Problem on squid

mredloft · 04-20-2009, 05:32 AM

I have set up squid 2.5 server as my proxy.I could access Internet from the server itself and it is shown in the squid access log as well(when accessing through this squid). But I am not able to access Internet from other machines which are on the same LAN, though i got ping reply from the server. No progress is shown at all on the access log while trying to access.. Here is part of my config file:

http_port 8080

acl our_network src 10.180.0.0/255.255.255.0
http_access allow our_network

----
Whate could be the problem.

thanks
mredloft

datopdog · 04-20-2009, 06:18 AM

It is possible that iptables is blocking your clients from connection to port 8080 on the server check that.

chitambira · 04-20-2009, 06:27 AM

is 255.255.255.0 (/24) your proper network mask? not /16 ? give us an examble of the IP address of a client from which you are trying to browse.
Did you configure the proxy settings on the clients (properly)
Secondly, could there be any network security issues preventing access to squid? try
# telnet squid-server 8080
and see whats the response like.
Finally if all above is good, send your complete squid.conf here.

datopdog · 04-20-2009, 06:29 AM

I do not think the problem is the netmask of the acl as then squid would have logged a DENY action in the log file, nothing is being logged meaning the connection does not get to squid.

mredloft · 04-21-2009, 06:46 AM

Guys, Thanks for all your concern...

As i mention, the server's acceses is logged when proxy is given on the server's browser. But no others acess were logged at all, even though i could get a ping reply from the server.

Regarding the IP tables, i dont have much idea, i just use the default setting on IP table.

Regarding netmask.../24 is our netmask given. client's Ip: 10.180.0.118/255.255.255.0. I have given the proxy setting properly on the client side.

Regarding the configuration, i just changed as follow (no other lines have been changed in the config filena

http_port 8080

acl our_network src 10.180.0.0/255.255.255.0
http_access allow our_network

Thanks in advance

chitambira · 04-21-2009, 07:59 AM

Quote:

# telnet squid-server 8080

You didnt give us output to this command???

mredloft · 04-22-2009, 01:56 AM

@chitambira, the output of # telnet squid-server 8080 is

telnet: connect to address 10.180.0.51: No route to host
telnet: unable to connect to remote host: No route to host

So how do i proceed pls..

kirukan · 04-22-2009, 02:30 AM

As they mentioned above, have you checked your iptables whether it is turnon or not? if it is turnon check the following entry whether it is exist or not
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

mredloft · 04-28-2009, 11:54 PM

Thank you guys for your replies, now its' working. i have appended a line in the iptable config file:
-A RH-Firewall-1-INPUT -s 10.180.0.0/24 -m state --state NEW -p tcp --dport 8080 -j ACCEPT

datopdog · 04-29-2009, 01:35 AM

Well if only you had listened to my advise in the first place.