On Thursday 12 June 2014 at 14:59:24, Дмитрий Шиленко wrote:
> my network 192.168.0.0/24
I was looking for rather more detail than that :)
Let me guess - do I have the following correct?
You have a single network range 192.168.0.0/24.
All clients, plus the Squid proxy, are on that network.
The Squid proxy has two interfaces.
Its internal interface has address 192.168.0.97
It has an external interface connected to, and able to reach, the Internet.
There is no other router of firewall on your network.
The default gateway address for all the clients is 192.168.0.97
Tell us whether the above is correct or not.
> requests getting transparently sent to the proxy via rule in "ipnat" -> rdr
> bge0 0.0.0.0/0 port 80 -> 127.0.0.1 port 3129
> to switch in transparent mode i add "http_port 127.0.0.1:3129" string in
> squid.conf
Try using the address of the interface (which I believe to be 192.168.0.97)
instead of 127.0.0.1.
> Antony Stone писал 12.06.2014 15:52:
> > On Thursday 12 June 2014 at 14:43:33, Дмитрий Шиленко wrote:
> >> When I switch squid transparent proxy mode - it blocks access to all
> >> sites:
> >>
> >> "When you receive a URL http://putty.org/ following error occurred
> >> Access denied.
> >> Access control system does not allow to fulfill your request now.
> >> Contact your administrator.
> >> Your cache administrator: webmaster. "
> >>
> >> switch to normal mode - everything works fine.
> >
> > What's your networking setup? How are the requests getting transparently
> > sent
> > to the proxy?
> >
> > What are you doing to switch between normal and transparent mode:
> > - on the proxy server
> > - on any firewall / router
> > - on the client/s
> > - anywhere else
> >
> >> SQUID 3,3,11
> >> config here:
> >> acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
> >> #
> >> acl SSL_ports port 443
> >> acl Safe_ports port 80 # http
> >> acl Safe_ports port 21 # ftp
> >> acl Safe_ports port 443 # https
> >> acl Safe_ports port 70 # gopher
> >> acl Safe_ports port 210 # wais
> >> acl Safe_ports port 1025-65535 # unregistered ports
> >> acl Safe_ports port 280 # http-mgmt
> >> acl Safe_ports port 488 # gss-http
> >> acl Safe_ports port 591 # filemaker
> >> acl Safe_ports port 777 # multiling http
> >> acl CONNECT method CONNECT
> >>
> >> acl AdminsIP src "/usr/local/etc/squid/AccessLists/AdminsIP.txt"
> >> acl RestrictedDomains dstdomain
> >> "/usr/local/etc/squid/AccessLists/RestrictedDomains.txt"
> >> acl ad_group_rassh urlpath_regex -i
> >> "/usr/local/etc/squid/AccessLists/rasshirenie.txt"
> >>
> >> http_access allow localhost
> >> http_access deny !Safe_ports
> >> # Deny CONNECT to other than SSL ports
> >> http_access deny CONNECT !SSL_ports
> >>
> >> http_access allow localhost
> >> http_access allow AdminsIP
> >> http_access deny RestrictedDomains
> >> http_access deny ad_group_rassh
> >> http_access allow localnet
> >> http_access deny all
> >> icp_access allow localnet
> >> icp_access deny all
> >> htcp_access allow localnet
> >> htcp_access deny all
> >>
> >> http_port 192.168.0.97:3128
> >> http_port 127.0.0.1:3129 intercept
> >> cache deny all
> >> access_log /var/log/squid/access.log squid
> >>
> >> In access.log i fand "TCP_MISS"
> >
> > Regards,
> >
> >
> > Antony.
--
Douglas was one of those writers who honourably failed to get anywhere with
'weekending'. It put a premium on people who could write things that lasted
thirty seconds, and Douglas was incapable of writing a single sentence that
lasted less than thirty seconds.
- Geoffrey Perkins, about Douglas Adams
Please reply to the list;
please don't CC me.
Received on Thu Jun 12 2014 - 13:16:42 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 12 2014 - 12:00:05 MDT