LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Squid not giving web pages to client machines. (https://www.linuxquestions.org/questions/linux-networking-3/squid-not-giving-web-pages-to-client-machines-866371/)

gardenair 03-04-2011 03:24 AM
Squid not giving web pages to client machines.
 
I have configured squid on Cent OS .Internet is working on the server but on the client side there is no browsing.In the client computer web browser I also add in the proxy setting my proxy server IP with port 8080 but no success. the client computer even ping with the proxy server. Kindly view my log messages and guide me what will be the issue?
thanks garden


Code:
[root@test-proxy ~]# tail -f /var/log/messages
Mar  4 05:02:44 test-proxy avahi-daemon[5172]: Interface eth0.IPv6 no longer relevant for mDNS.
Mar  4 05:02:46 test-proxy kernel: ADDRCONF(NETDEV_UP): eth0: link is not ready
Mar  4 05:02:46 test-proxy kernel: e1000: eth0: e1000_watchdog_task: NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX/TX
Mar  4 05:02:46 test-proxy kernel: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Mar  4 05:02:48 test-proxy avahi-daemon[5172]: New relevant interface eth0.IPv6 for mDNS.
Mar  4 05:02:48 test-proxy avahi-daemon[5172]: Joining mDNS multicast group on interface eth0.IPv6 with address fe80::215:17ff:fe9c:52e5.
Mar  4 05:02:48 test-proxy avahi-daemon[5172]: Registering new address record for fe80::215:17ff:fe9c:52e5 on eth0.
Mar  4 05:02:50 test-proxy avahi-daemon[5172]: New relevant interface eth0.IPv4 for mDNS.
Mar  4 05:02:50 test-proxy avahi-daemon[5172]: Joining mDNS multicast group on interface eth0.IPv4 with address 10.1.81.10.
Mar  4 05:02:50 test-proxy avahi-daemon[5172]: Registering new address record for 10.1.81.10 on eth0.
Mar  4 05:03:38 test-proxy squid[6151]: Squid Parent: child process 6153 started
*************************************************************************************

[root@test-proxy ~]# tail -f /var/log/squid/access.log
1299121147.036 179995 10.1.81.13 TCP_MISS/504 1468 GET http://www.google.com/ - DIRECT/209.85.175.104 text/html
1299121176.038 119485 10.1.81.13 TCP_MISS/504 1481 GET http://mail.google.com/mail/? - DIRECT/209.85.175.19 text/html
1299121183.042  59637 10.1.81.13 TCP_MISS/504 1459 GET http://www.msn.com/ - DIRECT/65.55.17.27 text/html
1299121187.510  98559 10.1.81.13 TCP_MISS/504 0 GET http://www.msn.com/ - DIRECT/65.55.17.27 text/html
1299121556.653 180238 10.1.81.13 TCP_MISS/504 1468 GET http://www.google.com/ - DIRECT/209.85.175.104 text/html
1299121589.656 180604 10.1.81.13 TCP_MISS/504 1468 GET http://www.google.com/ - DIRECT/209.85.175.103 text/html
1299122265.520 180048 10.1.81.13 TCP_MISS/504 1468 GET http://www.google.com/ - DIRECT/209.85.175.147 text/html
************************************************************
 
[root@test-proxy ~]# service squid start
Starting squid: .                                          [  OK  ]
[root@test-proxy ~]# netstat -antp | grep 8080
tcp        0      0 0.0.0.0:8080                0.0.0.0:*                  LISTEN      6338/(squid)       
[root@test-proxy ~]# ps aux | grep squid
root      6241  0.0  0.0  3728  520 pts/3    S+  05:11  0:00 tail -f /var/log/squid/access.log
root      6336  0.0  0.0  7744  1240 ?        Ss  05:13  0:00 squid -D
squid    6338  0.0  0.1  9972  5940 ?        S    05:13  0:00 (squid) -D
squid    6340  0.0  0.0  1512  292 ?        Ss  05:13  0:00 (unlinkd)
root      6350  0.0  0.0  3908  688 pts/4    S+  05:14  0:00 grep squid
[root@test-proxy ~]#

milindlokde 03-04-2011 03:56 AM
port 8080 is usually remapped for http port 80 for security reasons and may not be squid port. The default port for squid is 3128.
Check your squid.conf file for line 'http_port 3128'. If it is different number then that is what you will require to be configured in browsers of client.
On client there is common setting for all applications under Administration->proxy server. However you may also require to configure the same even in individual browsers.

gardenair 03-04-2011 04:32 AM
well I just disable SELinux.Then test on the client computer it does not work. At the end I stop firewall
i.e
Code:
service iptables stop
smile ....Internet work fine on the client computer.
Now I want to discuss that to disable firewall is not a good practice.It is lack of security. How can I add my trusted network into the firewall so that without disabling firewall ?

milindlokde 03-04-2011 07:28 AM
iptables -t nat -A PREROUTING -d EXTERNALIP -p tcp --dport 8080 -j DNAT --to 10.1.81.13

gardenair 03-04-2011 10:37 AM
Thanks for the reply.kindly can u explain the firewall rule from technical language to simple english.any other expert may participate guide me with his own experiance.


All times are GMT -5. The time now is 10:13 AM.