Squid proxy server question.
 

Hi all,

First of all, thanks to all of you who contribute to this forum. It has helped me plenty of times while trying to fix issues.

I'll try to keep this as simple as possible to avoid confusion:

Now, I am running 2 servers. 1 CentOS & 1 *cough* Windows server.

On the Windows server for example, I have multiple IPs. I'd like ALL HTTP traffic that goes THROUGH this windows server to pass through Squid which is also RUNNING on this specific windows server.

For some reason, I cannot get this server to connect to Squid, although squid is running on this very server.

Just to make sure I wasn't doing anything wrong, I've just temporarily allowed ALL traffic to Squid and still it won't seem to connect.

My end goal is to configure the Windows server's browser to connect to the x.x.x.x:3128 and simply have it work that way. I'm aiming for the same exact setup on the Linux machine as well.

Am I doing something wrong here? Appreciate your help and advice.

Thanks
Tony

Bump. Could someone kindly chime in on this?

..and, a few hours later:
If you've come here many times for help in the past, you must have noticed that we volunteer our time here: we answer when we can, if we can. Secondly, all you've managed to do with your "bump" is not only to go against the LQ Rules about not posting unless you're posting additional information, but have only really managed to remove your thread from the zero-reply list, making it LESS VISIBLE AND LESS LIKELY TO BE ANSWERED.

Your thread also lacks much in the way of details. You say CentOS and Windows, with Squid running on Windows; fine. You don't say how CentOS enters into this right now, since your thread pretty much only concerns the Windows system. And has this squid (what version???) ever worked? You say the Windows system has multiple IP's...but don't say how many, or how it's fitting into your network topology currently. And when you say "it won't seem to connect", what is the "it" in this case? The CentOS box? Windows?

Typically Squid systems will have two NIC's...one internal facing, one external (Internet). There are many guides, this is only one, dealing with two NIC's.
https://ubuntuforums.org/showthread.php?t=2168571

..and you DO have two different networks/VLAN's, right?

Bear in mind that your Squid server will have access to BOTH NIC's, because the OS has to run them both, and be aware of both of the networks in order for things to work. Not sure how to define a proxy server on a Windows machine, but it's probably under "Control Panel" in Windows...setting it there, if it still works the same as it did many years ago, will get all your web traffic running through whatever address/host/port you tell it.

Tb0ne, thanks for the reply & sorry about the bump, I had posted this early in the AM (3-4am) and replied back a little later in the afternoon. Please kindly forgive me for the lack of detail (I should have been in bed) and also the bump, I'll be sure to avoid doing that in the future.

Basically, to keep things simple I'll explain it like this:

The CentOS server can stay out of the picture for now. I plan on setting that up later to connect to the windows server.

The Windows server is located in a data center and has 2 IPs assigned to it. 1 NIC card. As of now, I have squid up and running on the windows server. It's configured to accept connections based on IPs I specify in the whitelist while I troubleshoot.

I can connect to it and use it as a HTTP proxy from my home computer.

Long story short, although I have it open and allowing ANYONE to connect to the HTTP proxy, I cannot seem to have the windows server connect to ITSELF. I also tried adding the Windows servers own IP to the 'whitelist' but no dice.

I know what I am trying to accomplish may sound ridiculous, but to prevent any latency etc I am trying to allow localhost to connect to its own proxy server. As I mentioned, I have squid fully working on the Windows server as an HTTP proxy and accepting remote connections. Now, I need to figure out how to allow the Windows server connect to its own squid proxy server via browser, etc.

Does this make sense? I'm sorry if I'm making it sound more complicated than it should be. Once again, I am up late troubleshooting this. I should have been in bed 4 hours ago.

I'll check back tomorrow for any replies, and will provide any additional information if needed.

Thanks,
Tony

No worries, and it makes sense. The "but" here, is that it's Windows. Since you've got Squid up and running and functional, we eliminate pretty much everything that could be wrong. Your network configuration is obviously working, squid functional, etc. But if you're trying to use the squid server itself to browse the web....I'd have no idea how to advise, because it's Windows.

If it was Linux, I'd say you'd have to dig into your iptables settings, and NAT your web traffic to all exit the external NIC. Chances are your internal LAN NIC is set to have the default gateway, so to get to the Internet, you're getting pointed internally, then looping back around to your own machine, where the routes and other entertainment happen to get you proxied. How to do this in Windows, though, I can't help with....perhaps someone more Windows-savvy can assist, but I'd dig into the firewall/routes.

Hello Friend. i think this post helps you.


http proxy server configuration using squid and use it as private proxy IPs.

OS : Linux (rhel,centos)
Squid Server : 10.20.36.54
Additional IPs : 10.20.30.2
10.20.30.4

In above Case we use only private IPs. so it can work over LAN Only. if you want use http proxy IPs over WAN you need to setup on public IPs.

1. install the required packages.

# yum install squid*

install httpd

#yum install httpd


2. Backup the existing squid.conf and modify it has below.

#cd /etc/squid
#cp squid.conf squid.conf-bkp
#vi squid.conf

#add this to the auth_param section of squid.conf
#
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd

#
# Add this to the bottom of the ACL section of squid.conf
#
acl ncsa_users proxy_auth REQUIRED

#
# Add this at the top of the http_access section of squid.conf
#
http_access allow ncsa_users

forwarded_for off


http_port 3128


# TAG: httpd_suppress_version_string on|off
# Suppress Squid version string info in HTTP headers and HTML error pages.
#
#Default:
httpd_suppress_version_string on

acl ip1 myip 10.20.30.2

acl ip1 myip 10.20.30.4


tcp_outgoing_address 10.20.30.2 ip1
tcp_outgoing_address 10.20.30.4 ip2

#save and exit the file (wq! )

from above configuration file We used 3128 has port number . you can use any port number in place of that.

if you have more IPs also you can use same format like below.

acl ip1 myip 10.20.30.1
.
.
.
acl ip250 myip 10.20.30.250


tcp_outgoing_address 10.20.30.1 ip1
.
.
.
tcp_outgoing_address 10.20.30.250 ip250


3. Create user authentication

# htpasswd -c /etc/squid/squid_passwd proxyuser
New password:

it's prompt for new password. Please enter your password. These credentials used as http proxy authentication

4. Once all above steps completed. Please restart squid service and add it in chkconfig

# service squid restart
# chkconfig squid on

4. Test the http squid proxy IPs.

Open firefox or any browser and got to option click on advanced tab and click on network after that click on settings.



Provide the Proxy IP and port number, click on ok then it's prompt for username and password. Please provide the logins what ever you are given.






Squid proxy server installation and configuration completed successfully

HOW does it help him, and did you read the OP's post??? They ALREADY HAVE SQUID WORKING, and it's on Windows...so every single step you provided is meaningless, since "yum" doesn't work on Windows, does it? The configurations don't need to be done, since they're already done, and they have stated that the proxy is working just fine.