Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-23-2004, 03:00 PM
|
#1
|
Member
Registered: Sep 2003
Location: Boston
Distribution: Gentoo, Slack, SuSE, Ubuntu... Flavor of the week
Posts: 134
Rep:
|
Proxy won't let me connect, iptables, squid and dansguardian
Hi all,
I am configuring a transparent proxy using IPTables, squid, and dansguardian on a K12LTSP server (based on Fedora Core 1). I had everything working great, then I changed some filter configuration files and I get the message that my proxy server will not allow me to access the internet, please check proxy settings.
Here is what I've got in squid.conf:
cache_effective_user squid
cache_effective_group squid
http_port 127.0.0.1:3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# Usage: port
snip snip
iptables# Generated by iptables-save v1.2.9 on Fri Jul 23 14:56:17 2004
*nat
:PREROUTING ACCEPT [239:41567]
:POSTROUTING ACCEPT [13:780]
:OUTPUT ACCEPT [218:13122]
-A POSTROUTING -o eth1 -j MASQUERADE
-A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
COMMIT
# Completed on Fri Jul 23 14:56:17 2004
# Generated by iptables-save v1.2.9 on Fri Jul 23 14:56:17 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2817:1072481]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Jul 23 14:56:17 2004
here's dansguardian with some snipperos
Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip =
# the port that DansGuardian listens to
# It needs to be greater than 1024
filterport = 8080
# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1
# the port DansGuardian connects to proxy on
proxyport = 3128
# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
#
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
daemonuser = 'squid'
daemongroup = 'squid'
# Content filtering files location
bannedphraselist = '/etc/dansguardian/bannedphraselist'
exceptionphraselist = '/etc/dansguardian/exceptionphraselist'
weightedphraselist = '/etc/dansguardian/weightedphraselist'
bannedsitelist = '/etc/dansguardian/bannedsitelist'
exceptionsitelist = '/etc/dansguardian/exceptionsitelist'
exceptionurllist = '/etc/dansguardian/exceptionurllist'
bannedurllist = '/etc/dansguardian/bannedurllist'
bannedregexpurllist = '/etc/dansguardian/bannedregexpurllist'
bannedextensionlist = '/etc/dansguardian/bannedextensionlist'
bannedmimetypelist = '/etc/dansguardian/bannedmimetypelist'
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
picsfile = '/etc/dansguardian/pics'
contentregexplist = '/etc/dansguardian/contentregexplist'
Anyone see anything seriously amiss? I am using the IP address of eth1 as the proxy, but I've also tried the loopback address and gotten the same message. DIsabling iptables, squid and Dansguardian won't work, but connecting directly to the internet will...
Any ideas (go easy, I'm a newb)
take care
|
|
|
07-23-2004, 03:45 PM
|
#2
|
Member
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219
Rep:
|
iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to 127.0.0.1:3128
|
|
|
07-26-2004, 05:51 PM
|
#3
|
Member
Registered: Sep 2003
Location: Boston
Distribution: Gentoo, Slack, SuSE, Ubuntu... Flavor of the week
Posts: 134
Original Poster
Rep:
|
Gave that a try, to no avail.
Here's the exact error message: The connection was refused when trying to contact the proxy server you have configured. Please check your proxy settings and try again.
All the rest remains the same.
|
|
|
07-26-2004, 07:24 PM
|
#4
|
Member
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219
Rep:
|
simply because port is open only for loopback ip.
i though u r using it in transperant mode.
change the first line to
http_port 3128
|
|
|
12-02-2009, 04:45 AM
|
#5
|
LQ Newbie
Registered: Nov 2009
Posts: 2
Rep:
|
I also face the same problem i solve it now
I have checked through squid.conf through for a long time,and i failed.
then i reboot the proxy server. and the squid reboot.
I try squidclient -p 80 mgr:info
shell echo client: ERROR: Cannot connect to localhost:80: Connection refused
and then i tried squidclient -p 80 -h [my sever's ip]mgr:info
and a lot of information was printed.
maybe this will be help for you.
|
|
|
All times are GMT -5. The time now is 12:37 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|