-   Linux - Networking (
-   -   Proxy won't let me connect, iptables, squid and dansguardian (

hindenbergbaby 07-23-2004 03:00 PM

Proxy won't let me connect, iptables, squid and dansguardian
Hi all,

I am configuring a transparent proxy using IPTables, squid, and dansguardian on a K12LTSP server (based on Fedora Core 1). I had everything working great, then I changed some filter configuration files and I get the message that my proxy server will not allow me to access the internet, please check proxy settings.

Here is what I've got in squid.conf:

cache_effective_user squid
cache_effective_group squid

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

# Usage: port

snip snip

iptables# Generated by iptables-save v1.2.9 on Fri Jul 23 14:56:17 2004
:OUTPUT ACCEPT [218:13122]
-A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
# Completed on Fri Jul 23 14:56:17 2004
# Generated by iptables-save v1.2.9 on Fri Jul 23 14:56:17 2004
:OUTPUT ACCEPT [2817:1072481]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
# Completed on Fri Jul 23 14:56:17 2004

here's dansguardian with some snipperos
Network Settings
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip =

# the port that DansGuardian listens to
# It needs to be greater than 1024
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip =

# the port DansGuardian connects to proxy on
proxyport = 3128

# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/'

daemonuser = 'squid'
daemongroup = 'squid'

# Content filtering files location
bannedphraselist = '/etc/dansguardian/bannedphraselist'
exceptionphraselist = '/etc/dansguardian/exceptionphraselist'
weightedphraselist = '/etc/dansguardian/weightedphraselist'
bannedsitelist = '/etc/dansguardian/bannedsitelist'
exceptionsitelist = '/etc/dansguardian/exceptionsitelist'
exceptionurllist = '/etc/dansguardian/exceptionurllist'
bannedurllist = '/etc/dansguardian/bannedurllist'
bannedregexpurllist = '/etc/dansguardian/bannedregexpurllist'
bannedextensionlist = '/etc/dansguardian/bannedextensionlist'
bannedmimetypelist = '/etc/dansguardian/bannedmimetypelist'
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
picsfile = '/etc/dansguardian/pics'
contentregexplist = '/etc/dansguardian/contentregexplist'

Anyone see anything seriously amiss? I am using the IP address of eth1 as the proxy, but I've also tried the loopback address and gotten the same message. DIsabling iptables, squid and Dansguardian won't work, but connecting directly to the internet will...

Any ideas (go easy, I'm a newb)

take care

newpenguin 07-23-2004 03:45 PM

iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to

hindenbergbaby 07-26-2004 05:51 PM

Gave that a try, to no avail.

Here's the exact error message: The connection was refused when trying to contact the proxy server you have configured. Please check your proxy settings and try again.

All the rest remains the same.

newpenguin 07-26-2004 07:24 PM

simply because port is open only for loopback ip.
i though u r using it in transperant mode.

change the first line to

http_port 3128

huangyong 12-02-2009 04:45 AM

I also face the same problem i solve it now
I have checked through squid.conf through for a long time,and i failed.
then i reboot the proxy server. and the squid reboot.
I try squidclient -p 80 mgr:info
shell echo client: ERROR: Cannot connect to localhost:80: Connection refused

and then i tried squidclient -p 80 -h [my sever's ip]mgr:info
and a lot of information was printed.

maybe this will be help for you.

All times are GMT -5. The time now is 01:34 PM.