I am trying to access library of congress (US) to retrieve book records for a local database. The LOC site is z3950.loc.gov on port 7090. We have set an ACL in Squid for attempt at enabling, but it's not working. See attached reduced Squid configuraton file (comments removed). We have a client which can access numerous libraries around the world with this tool. However, we are behind a Squid firewall which is disallowing pass through. We have demonstrated access if we are outside the firewall. Any idea how to 'tunnel' through the firewall with this application? Thanks.
# http: Ubuntu/Squid proxy server definitions
#
# WELCOME TO SQUID 2
# ------------------
#
http_port 3128
http_port 80
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache_mem 64 MB
maximum_object_size 50 MB
maximum_object_size_in_memory 32 KB
cache_dir ufs /var/spool/squid 8000 32 256
#Default:
# hosts_file /etc/hosts
#
hosts_file /etc/hosts
request_body_max_size 10 MB
#
# The refresh_pattern lines are checked in the order listed here.
# The first entry which matches is used. If none of the entries
# match the default will be used.
#
# Note, you must uncomment all the default lines if you want
# to change one. The default setting is only active if none is
# used.
#
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^.deb: 262800 100% 525600
refresh_pattern . 0 20% 4320
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl SSL_ports port 873
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 631
acl Safe_ports port 873
acl Safe_ports port 901
acl Safe_ports port 7090
acl Safe_ports port 9099
acl purge method PURGE
acl CONNECT method CONNECT
acl BenAndJosephIPs src 192.168.0.1 192.168.0.25 192.168.0.54 62.24.103.4-62.24.103.8 192.168.0.8
# acl KEMUStaff src 192.168.0.1 192.168.0.100 192.168.0.103 192.168.0.11 192.168.0.125 192.168.0.127 192.168.0.13 192.168.0.14 192.168.0.140 192.168.0.153 192.168.0.154 192.168.0.16 192.168.0.17 192.168.0.18 192.168.0.19 192.168.0.205 192.168.0.215 192.168.0.217 192.168.0.22 192.168.0.221 192.168.0.222 192.168.0.223 192.168.0.25 192.168.0.26 192.168.0.29 192.168.0.3 192.168.0.31 192.168.0.5 192.168.0.51 192.168.0.58 192.168.0.69 192.168.0.7 192.168.0.8 192.168.0.93 192.168.0.208 192.168.0.239
#acl d2 src 192.168.0.104 192.168.0.109 192.168.0.170 192.168.0.22 192.168.0.229 192.168.0.237 192.168.0.24
# KEMUs lab Access Client Lists (acl) defined by IP
# acl complab2 src 192.168.0.33-192.168.0.50
# acl complab4 src 192.168.0.231 192.168.0.239 192.168.0.240 192.168.0.68
# acl cybercafe src 192.168.0.241-192.168.0.251
# Specifying certain acls based on dates and times (combine this with other acls to specify
# when those acls can access the Internet - especially useful for labs)
# acl generaltime time S M T W H F A 00:00-24:00
# acl complab1mactime time M T 08:30-13:00
# acl complab2time time W 14:45-18:30
# acl complab4time time MTWHF 14:00-17:00
# acl cybercafetime time S M T W H F A 07:00-19:00
acl snmpkemu snmp_community kemu
acl computerlabA src 192.168.0.12 192.168.0.13 192.168.0.20
# acl TEMPORARYACCESS src 192.168.0.101 192.168.0.102-192.168.0.110 192.168.0.111-192.168.0.125 192.168.0.128-192.168.0.224 192.168.0.137
# 192.168.0.142 192.168.0.143 192.168.0.144 192.168.0.147 192.168.0.148 192.168.0.149 192.168.0.150 192.168.0.151 192.168.0.154 192.168.0.155 # 192.168.0.160 192.168.0.160 192.168.0.161 192.168.0.163 192.168.0.170 192.168.0.172 192.168.0.177 192.168.0.178 192.168.0.179 192.168.0.181 # 192.168.0.182 192.168.0.183 192.168.0.184 192.168.0.185 192.168.0.197 192.168.0.201 192.168.0.202 192.168.0.203 192.168.0.206 192.168.0.207 # 192.168.0.208 192.168.0.209 192.168.0.210 192.168.0.211 192.168.0.212 192.168.0.213 192.168.0.214 192.168.0.215 192.168.0.218 192.168.0.219 # 192.168.0.226 192.168.0.231 192.168.0.232 192.168.0.233 192.168.0.234 192.168.0.239 192.168.0.240 192.168.0.241 192.168.0.247 192.168.0.251 # 192.168.0.252 192.168.0.31-192.168.0.50 192.168.0.46 192.168.0.55 192.168.0.56 192.168.0.57 192.168.0.62 192.168.0.63 192.168.0.65
# 192.168.0.68-192.168.0.82 192.168.0.85 192.168.0.87 192.168.0.88 192.168.0.94 192.168.0.95 192.168.0.96 192.168.0.97 192.168.0.98
# 192.168.0.99 192.168.0.90
#acl StudentsDHCP src 192.168.0.80-192.168.0.254/255.255.255.0
acl safe_port port 3128
acl safe_port port 80
acl STUDENTS src 192.168.1.1-192.168.1.254/255.255.255.0
acl EVERYONE src 192.168.0.1-192.168.0.254/255.255.255.0
acl FTP port 20
acl FTPout port 21
acl FTPport proto ftp
acl SMTPout port 25
acl POP3in port 110
acl snmp snmp_community public
#acl WorldClient myport 1000
#acl worldclient port 1000
no_cache deny QUERY
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access allow SSL_ports !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.0.0/24 192.168.2.0/24
#http_access allow our_networks
http_access allow localhost
# And finally deny all other access to this proxy
#http_access allow WorldClient
http_access allow BenAndJosephIPs
#http_access allow d2
#http_access deny complab1mac complab1mactime
#http_access allow complab2 complab2time
#http_access allow complab4time
#http_access allow cybercafe cybercafetime
http_access allow KEMUServers
#http_access allow worldclient
#http_access allow KEMUStaff
#http_access deny TEMPORARYACCESS
#http_access allow TEMPORARYACCESS
#http_access allow StudentsDHCP
#http_access allow TEMPORARYACCESS
http_access allow EVERYONE
http_access allow FTP
http_access allow FTPout
http_access allow FTPport
http_access allow SMTPout
http_access allow POP3in
http_access allow snmp
http_access deny all
#Recommended minimum configuration:
#
# Insert your own rules here.
#
#
# and finally allow by default
http_reply_access allow all
#Default:
# icp_access deny all
#
#Allow ICP queries from everyone
icp_access allow all
cache_mgr
bkariuki@kemu.ac.ke
# TAG: snmp_port
# Squid can now serve statistics and status information via SNMP.
# By default it listens to port 3401 on the machine. If you don't
# wish to use SNMP, set this to "0".
#
# Note: on Debian/Linux, the default is zero - you need to
# set it to 3401 to enable it.
#
#Default:
snmp_port 3401
# TAG: snmp_access
# Allowing or denying access to the SNMP port.
#
# All access to the agent is denied by default.
# usage:
#
# snmp_access allow|deny [!]aclname ...
#
#Example:
snmp_access allow snmpkemu localhost
snmp_access deny all
#
#Default:
# coredump_dir none
#
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid