LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-17-2006, 07:11 PM   #1
jocast
Member
 
Registered: May 2004
Location: Laredo
Distribution: FC3
Posts: 185

Rep: Reputation: 30
Squid not allowing port 99


Hello am trying to access the page
http://mail.aajr.com.mx:99/exchange/USA/

but squit does not allowes me it give me the error
below is a part of my squid.conf file. what could be the problem???\



******************************************************************
ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://mail.aajr.com.mx:99/exchange/USA/

The following error was encountered:

Connection Failed
The system returned:

(13) Permission deniedThe remote host or network may be down. Please try the request again.

Your cache administrator is root.
*******************************************************************

My configuration says


...
acl Safe_ports port 99 # exchange
...
http_access allow Super
http_access allow juany
http_access allow adanm
http_access deny !msnlogin
http_access allow Admin
http_access allow verop
http_access allow javierg
http_access allow ivonne
http_access allow paulam
http_access allow victorf
http_access deny archivos
http_access deny !permitidos
http_access deny !Safe_ports
http_access allow Oficina
http_access deny all

icp_access allow all
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
buffered_logs off
 
Old 05-18-2006, 05:04 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Well, can you access it outside of squid? If so, it's hard to know what the problem is without seeing those other ACLs (specifically the denys).
 
Old 05-19-2006, 09:28 AM   #3
jocast
Member
 
Registered: May 2004
Location: Laredo
Distribution: FC3
Posts: 185

Original Poster
Rep: Reputation: 30
I can see the pages very well without squid.

this is my complete squid.conf

http_port 192.168.1.179:3128
httpd_accel_host virtual
httpd_accel_port 80 443 8080 19720 19721 10000
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

acl all src 192.168.1.1-192.168.1.253
acl manager proto cache_object
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
#acl Safe_ports port 80 21 443 563 70 210 280 488 591 777 110 24 99 1025-65535
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftpSafe_ports
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 110 # pop
acl Safe_ports port 24 # smtp
acl Safe_ports port 99 # exchange
acl CONNECT method CONNECT
acl Oficina src 192.168.1.1-192.168.1.90
acl Super src 192.168.1.91-192.168.1.120
acl Admin src 192.168.1.121-192.168.1.200
acl adanm src 192.168.1.36
acl verop src 192.168.1.64
acl javierg src 192.168.1.12
acl paulam src 192.168.1.13
acl ivonne src 192.168.1.22
acl victorf src 192.168.1.64
acl juany src 192.168.1.75
#acl DHRouter src 192.167.1.201-192.168.1.240

acl archivos url_regex -i \.mp3$ \.avi$ \.ppt$ \.pps$ \.swf$ \.exe$

acl permitidos dstdomain 192.168.1.188 .dhl.com .odfl.com .dhl.com.mx .ups.com .fedex.com .sanmina-sci.com 201.120.129.187 .aajr.com.mx .aduanet.net .myyellow.com .menloforwarding.com .ups-scs.com .roadway.com .tellabs.com .overnite.com .baxglobal.com .shiputs.com .usfc.com .dhl-usa.com .usfreightways.com .aesdirect.gov .shiputs.net .cdc.gov .osha.gov .free-training.com .sat.gob.mx .hazmat.ci.laredo.tx.us .forwarding.org 200.76.37.170 200.57.148.20 .aduanet.org

acl msnlogin dstdomain 192.168.1.188 .dhl.com .odfl.com .dhl.com.mx .ups.com .fedex.com .sanmina-sci.com 201.120.129.187 .aajr.com.mx .aduanet.net .myyellow.com .menloforwarding.com .ups-scs.com .roadway.com .tellabs.com .overnite.com .baxglobal.com .shiputs.com .usfc.com .dhl-usa.com .usfreightways.com .aesdirect.gov .shiputs.net loginnet.passport.com .cdc.gov .free-training.com .osha.gov .sat.gob.mx .hazmat.ci.laredo.tx.us .forwarding.org 200.76.37.170 200.57.148.20 .aduanet.org

http_access allow Super
http_access allow juany
http_access allow adanm
http_access deny !msnlogin
http_access allow Admin
http_access allow verop
http_access allow javierg
http_access allow ivonne
http_access allow paulam
http_access allow victorf
http_access deny archivos
http_access deny !permitidos
http_access allow Oficina
http_access deny all

icp_access allow all
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
buffered_logs off

deny_info http://192.168.1.188/Restricted.htm permitidos msnlogin
 
Old 05-21-2006, 01:00 AM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
I don't see any http_access rule in that latest squid.conf relating to the Safe_ports ACL. You define it but don't use it.
 
Old 05-22-2006, 05:57 PM   #5
jocast
Member
 
Registered: May 2004
Location: Laredo
Distribution: FC3
Posts: 185

Original Poster
Rep: Reputation: 30
i have tried like this with out a success

http_access allow Super
http_access allow juany
http_access allow adanm
http_access deny !msnlogin
http_access allow Admin
http_access allow verop
http_access allow javierg
http_access allow ivonne
http_access allow paulam
http_access allow victorf
http_access deny archivos
http_access deny !permitidos
http_access deny !Safe_ports
http_access allow Oficina
http_access deny all

and

http_access deny !Safe_ports
http_access deny !permitidos
 
Old 05-22-2006, 10:02 PM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Unfortunately I don't have a squid installation up and running at the moment or I could be a little more helpful with testing.

First off, I believe this is the correct notation:
Code:
acl Safe_ports port 80 21 443 563 70 210 280 488 591 777 110 24 99 1025-65535
Your ACL should be listed in this fashion rather than separate lines.

Also, just for grins, you might try:
Code:
http_access allow Safe_ports
http_access deny !Safe_ports
In other words, first explicitly allow, then explicitly deny. Don't forget to restart squid to test it.
 
Old 05-24-2006, 01:14 PM   #7
jocast
Member
 
Registered: May 2004
Location: Laredo
Distribution: FC3
Posts: 185

Original Poster
Rep: Reputation: 30
i already tired without success.....
any other ideas?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid not allowing Outlook express niranjan_mr Linux - Software 2 10-10-2005 07:04 AM
Blocking port 80 on NAT and allowing browsing thru squid krishvij Linux - Networking 2 07-19-2005 05:10 AM
Allowing FTP thru Squid? krishvij Linux - Security 2 06-28-2005 11:40 PM
Allowing only certain ip ranges to access squid Menestrel Linux - Networking 2 06-16-2005 04:10 PM
Allowing Mails thru Squid Proxy? krishvij Linux - Newbie 3 04-07-2005 04:12 AM


All times are GMT -5. The time now is 10:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration