need help on centos 6.5 (Squid 3.1 related quires)
Installed centos 6.5, configured squid 3.1 , internet is working on clients , even mac binding working good, but not happening any outgoing connections.
Example: I need to take outsider remote connection, or ssh , its not happening , even this server ssh is not happening from outside... Tried with opening port no in iptables as well as in squid.conf file, not succeed ... Kiran... |
Quote:
|
Hi TB0ne,
Thanks for your reply, I have tried to open 22, 3389 port in iptables (this line i have added in /etc/sysconfig/iptables file -> -A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j ACCEPT for tcp and udp both), but even its not working in windows client system, I tried to do ssh and mstsc for outside server which is location in public network...given squid.conf and iptables file below, please let me correct where i am doing mistake... MY IPTABLES FILE # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Below posted my squid config file for simple basic configuration... # # Recommended minimum configuration: # acl myoffice src 172.16.44.0 acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_locaiilhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network #acl localnet src fc00::/7 # RFC 4193 local private network range #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 3389 # RDP acl Safe_ports port 22 # SSH acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports --------------------> also here tried with allow option # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports --------------------> also here tried with allow option # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # #full access for internet #fullaccess acl ban076mac arp 00:AA:BB:22 acl ban076ip src 172.16.44.76 http_access allow ban076mac ban076ip #block website and words acl business_hours time S M T W H F A 00:01-23:59 acl blockwebsite url_regex "/etc/squid/blockwebsite.txt" acl blockword url_regex "/etc/squid/blockword.txt" acl freetime1 time M T W H F 09:00-18:00 http_access deny blockwebsite freetime1 http_access allow blockwebsite http_access deny blockword freetime1 http_access allow blockword #limitedaccess acl ban075mac arp 00:AA:BB:33 acl ban075ip src 172.16.44.50 http_access allow ban075mac ban075ip #acl blockword url_regex "/etc/squid/blockword.txt" #http_access deny blockword #acl regwebsite dstdomain "/etc/squid/blockwebsite.txt" #http_access deny regwebsite #acl ipacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* #http_access deny ipacl #acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0.9]+ #http_access deny numeric_IPs http_access deny myoffice #http_access deny all # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny !myoffice http_access deny all visible_hostname myofficeproxy # Squid normally listens to port 3128 http_port 3128 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 Thanks.... |
Quote:
|
Hi,
Thanks, As you said I understood well thanks, but on the same network I am working with RHEL 5.3 squid, there all ports are working fine, But in centos 6.5 only blocking my ports. I am new for Centos 6.5. also as per you said I have tried with service iptables stop and checked in client machine, internet is working in browser but MSTSC or SSH are not working... Sorry for disturb you, but its my requirement for future upgrade in my company... Regards, Kiran, |
Quote:
Since you've ruled out that IPTables is blocking it, have you actually looked at the IPtables rules on the machine that IS working??? Tried to apply those same settings?? It could be that things are NAT'ted there. |
Thanks,
Can you give me iptables rule line, so which can be open my ports, simple network which i configured public IP in one NIC and another NIC i configured local IP, Now please give me some iptables line for MSTSC and SSH. (Sorry pls dont get hesitate by my silly que) Thanks, Kiran |
Quote:
And do you not understand what you've been told??? You said you have turned off IPtables, and that you also have a working system on the same network. So, AGAIN
|
All times are GMT -5. The time now is 11:01 PM. |