squid! not able to route clients through proxy

haxpak · 01-06-2009, 11:38 PM

i have a pc with 2 nics

eth0 external lan ip - 192.168.1.10 connected to dsl modem
eth1 internal lan ip - 10.168.1.20 connected to switch

i am running fc 9

i have installed squid with following settings:

http_port 10.168.1.20:8080

dns_nameservers 192.168.1.1 (it is modem ip)

--------------------------------------------------------

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 2083 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 2083 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

---------------------------------------------

acl internal_network src 10.168.1.0/255.255.255.0

http_access allow internal_network

http_access allow localnet

------------------------------------------------------

clients are running win xp
clients gateway is 10.168.1.20
and dns 10.168.1.20

starting squid and configuring localhost browser to proxy settings

now my localhost traffic is being cached
but not able to connect internet from clients
all requests return packets "destination host unrechable"

* i have not made any changes to the iptables

please help me.

Thanks

acid_kewpie · 01-07-2009, 03:24 AM

phrases like "destination host unreachable" "route" and "packets" suggests that you're trying to ping remote servers (or similar), rather than access web content. squid is a web proxy, not a router, it can not route traffic for your clients at all. if that's just unfortunate language, what does the squid access_log and error_log say?

haxpak · 01-07-2009, 07:42 AM

i am sorry for the foul language and my choice of words acid

there is no error in the access log or cache.log

the "dest host unreachable" is what return packets to clients from the server read, i monitored it on WIRESHARK.

1231335295.436 RELEASE -1 FFFFFFFF 0D9D27251AB2D8F7323169C799D32726 200 1231334964 1193963761 271080000 image/gif 35/35 GET http://www.google-analytics.com/__utm.gif?
is what last line in store.log

1231335295.436 925 10.168.1.20 TCP_MISS/200 507 GET http://www.google-analytics.com/__utm.gif? - DIRECT/209.85.173.127 image/gif
is the last line in the access.log

10.168.1.20 is the server ip on the internal network
i have configured the server's mozilla to use proxy and it is doing so perfectly.

do i need to do some kind of packet forwarding from eth0 to eth1 or vice versa for enabling the clients?

please help