LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-23-2004, 02:00 PM   #1
hindenbergbaby
Member
 
Registered: Sep 2003
Location: Boston
Distribution: Gentoo, Slack, SuSE, Ubuntu... Flavor of the week
Posts: 134

Rep: Reputation: 15
Proxy won't let me connect, iptables, squid and dansguardian


Hi all,

I am configuring a transparent proxy using IPTables, squid, and dansguardian on a K12LTSP server (based on Fedora Core 1). I had everything working great, then I changed some filter configuration files and I get the message that my proxy server will not allow me to access the internet, please check proxy settings.

Here is what I've got in squid.conf:

cache_effective_user squid
cache_effective_group squid

http_port 127.0.0.1:3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

# Usage: port

snip snip

iptables# Generated by iptables-save v1.2.9 on Fri Jul 23 14:56:17 2004
*nat
:PREROUTING ACCEPT [239:41567]
:POSTROUTING ACCEPT [13:780]
:OUTPUT ACCEPT [218:13122]
-A POSTROUTING -o eth1 -j MASQUERADE
-A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
COMMIT
# Completed on Fri Jul 23 14:56:17 2004
# Generated by iptables-save v1.2.9 on Fri Jul 23 14:56:17 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2817:1072481]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Jul 23 14:56:17 2004


here's dansguardian with some snipperos
Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip =

# the port that DansGuardian listens to
# It needs to be greater than 1024
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1

# the port DansGuardian connects to proxy on
proxyport = 3128

# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
#
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'

daemonuser = 'squid'
daemongroup = 'squid'

# Content filtering files location
bannedphraselist = '/etc/dansguardian/bannedphraselist'
exceptionphraselist = '/etc/dansguardian/exceptionphraselist'
weightedphraselist = '/etc/dansguardian/weightedphraselist'
bannedsitelist = '/etc/dansguardian/bannedsitelist'
exceptionsitelist = '/etc/dansguardian/exceptionsitelist'
exceptionurllist = '/etc/dansguardian/exceptionurllist'
bannedurllist = '/etc/dansguardian/bannedurllist'
bannedregexpurllist = '/etc/dansguardian/bannedregexpurllist'
bannedextensionlist = '/etc/dansguardian/bannedextensionlist'
bannedmimetypelist = '/etc/dansguardian/bannedmimetypelist'
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
picsfile = '/etc/dansguardian/pics'
contentregexplist = '/etc/dansguardian/contentregexplist'


Anyone see anything seriously amiss? I am using the IP address of eth1 as the proxy, but I've also tried the loopback address and gotten the same message. DIsabling iptables, squid and Dansguardian won't work, but connecting directly to the internet will...

Any ideas (go easy, I'm a newb)

take care
 
Old 07-23-2004, 02:45 PM   #2
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to 127.0.0.1:3128
 
Old 07-26-2004, 04:51 PM   #3
hindenbergbaby
Member
 
Registered: Sep 2003
Location: Boston
Distribution: Gentoo, Slack, SuSE, Ubuntu... Flavor of the week
Posts: 134

Original Poster
Rep: Reputation: 15
Gave that a try, to no avail.

Here's the exact error message: The connection was refused when trying to contact the proxy server you have configured. Please check your proxy settings and try again.

All the rest remains the same.
 
Old 07-26-2004, 06:24 PM   #4
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
simply because port is open only for loopback ip.
i though u r using it in transperant mode.

change the first line to

http_port 3128
 
Old 12-02-2009, 03:45 AM   #5
huangyong
LQ Newbie
 
Registered: Nov 2009
Posts: 2

Rep: Reputation: 0
I also face the same problem i solve it now

I have checked through squid.conf through for a long time,and i failed.
then i reboot the proxy server. and the squid reboot.
I try squidclient -p 80 mgr:info
shell echo client: ERROR: Cannot connect to localhost:80: Connection refused

and then i tried squidclient -p 80 -h [my sever's ip]mgr:info
and a lot of information was printed.

maybe this will be help for you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Through A Squid Proxy, NO CONNECT. EECore Linux - Networking 2 08-14-2008 10:41 AM
Need help to connect a squid proxy to connect to another squid proxy server bellerophon Linux - Newbie 1 02-07-2006 06:52 AM
Proxy Server - Squid, Samba, Dansguardian RedCamel Linux - Security 0 03-14-2005 02:16 AM
iptables, DansGuardian, and Squid. cth3 Linux - Networking 1 02-10-2005 09:04 AM
how to disconnect a client connect by proxy squid? echox Linux - Software 0 04-06-2003 08:35 PM


All times are GMT -5. The time now is 11:45 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration