Proxy won't let me connect, iptables, squid and dansguardian
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Gentoo, Slack, SuSE, Ubuntu... Flavor of the week
Posts: 134
Rep:
Proxy won't let me connect, iptables, squid and dansguardian
Hi all,
I am configuring a transparent proxy using IPTables, squid, and dansguardian on a K12LTSP server (based on Fedora Core 1). I had everything working great, then I changed some filter configuration files and I get the message that my proxy server will not allow me to access the internet, please check proxy settings.
http_port 127.0.0.1:3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# Usage: port
snip snip
iptables# Generated by iptables-save v1.2.9 on Fri Jul 23 14:56:17 2004
*nat
:PREROUTING ACCEPT [239:41567]
:POSTROUTING ACCEPT [13:780]
:OUTPUT ACCEPT [218:13122]
-A POSTROUTING -o eth1 -j MASQUERADE
-A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
COMMIT
# Completed on Fri Jul 23 14:56:17 2004
# Generated by iptables-save v1.2.9 on Fri Jul 23 14:56:17 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2817:1072481]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Jul 23 14:56:17 2004
here's dansguardian with some snipperos
Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip =
# the port that DansGuardian listens to
# It needs to be greater than 1024
filterport = 8080
# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1
# the port DansGuardian connects to proxy on
proxyport = 3128
# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
#
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
Anyone see anything seriously amiss? I am using the IP address of eth1 as the proxy, but I've also tried the loopback address and gotten the same message. DIsabling iptables, squid and Dansguardian won't work, but connecting directly to the internet will...
Distribution: Gentoo, Slack, SuSE, Ubuntu... Flavor of the week
Posts: 134
Original Poster
Rep:
Gave that a try, to no avail.
Here's the exact error message: The connection was refused when trying to contact the proxy server you have configured. Please check your proxy settings and try again.
I have checked through squid.conf through for a long time,and i failed.
then i reboot the proxy server. and the squid reboot.
I try squidclient -p 80 mgr:info
shell echo client: ERROR: Cannot connect to localhost:80: Connection refused
and then i tried squidclient -p 80 -h [my sever's ip]mgr:info
and a lot of information was printed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.