you guessed it right)))))))
i try use 192.168.0.97 instead of 127.0.0.1 - the same problem: Access Denied
=(
Antony Stone писал 12.06.2014 16:16:
> On Thursday 12 June 2014 at 14:59:24, Дмитрий Шиленко wrote:
>
>> my network 192.168.0.0/24
>
> I was looking for rather more detail than that :)
>
> Let me guess - do I have the following correct?
>
> You have a single network range 192.168.0.0/24.
>
> All clients, plus the Squid proxy, are on that network.
>
> The Squid proxy has two interfaces.
>
> Its internal interface has address 192.168.0.97
>
> It has an external interface connected to, and able to reach, the Internet.
>
> There is no other router of firewall on your network.
>
> The default gateway address for all the clients is 192.168.0.97
>
> Tell us whether the above is correct or not.
>
>> requests getting transparently sent to the proxy via rule in "ipnat" -> rdr
>> bge0 0.0.0.0/0 port 80 -> 127.0.0.1 port 3129
>> to switch in transparent mode i add "http_port 127.0.0.1:3129" string in
>> squid.conf
>
> Try using the address of the interface (which I believe to be 192.168.0.97)
> instead of 127.0.0.1.
>
>> Antony Stone писал 12.06.2014 15:52:
>> > On Thursday 12 June 2014 at 14:43:33, Дмитрий Шиленко wrote:
>> >> When I switch squid transparent proxy mode - it blocks access to all
>> >> sites:
>> >>
>> >> "When you receive a URL http://putty.org/ following error occurred
>> >> Access denied.
>> >> Access control system does not allow to fulfill your request now.
>> >> Contact your administrator.
>> >> Your cache administrator: webmaster. "
>> >>
>> >> switch to normal mode - everything works fine.
>> >
>> > What's your networking setup? How are the requests getting transparently
>> > sent
>> > to the proxy?
>> >
>> > What are you doing to switch between normal and transparent mode:
>> > - on the proxy server
>> > - on any firewall / router
>> > - on the client/s
>> > - anywhere else
>> >
>> >> SQUID 3,3,11
>> >> config here:
>> >> acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
>> >> #
>> >> acl SSL_ports port 443
>> >> acl Safe_ports port 80 # http
>> >> acl Safe_ports port 21 # ftp
>> >> acl Safe_ports port 443 # https
>> >> acl Safe_ports port 70 # gopher
>> >> acl Safe_ports port 210 # wais
>> >> acl Safe_ports port 1025-65535 # unregistered ports
>> >> acl Safe_ports port 280 # http-mgmt
>> >> acl Safe_ports port 488 # gss-http
>> >> acl Safe_ports port 591 # filemaker
>> >> acl Safe_ports port 777 # multiling http
>> >> acl CONNECT method CONNECT
>> >>
>> >> acl AdminsIP src "/usr/local/etc/squid/AccessLists/AdminsIP.txt"
>> >> acl RestrictedDomains dstdomain
>> >> "/usr/local/etc/squid/AccessLists/RestrictedDomains.txt"
>> >> acl ad_group_rassh urlpath_regex -i
>> >> "/usr/local/etc/squid/AccessLists/rasshirenie.txt"
>> >>
>> >> http_access allow localhost
>> >> http_access deny !Safe_ports
>> >> # Deny CONNECT to other than SSL ports
>> >> http_access deny CONNECT !SSL_ports
>> >>
>> >> http_access allow localhost
>> >> http_access allow AdminsIP
>> >> http_access deny RestrictedDomains
>> >> http_access deny ad_group_rassh
>> >> http_access allow localnet
>> >> http_access deny all
>> >> icp_access allow localnet
>> >> icp_access deny all
>> >> htcp_access allow localnet
>> >> htcp_access deny all
>> >>
>> >> http_port 192.168.0.97:3128
>> >> http_port 127.0.0.1:3129 intercept
>> >> cache deny all
>> >> access_log /var/log/squid/access.log squid
>> >>
>> >> In access.log i fand "TCP_MISS"
>> >
>> > Regards,
>> >
>> >
>> > Antony.
-- С ув. Шиленко Дмитрий Системный инженер global-it.com.ua моб. (063)142-32-59 офис 221-55-72Received on Thu Jun 12 2014 - 13:56:42 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 12 2014 - 12:00:05 MDT