Allow msn messenger through squid proxy

sakthi.s · 03-25-2007, 02:05 AM

Dear All

I Have Redhat linux 9 and transparent squid proxy is enabled in that. My clients machines Windows XP, I have two groups in my network, Group A have all access and group B have only restricted access URLs.

My Group A people are able to login into MSN messenger , but my Group B people are not able to login, I have created separeate ACL for the MSN users also

acl msn_hosts src 192.168.1.2 192.168.1.3
acl msn dst 207.46.104.20 207.46.110.0/24
http_access allow msn_hosts msn
http_access deny all

but still i am unable to login ,

Can anyone tell me how to solve this..

Here is my exact squid ACL

acl lan1_blr src 192.168.1.0/255.255.255.0
acl lan2_blr src 192.168.100.0/255.255.255.0
acl msn_hosts src 192.168.1.65 192.168.1.66 192.168.1.56 192.168.1.4
acl allowed_machines src "/etc/squid/allowed_machines"
acl support_staff src "/etc/squid/support_staff"
acl callcenter src "/etc/squid/callcenter"

acl rejected_urls url_regex "/etc/squid/rejected_urls"
acl allowed_urls dstdomain "/etc/squid/allowed_urls"
acl msn dstdomain 64.4.13.0/24 152.163.241.0/24 64.12.163.0/24 207.46.110.0/24 207.46.1.0/24 65.54.0.0/16 207.46.104.20 207.46.110.0

http_access deny rejected_urls
http_access deny !allowed_machines
http_access deny !lan1_blr !lan2_blr
http_access allow msn_hosts msn
http_access allow callcenter allowed_urls allowed_machines
http_access allow support_staff !callcenter
http_access allow all

Regards
Sakthi

sakthi.s · 03-28-2007, 07:02 AM

I am not using IPTABLES at all in my linux box....

My client PC's are connecting to internet by proxy server.

My proxy server is connecting to internet through my CISCO firewall, in proxy server my details are given like this

IP : 192.168.1.6 -- Linux squid Proxy server ip
GW : 192.168.1.5 -- MY CISCO Firewall IP
DNS : xx.xx.xx.xx

My client machines also having the same GW AND DNS
my client machines browser is pointing to 192.168.1.6(Linux Squid Proxy server)

My questions is very simple,

My Group A people are able to login to MSN through PRoxy
Only my Group B people are not able to login to MSN

I doubt my ACL is blocking..!!!

Even I tried to place
http_access allow msn_hosts msn
before any deny statment...
Nothing is working out.

Enclosed the access.log file for your reference

207.46.104.201175083489.222 1 192.168.1.65 TCP_DENIED/403 1407 POST http://gateway.messenger.hotmail.com...y/gateway.dll? - NONE/- text/html

ED/403 1329 CONNECT login.live.com:443 - NONE/- text/html
1175083462.022 66 192.168.1.4 TCP_DENIED/403 1407 POST http://gateway.messenger.hotmail.com...y/gateway.dll? - NONE/- text/html
1175083464.350 2397 192.168.1.41 TCP_MISS/200 20728 GET http://mail.google.com/mail/? - DIRECT/72.14.205.17 text/javascript
1175083472.619 226 192.168.1.4 TCP_DENIED/403 1343 POST http://www.microsoft.com/ - NONE/- text/html
1175083476.472 760 192.168.1.39 TCP_MISS/200 353 POST http://shttp.msg.yahoo.com/notify/ - DIRECT/216.155.194.239 text/plain
1175083481.835 302 192.168.1.4 TCP_DENIED/403 1407 POST http://gateway.messenger.hotmail.com...y/gateway.dll? - NONE/- text/html
1175083489.106 272 192.168.1.4 TCP_DENIED/403 1329 CONNECT login.live.com:443 - NONE/- text/html
1175083489.222 1 192.168.1.65 TCP_DENIED/403 1407 POST http://gateway.messenger.hotmail.com...y/gateway.dll? - NONE/- text/html
1175083489.798 576 192.168.1.4 TCP_DENIED/403 1407 POST http://gateway.messenger.hotmail.com...y/gateway.dll? - NONE/- text/html
1175083489.798 576 192.168.1.4 TCP_DENIED/403 1407 POST http://gateway.messenger.hotmail.com...y/gateway.dll? - NONE/- text/html
~

Desperately need to get it down.... Apprasial TIME???!!!!