Squid configuration

reetika786 · 03-10-2012, 04:23 AM

I am new to linux just installed squid on centos but I cant access any website after adding squid IP My configuration is as follows:

OS :Cent Os
Eth0 =172.16.0.16
Eth1=172.16.0.7

etho is connected to internet and eth1 to lan. my config file have entries as follows

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl mylan src 172.16.0.0/24
http_access allow localhost
http_access allow mylan

Iptables as:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 172.16.0.16:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

I am testing this configuration as adding ip 172.16.0.7 as my gateway in windows xp pc but cant access any site or internet

Please suggest

mrhokibanget · 03-10-2012, 04:34 AM

try put

acl mylan src 172.16.0.0/24
http_access allow localhost
http_access allow mylan

before

http_access deny all

i hope it can help

reetika786 · 03-10-2012, 05:33 AM

I tried but its not working . Can i use same ip range for both eth0 and eth1?? I doubt may be this is the reason i cant access.

mrhokibanget · 03-10-2012, 06:39 AM

try put this command :

tcp_outgoing_address 172.16.0.16 mylan
dns_nameservers your-dns-number

or u can use different ip range for both eth0 and eth1
and try command above but change ip 172.16.0.16 to ur new ip address

i hope its can help

repo · 03-10-2012, 06:46 AM

Does the connection work without the proxy?
Can you ping the outside?

Kind regards

reetika786 · 03-10-2012, 07:00 AM

yep without proxy i i can ping both ip i.e 172.16.0.16 and 172.16.0.7. please help

mandyapenguin · 03-10-2012, 09:12 PM

Hi..reetika786.
This can help you.