Problem with squid server installation
I have installed squid proxy server at server side so that all PCs connected to the server will access internet through it.I have made changes in squid.conf file also.I have added these two lines:-
acl localnet src 192.168.0.167 192.168.0.0-192.168.0.250/255.255.255.0
http_access allow localnet
But all the PCs connected to LAN are not able to connect to internet.I am using correct gateway IP at all PCs.
I have created a script as per instructions given on internet.That script is as following:-
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
Now when i am running this script at server side then all the PCs connected to LAN are able to access internet although squid service is stopped.But i only want all the PCs should access internet through SQUID so that i can track their record and manage them.What is the solution of my problem???What changes should i need to do.Is my problem related to firewall or iptables as i have no idea regarding them.Please solve my issue.
You're using an illegal ACL format... that's an IP range AND a subnet crammed into a single line. Is quid not complaining about this? Additionally you've not said what actually happens. What happens on the client?? what happens on the server?? "It don't work" is not a sufficient amount of information to provide.
Also looks like your iptables is completely backwards. Your "local" network is set as your external interface, so any masquerading will not work. None of that should matter in the slightest here though, just disable iptables for testing squid.
I have corrected my acl format and now there is no error in that.Second thing is that i have already told that the internet is working fine at client side when i am using the above mentioned script whether squid is on or off.I am not able to find out which client has accessed which websites and downloaded what things as access logs are not generating.I have no idea about iptables so how can i disable the iptables.
What are you actually trying to acheive? natting or proxying? It sounds a lot like you don't really understand what you're doing to any real extent. "The internet" told to you make that script?? care to expand on that?
|All times are GMT -5. The time now is 10:16 PM.|