How Squid is connecting
 

Hi,
Thanks to everyone who have helped me get this far. You know who u are.
Still trying to iron out issues before sharing the joy with my boss.(smile)

I setup client browser to access internet via Squid server port 3128.
I was able to access internet but not sure if server request is going thru firewall or directly to router.
The access.log indicates a MISS by the server, but I'm thinking it's referring to a cache MISS.
Not really concerned about caching sites, would prefer not actually.
Concerned more about allowing specfic sites and blocking all others.
I guess I have two questions.

1. How do I verfiy that the requests are going via squid-firewall-router?

2. How do I setup squid.conf to allow a certain list of sites?
I believe I can use the dstdomain command, but is there a limit to how many sites you can enter per line?

Thanks in advance for any insight on this matter.

jonette20

See if this link helps: http://linux-faqs.com/Forum/viewtopic.php?t=28
I think these are the relevant parts for access-control to sites (add them in your squid.conf):You'll need to fine tune it of course, I've not even touched my squid.conf at all until now.

traceroute should be able to show you this as long as you're not blocking ICMP traffic in your internal network.

For clarification, is your setup like the following example?

client-->squid-->firewall-->router

Or do you have the router and firewall switched around? I'm assuming it's as my "diagram" shows. If that's the case, depending on how your firewall is setup, you may or may not receive the 'TTL expired in transit' messages after the firewall. Most people setup firewalls to block requests incoming (or replies outgoing), but allow any informational ICMP types like, for example, an echo reply (type 0) or a time exceeded (type 11) to enter your network. In that way, you can ping an external source (www.google.com, for example) to verify connectivity while simultaneously blocking unsolicited ICMP traffic that attempts to enumerate your network.

Anyway, even if you're blocking any incoming ICMP at the firewall, there's a good chance your firewall will respond to your traceroute, and if you got that far, you got past the squid (meaning any website data you received *had* to come from outside).

Does this solve your problem?

-TDS-

Hi,

My setup is like u said client-squid-firewall-router.
When I do a traceroute for google.com from the Squid system, it comes back with the ip of the router.
Should it show the firewalls ip, if ICMP is in place?
Should it timeout?

Thanks
jonette20

Can you post your traceroute output? If you can (and do), please also post the IPs you see for each device (example: client is 192.168.1.101, squid is 192.168.1.50, fw is 192.168.1.230, router is 192.168.1.1, or whatever they actually are from your side. If you're using publicly routable IPs, feel free to change the output before you post, but just keep the IPs consistent.

-TDS-

Hi again,

I was able to confirm that I am going thru the firewall to connect to internet on Squid system.
I believe my system is working correctly now.
Have question about keyword dstdomain? It is allowing me to enter sites that I want to allow, also denying all others. That is a good thing.
However, I need to know if there are any limitations on the amount of sites listed in this way.
Also, what is the difference between using dstdomain and url_regx for allowing specific sites?

Thanks in advance
jonette20