Squid not giving web pages to client machines.

gardenair · 03-04-2011, 03:24 AM

I have configured squid on Cent OS .Internet is working on the server but on the client side there is no browsing.In the client computer web browser I also add in the proxy setting my proxy server IP with port 8080 but no success. the client computer even ping with the proxy server. Kindly view my log messages and guide me what will be the issue?
thanks garden

Code:

[root@test-proxy ~]# tail -f /var/log/messages 
Mar  4 05:02:44 test-proxy avahi-daemon[5172]: Interface eth0.IPv6 no longer relevant for mDNS. 
Mar  4 05:02:46 test-proxy kernel: ADDRCONF(NETDEV_UP): eth0: link is not ready 
Mar  4 05:02:46 test-proxy kernel: e1000: eth0: e1000_watchdog_task: NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX/TX 
Mar  4 05:02:46 test-proxy kernel: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready 
Mar  4 05:02:48 test-proxy avahi-daemon[5172]: New relevant interface eth0.IPv6 for mDNS. 
Mar  4 05:02:48 test-proxy avahi-daemon[5172]: Joining mDNS multicast group on interface eth0.IPv6 with address fe80::215:17ff:fe9c:52e5. 
Mar  4 05:02:48 test-proxy avahi-daemon[5172]: Registering new address record for fe80::215:17ff:fe9c:52e5 on eth0. 
Mar  4 05:02:50 test-proxy avahi-daemon[5172]: New relevant interface eth0.IPv4 for mDNS. 
Mar  4 05:02:50 test-proxy avahi-daemon[5172]: Joining mDNS multicast group on interface eth0.IPv4 with address 10.1.81.10. 
Mar  4 05:02:50 test-proxy avahi-daemon[5172]: Registering new address record for 10.1.81.10 on eth0. 
Mar  4 05:03:38 test-proxy squid[6151]: Squid Parent: child process 6153 started 
************************************************************************************* 

[root@test-proxy ~]# tail -f /var/log/squid/access.log 
1299121147.036 179995 10.1.81.13 TCP_MISS/504 1468 GET http://www.google.com/ - DIRECT/209.85.175.104 text/html 
1299121176.038 119485 10.1.81.13 TCP_MISS/504 1481 GET http://mail.google.com/mail/? - DIRECT/209.85.175.19 text/html 
1299121183.042  59637 10.1.81.13 TCP_MISS/504 1459 GET http://www.msn.com/ - DIRECT/65.55.17.27 text/html 
1299121187.510  98559 10.1.81.13 TCP_MISS/504 0 GET http://www.msn.com/ - DIRECT/65.55.17.27 text/html 
1299121556.653 180238 10.1.81.13 TCP_MISS/504 1468 GET http://www.google.com/ - DIRECT/209.85.175.104 text/html 
1299121589.656 180604 10.1.81.13 TCP_MISS/504 1468 GET http://www.google.com/ - DIRECT/209.85.175.103 text/html 
1299122265.520 180048 10.1.81.13 TCP_MISS/504 1468 GET http://www.google.com/ - DIRECT/209.85.175.147 text/html 
************************************************************ 
 
[root@test-proxy ~]# service squid start 
Starting squid: .                                          [  OK  ] 
[root@test-proxy ~]# netstat -antp | grep 8080 
tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      6338/(squid)         
[root@test-proxy ~]# ps aux | grep squid 
root      6241  0.0  0.0   3728   520 pts/3    S+   05:11   0:00 tail -f /var/log/squid/access.log 
root      6336  0.0  0.0   7744  1240 ?        Ss   05:13   0:00 squid -D 
squid     6338  0.0  0.1   9972  5940 ?        S    05:13   0:00 (squid) -D 
squid     6340  0.0  0.0   1512   292 ?        Ss   05:13   0:00 (unlinkd) 
root      6350  0.0  0.0   3908   688 pts/4    S+   05:14   0:00 grep squid 
[root@test-proxy ~]#

milindlokde · 03-04-2011, 03:56 AM

port 8080 is usually remapped for http port 80 for security reasons and may not be squid port. The default port for squid is 3128.
Check your squid.conf file for line 'http_port 3128'. If it is different number then that is what you will require to be configured in browsers of client.
On client there is common setting for all applications under Administration->proxy server. However you may also require to configure the same even in individual browsers.

gardenair · 03-04-2011, 04:32 AM

well I just disable SELinux.Then test on the client computer it does not work. At the end I stop firewall
i.e

Code:

service iptables stop

smile ....Internet work fine on the client computer.
Now I want to discuss that to disable firewall is not a good practice.It is lack of security. How can I add my trusted network into the firewall so that without disabling firewall ?

milindlokde · 03-04-2011, 07:28 AM

iptables -t nat -A PREROUTING -d EXTERNALIP -p tcp --dport 8080 -j DNAT --to 10.1.81.13

gardenair · 03-04-2011, 10:37 AM

Thanks for the reply.kindly can u explain the firewall rule from technical language to simple english.any other expert may participate guide me with his own experiance.