Help Setup Squid,Iptables and Outlook
i am a newbie in iptables/squid/ and linux networking
heres my topology/network
=============================
ISP>Dlink Router
192.168.0.1
=============================
||
||
||
\/
=============================
Centos 5 Proxy Server
eth 0 : 192.168.0.253
share internet
to
eth 1 : 192.168.2.1
=============================
||
||
||
\/
=============================
Clients
192.168.2.100-192.168.2.125
=============================
#########################################
heres my script and code
#########################################
[=====iptables======]
=======================================================
# Generated by iptables-save v1.3.5 on Fri Aug 24 15:43:12 2012
*mangle
:PREROUTING ACCEPT [3184:246580]
:INPUT ACCEPT [3108:242069]
:FORWARD ACCEPT [76:4511]
:OUTPUT ACCEPT [5549:7162626]
:POSTROUTING ACCEPT [5625:7167137]
COMMIT
# Completed on Fri Aug 24 15:43:12 2012
# Generated by iptables-save v1.3.5 on Fri Aug 24 15:43:12 2012
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 11054:11064 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21:22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -o eth1 -j ACCEPT
COMMIT
# Completed on Fri Aug 24 15:43:12 2012
# Generated by iptables-save v1.3.5 on Fri Aug 24 15:43:12 2012
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j DNAT --to-destination 192.168.2.1:3128
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Aug 24 15:43:12 2012
=======================================================
[=====Squid======]
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 110
acl Safe_ports port 25
acl CONNECT method CONNECT
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
acl clients src 192.168.2.99-192.168.2.125
acl blockSites dstdomain .facebook.com .twitter.com .youtube.com
acl worktime1 time SMTWHFA 00:00-12:15
acl worktime2 time SMTWHFA 13:00-18:15
acl worktime3 time SMTWHFA 19:00-24:00
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow SSL_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny clients blockSites worktime1
http_access deny clients blockSites worktime2
http_access deny clients blockSites worktime3
http_access allow clients
http_access deny all
broken_vary_encoding allow apache
=====================================
windows client conf
%%%%%%%%%%%
Ipconfig
%%%%%%%%%%%
ip : 192.168.2.100
mask: 255.255.255.0
gateway :192.168.2.1
%%%%%%%%%%%%
browser network option using proxy
%%%%%%%%%%%%%%%%%%%%%%%%%%%%
http proxy : 192.168.2.1
port : 3128
////////////////////////////////////////////////////
Heres my problem,clients(windows client) can connect internet and lan but using windows application:microsoft outlook, thunderbird and yahoo messenger using proxy, i cant connect, even i choose 3rd part [internet explorer ] option in outlook same, error...
any one can help me please, with explanation...
tnx in advance...
|
