-   Linux - Networking (
-   -   Problem with squid server installation (

ashishkhandelwal 01-28-2010 06:58 AM

Problem with squid server installation
I have installed squid proxy server at server side so that all PCs connected to the server will access internet through it.I have made changes in squid.conf file also.I have added these two lines:-
acl localnet src
http_access allow localnet
But all the PCs connected to LAN are not able to connect to internet.I am using correct gateway IP at all PCs.

I have created a script as per instructions given on internet.That script is as following:-

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

Now when i am running this script at server side then all the PCs connected to LAN are able to access internet although squid service is stopped.But i only want all the PCs should access internet through SQUID so that i can track their record and manage them.What is the solution of my problem???What changes should i need to do.Is my problem related to firewall or iptables as i have no idea regarding them.Please solve my issue.

acid_kewpie 01-28-2010 07:48 AM

You're using an illegal ACL format... that's an IP range AND a subnet crammed into a single line. Is quid not complaining about this? Additionally you've not said what actually happens. What happens on the client?? what happens on the server?? "It don't work" is not a sufficient amount of information to provide.

Also looks like your iptables is completely backwards. Your "local" network is set as your external interface, so any masquerading will not work. None of that should matter in the slightest here though, just disable iptables for testing squid.

ashishkhandelwal 01-28-2010 11:25 PM

I have corrected my acl format and now there is no error in that.Second thing is that i have already told that the internet is working fine at client side when i am using the above mentioned script whether squid is on or off.I am not able to find out which client has accessed which websites and downloaded what things as access logs are not generating.I have no idea about iptables so how can i disable the iptables.

acid_kewpie 01-29-2010 01:44 AM

What are you actually trying to acheive? natting or proxying? It sounds a lot like you don't really understand what you're doing to any real extent. "The internet" told to you make that script?? care to expand on that?

All times are GMT -5. The time now is 07:56 PM.