squid problem
Folks,
I am using 2 ethernet cards along with squid in my LAN for internet access, my server is Redhat 9.0, squid as proxy server, with 1 ethernet car hooked to the internet (real IP address), the other linking the LAN internal as gate way (192.168.1.1). Now everything looks fine, squid is running the sever can get to the internet, every client (whether Linux or Windows), pinging is just fine, but the browser cannot be opened, why? Thx, HTM |
but the browser cannot be opened ?????????????????/
what do u mean |
I meann
Sir,
I mean I cannot access the internet through the browser Thx, HTM |
with a remark like that no one will answer you question
|
Did you configure the squid proxy as transparent to the client?
To do this you need to route the port 80 traffic to squids port so browser requests go through squid. Like so... (you need to have a rule like this for each interface that people will connect to, and not the internet interface. So you need to know your device names) # Squid transparent proxy $IPTABLES -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Or you can run it as a normal proxy server where the browser needs to be configured for the proxy. |
the difference betwen my squid.conf and the default
David,
Yes, I set every client's browser as proxy mode using 192.168.1.1's port 3128, I use ps -aux | grep squid, and find it is running, here is what I changed in squid.conf: [guest@headquarter squid]$ diff squid.conf squid.conf.default 469d468 < cache_mem 128 MB 668c667 < cache_dir ufs /var/spool/squid/cache 200 16 256 --- > 1679c1678 < acl all src 192.168.1.1/17 --- > acl all src 0.0.0.0/0.0.0.0 1742c1741 < http_access allow all --- > http_access deny all 1955d1953 < visible_hostname localhost besides changing squid.conf, launching it, and set client's browser, are there anything else I need to do for me to make it happy (internet sharing)? Thx, HTM |
what does it say in clients' browsers? access denied (squid error)? or connot find (default browser error)?
|
error info
IE says it cannot display the page, either cannot find th server or DNS error
BTW looks like log files under /var/log/squid do not offer me too much hints Thx, HTM |
squid warning
BTW, I got following warning, when I restarted my squid:
squid (pid 17248 17246) is running... 2004/04/05 21:37:20| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.1.1/17' Is that a problem? Also why there is no log info updating after I visit an internet site at my client? Thx, HTM |
sure its a problem. your squid doesnt work. if it worked clients browsers could see a webpage generated by squid or they could surf on the internet.
squid think that your ip range is not correct. because your ip range is a C class network. but your netmask isnt correct for C class network. it must be like that 192.168.1.1/24 change the following line in squid.conf acl all src 0.0.0.0/0.0.0.0 acl lan src 192.168.1.0/255.255.255.0 http_access allow lan http_access deny all |
squid logs are located in /var/log/squid directory. it updates logs immediatelly.
|
if your network is 192.168.0.0/255.255.0.0, u can define it like that:
acl lan src 192.168.0.0/17 |
error info after running squidclient
At server side, I run squidclient, I got the following info, what do those error info
mean? Thx a ton, HTM [root@headquarter sbin]# squidclient bash: squidclient: command not found [root@headquarter sbin]# ./squidclient http://www.yahoo.com HTTP/1.0 403 Forbidden Server: squid/2.5.STABLE1 Mime-Version: 1.0 Date: Tue, 06 Apr 2004 02:19:37 GMT Content-Type: text/html Content-Length: 1039 Expires: Tue, 06 Apr 2004 02:19:37 GMT X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from localhost Proxy-Connection: close <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>ERROR: The requested URL could not be retrieved</TITLE> <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE> </HEAD><BODY> <H1>ERROR</H1> <H2>The requested URL could not be retrieved</H2> <HR noshade size="1px"> <P> While trying to retrieve the URL: <A HREF="http://www.yahoo.com">http://www.yahoo.com</A> <P> The following error was encountered: <UL> <LI> <STRONG> Access Denied. </STRONG> <P> Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. </UL> <P>Your cache administrator is <A HREF="mailto:root">root</A>. <BR clear="all"> <HR noshade size="1px"> <ADDRESS> Generated Tue, 06 Apr 2004 02:19:37 GMT by localhost (squid/2.5.STABLE1) </ADDRESS> </BODY></HTML> [root@headquarter sbin]# [root@headquarter sbin]# |
cant u read it? it says access is denied.
|
yeah, could you offer me a pointer?
Maxcut,
Could you let me know how to fix that? I've done everything, change hostname from headquarter back to localhost, in the client side, set IT's advancd tab, allow http access through proxy, why the access is denied? Now I also got some info in store.log after unsing command ./squidclient -p 3128 htt://www.yahoo.com (at server side in emulating an client) 1081217776.023 RELEASE -1 FFFFFFFF A0329052B72100A0A4D2609845D182BD 200 1081174001 -1 -1 text/html -1/1095 GET http://www.yahoo.com 1081217776.023 RELEASE -1 FFFFFFFF BBB41116D01C97FE0E4678361DF2828E 403 1081217776 0 1081217776 text/html 1039/1271 GET http://www.yahoo.com 1081217978.092 RELEASE -1 FFFFFFFF 46F9A8B813CE95B29E37C03840D3B96B 200 1081174203 -1 -1 text/html -1/2543 GET http://www.yahoo.com 1081217978.093 RELEASE -1 FFFFFFFF E354D075A75B23DA3A58AFEEF46D20C8 403 1081217977 0 1081217977 text/html 1039/1271 GET http://www.yahoo.com 1081218485.647 RELEASE -1 FFFFFFFF B9939ADBA4F7581A32A9DA2917D1C3E8 200 1081174710 -1 -1 text/html -1/1095 GET http://www.yahoo.com 1081218485.656 RELEASE -1 FFFFFFFF 422A4E1E9CAED166A27E5C544B66D03C 403 1081218485 0 1081218485 text/html 1039/1271 GET http://www.yahoo.com I am stucking with that for days, thanks you vey much indeed, HTM |
All times are GMT -5. The time now is 08:21 PM. |