Unbutu 7 - Squid Proxy

grumblenoise · 02-29-2008, 03:47 AM

Hi Guys,

Please to meet you all. I'm new to Linux so excuse the perhaps noobie question.

I've just installed Unbutu with GNOME desktop, I've installed Squid on top of that and webmin for admin. My intetion is to use Squid as a proxy logging service for all my internal users. We use Message Labs for the our filtering but the logging features are rubbish so hence I'm putting in a Squid server so I can monitor things a bit more closely. Anyway... Squid v3 all working, however, on my Squid server, I want it to use Message Labs as it's connection to the internet so I'm getting the benefits of Message Labs and the logging of squid. My question is, which account do I set the proxy settings up under? I've created a proxyadmin user account which I used to create the cache folder udder squid. I changed the proxy setting under this account to use Message Labs but that has not worked. I can browse on my server fine, but when I change my client workstation ID to the Squid proxy I can't browse the net.

Can someone explain this step for me? Hope I've been clear let me know if not.

Thank you

acid_kewpie · 02-29-2008, 04:09 AM

which account are you really referring to? if you need upstream credentials for ML, then those would be defined within a cache_peer declaration. if you mean what account *runs* squid, then conventionally most binary packages will be preconfigured to use a "squid" user account. it doesn't matter who edits the files.

I had the option of ML for web traffic, but as it's naturally a remote affair, it wipes out the benefits of local caching - no improvement of bandwidth usage, no speed up for end users - i gave it a wide birth.

grumblenoise · 02-29-2008, 04:24 AM

Hi Acid,

Thanks for replying.

I was referring to the proxyadmin account I had set-up to install it with. I'm going to use Squid for monitoring, Message Labs as lists our FW IP address so knowing which internal workstations have visited which site is impossible. I've turned logging on, I can see a lot of TCP_MISS/504 errors, it seems to resolve theIP address of the sites I visit though (this is me testing from my workstation work Squid set as proxy)

I think I'm nearly there, any ideas on the errros?

acid_kewpie · 02-29-2008, 04:25 AM

what role is this proxyadmin account actually serving? why have you created it?

grumblenoise · 02-29-2008, 05:10 AM

Well in fact, fotget that account as it's not as important as I thought. I'd like to know what the TCP_MISS/504 means?

Cheers,

Grumbz

acid_kewpie · 02-29-2008, 05:13 AM

well google is your (all powerful and all knowing) friend... http://www.checkupdown.com/status/E504.html check your log files for squid for misconfigurations.

grumblenoise · 02-29-2008, 05:44 AM

Sure I will check out our mutual friend

just another quick Q, squid.conf, are there 2 versions of this when it's installed? I can see my squid.conf in /etc/squid3 but it dosen't seem to be the same as what I see in Webmin.

Cheers.

acid_kewpie · 02-29-2008, 05:46 AM

should only be one. have you got a .2x and 3 version installed on both?

grumblenoise · 02-29-2008, 06:03 AM

Just V3, think I've found it anyway.

So for Squid to use my Message Labs proxy. I've set-up another cache, called proxy.webscammingservice.com, this is set to parent, with port 3128. So this means that requests sent from client are sent to this proxy?

Thanks.

acid_kewpie · 02-29-2008, 06:05 AM

well it depends on the acl's and such, not just a one liner... if you want to post the whole config we can have a look, but your logs will generally tell you a fair bit about where traffic is at least trying to go to. in the access log it shows the ip of the destination it's connecting to, either the IP of the end server or the intermediate peer.

grumblenoise · 02-29-2008, 08:12 AM

Log files:-

Cache.log

2008/02/29 12:09:54| Loaded Icons.
2008/02/29 12:09:54| Ready to serve requests.
2008/02/29 12:09:54| Configuring Parent proxy.webscanningservice.com/3128/3130
2008/02/29 12:09:56| temporary disabling (Internal Server Error) digest from proxy.webscanningservice.com
2008/02/29 12:14:57| temporary disabling (Internal Server Error) digest from proxy.webscanningservice.com
2008/02/29 12:25:03| temporary disabling (Internal Server Error) digest from proxy.webscanningservice.com
2008/02/29 12:45:03| temporary disabling (Internal Server Error) digest from proxy.webscanningservice.com
2008/02/29 13:25:06| temporary disabling (Internal Server Error) digest from proxy.webscanningservice.com
2008/02/29 13:56:56| Detected DEAD Parent: proxy.webscanningservice.com

Squid 3.log

1204287181.005 179734 192.168.1.200 TCP_MISS/504 0 GET http://news.google.co.uk/nwshp? - DIRECT/209.85.137.99 text/html
1204287328.005 179098 192.168.1.200 TCP_MISS/504 2519 GET http://news.google.co.uk/nwshp? - DIRECT/209.85.137.99 text/html
1204293596.005 179089 192.168.1.200 TCP_MISS/504 0 GET http://www.google.co.uk/ - DIRECT/64.233.183.99 text/html
1204294104.005 179655 192.168.1.200 TCP_MISS/504 0 GET http://www.google.co.uk/ - DIRECT/64.233.183.99 text/html
1204294112.005 179880 192.168.1.200 TCP_MISS/504 2429 GET http://www.google.co.uk/ - DIRECT/64.233.183.104 text/html

Thanks.

acid_kewpie · 02-29-2008, 08:55 AM

again, please post the config

grumblenoise · 02-29-2008, 09:05 AM

Hi Chris,

How do I post the whole lot? There is over the allocated amount of lines I'm able to post on here.

Cheers.

acid_kewpie · 02-29-2008, 09:11 AM

no, just the actual code, filter out the comments and you'll only have 20 - 50 lines or so i expect

grumblenoise · 02-29-2008, 09:22 AM

How do I filter out those comments? There are no filter options in Text Editor, is there something better to view it with?

Thanks!