> but when i try to connect to from remote ip(any ip is allowed for
>>>>>> test),
>>>>>> i use:
>>>>>> telnet ip 3128 just get timeout exception.
>>>>>>
>>>>>> my squid.conf as follow:
>>>>>> #
>>>>>> # Recommended minimum configuration:
>>>>>> #
>>>>>> #user
>>>>>> cache_effective_user squid
>>>>>> cache_effective_group squid
>>>>>>
>>>>>> visible_hostname beerdark.com
>>>>>> # Example rule allowing access from your local networks.
>>>>>> # Adapt to list your (internal) IP networks from where browsing
>>>>>> # should be allowed
>>>>>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>>>>>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>>>>>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>>>>>> acl localnet src fc00::/7 # RFC 4193 local private network range
>>>>>> acl localnet src fe80::/10 # RFC 4291 link-local (directly
>>>>>> plugged) machines
>>>>>> #acl all src 0.0.0.0/0.0.0.0
>>>>>> acl SSL_ports port 443
>>>>>> acl Safe_ports port 80 # http
>>>>>> acl Safe_ports port 21 # ftp
>>>>>> acl Safe_ports port 443 # https
>>>>>> acl Safe_ports port 70 # gopher
>>>>>> acl Safe_ports port 210 # wais
>>>>>> acl Safe_ports port 1025-65535 # unregistered ports
>>>>>> acl Safe_ports port 280 # http-mgmt
>>>>>> acl Safe_ports port 488 # gss-http
>>>>>> acl Safe_ports port 591 # filemaker
>>>>>> acl Safe_ports port 777 # multiling http
>>>>>> acl CONNECT method CONNECT
>>>>>> acl testip src 222.73.112.140
>>>>>>
>>>>>> http_access allow all
>>>>>> http_access allow testip
>>>>>> #
>>>>>> # Recommended minimum Access Permission configuration:
>>>>>> #
>>>>>> # Deny requests to certain unsafe ports
>>>>>> http_access deny !Safe_ports
>>>>>>
>>>>>> # Deny CONNECT to other than secure SSL ports
>>>>>> http_access deny CONNECT !SSL_ports
>>>>>>
>>>>>> # Only allow cachemgr access from localhost
>>>>>> http_access allow localhost manager
>>>>>> http_access deny manager
>>>>>>
>>>>>> # We strongly recommend the following be uncommented to protect
>>>>>> innocent
>>>>>> # web applications running on the proxy server who think the only
>>>>>> # one who can access services on "localhost" is a local user
>>>>>> #http_access deny to_localhost
>>>>>>
>>>>>> #
>>>>>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>>>>> #
>>>>>>
>>>>>> # Example rule allowing access from your local networks.
>>>>>> # Adapt localnet in the ACL section to list your (internal) IP
>>>>>> networks
>>>>>> # from where browsing should be allowed
>>>>>> http_access allow localnet
>>>>>> http_access allow localhost
>>>>>> http_access allow testip
>>>>>> # And finally deny all other access to this proxy
>>>>>> #http_access allow all
>>>>>> http_access deny all
>>>>>> # Squid normally listens to port 3128
>>>>>> http_port 3128
>>>>>>
>>>>>> # Uncomment and adjust the following to add a disk cache directory.
>>>>>> #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
>>>>>>
>>>>>> # Leave coredumps in the first cache dir
>>>>>> coredump_dir /usr/local/squid/var/cache/squid
>>>>>>
>>>>>> #
>>>>>> # Add any of your own refresh_pattern entries above these.
>>>>>> #
>>>>>> refresh_pattern ^ftp: 1440 20% 10080
>>>>>> refresh_pattern ^gopher: 1440 0% 1440
>>>>>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>>>>>> refresh_pattern . 0 20% 4320
>>>>>>
>>>>>
>>>>
>>>
>>
>

-- 
推荐使用最好的ssh翻墙服务:http://126.am/qNyHs4
使用方法:http://126.am/E71qo3