LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Squid proxy(3.5) denying access to port on local network (https://www.linuxquestions.org/questions/linux-software-2/squid-proxy-3-5-denying-access-to-port-on-local-network-4175644563/)

anonaii 12-18-2018 11:43 PM

Squid proxy(3.5) denying access to port on local network
 
I'm trying to set up Squid proxy on my CentOS machine, but it won't allow access to the port I set it on, on Firefox it will just say "Proxy is refusing connections". I've tried multiple ports, but it won't allow access to any of them.
sudo netstat -peanut gives me this:
Code:

tcp        0      0 127.0.0.1:3128          0.0.0.0:*              LISTEN      0          55512      6861/(squid-1)     
udp        0      0 0.0.0.0:50232          0.0.0.0:*                          23        55509      6861/(squid-1)     
udp6      0      0 :::39479                :::*                                23        55508      6861/(squid-1)

But nmap -A gives me this:
Code:

PORT  STATE SERVICE VERSION
22/tcp open  ssh    OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey:
|  Censored
|_  Censored

So the port is open and listening, but not accepting traffic from LAN computers. I've tried to specify my computer's local IP, but that didn't work either

Here's my config file, It's just the default 3.5 config though:
https://pastebin.com/raw/qkvL76Rs

bathory 12-19-2018 02:01 AM

Quote:

Originally Posted by anonaii (Post 5938865)
I'm trying to set up Squid proxy on my CentOS machine, but it won't allow access to the port I set it on, on Firefox it will just say "Proxy is refusing connections". I've tried multiple ports, but it won't allow access to any of them.
sudo netstat -peanut gives me this:
Code:

tcp        0      0 127.0.0.1:3128          0.0.0.0:*              LISTEN      0          55512      6861/(squid-1)     
udp        0      0 0.0.0.0:50232          0.0.0.0:*                          23        55509      6861/(squid-1)     
udp6      0      0 :::39479                :::*                                23        55508      6861/(squid-1)

But nmap -A gives me this:
Code:

PORT  STATE SERVICE VERSION
22/tcp open  ssh    OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey:
|  Censored
|_  Censored

So the port is open and listening, but not accepting traffic from LAN computers. I've tried to specify my computer's local IP, but that didn't work either

Here's my config file, It's just the default 3.5 config though:
https://pastebin.com/raw/qkvL76Rs

Your config file looks correct, but from the netstat output it's obvious that squid listens only on the local loopback interface. That's why LAN computers cannot connect to it.
Perhaps you're using a different squid.conf.

If your box is systemd capable, you can run:
Code:

systemctl status squid
to see the config file used at runtime

Regards

anonaii 12-19-2018 02:52 AM

Apparently, I used the wrong netstat output, the correct one is
Code:

{~}::sudo netstat -peanut | grep squid
tcp6      0      0 :::3128                :::*                    LISTEN      0          35268      4582/(squid-1)     
udp        0      0 0.0.0.0:37639          0.0.0.0:*                          23        35263      4582/(squid-1)     
udp6      0      0 :::51355                :::*                                23        35262      4582/(squid-1)

And my systemctl output is
Code:

  Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
  Active: active (running) since Sun 2010-01-10 08:26:11 CST; 24min ago
  Process: 4541 ExecStop=/usr/sbin/squid -k shutdown -f $SQUID_CONF (code=exited, status=1/FAILURE)
  Process: 4579 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
  Process: 4572 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
 Main PID: 4580 (squid)
  CGroup: /system.slice/squid.service
          ├─4580 /usr/sbin/squid -f /etc/squid/squid.conf
          ├─4582 (squid-1) -f /etc/squid/squid.conf
          ├─4583 (logfile-daemon) /var/log/squid/access.log
          └─4584 (unlinkd)

Jan 10 08:26:11 CentOS systemd[1]: Starting Squid caching proxy...
Jan 10 08:26:11 CentOS squid[4580]: Squid Parent: will start 1 kids
Jan 10 08:26:11 CentOS squid[4580]: Squid Parent: (squid-1) process 4582 started
Jan 10 08:26:11 CentOS systemd[1]: Started Squid caching proxy.

So it's using the right config, but it still seems like I can't access the port

bathory 12-19-2018 03:35 AM

Quote:

So it's using the right config, but it still seems like I can't access the port
Then it should be a firewall blocking connections to port 3128.

anonaii 12-19-2018 03:39 AM

Quote:

Originally Posted by bathory (Post 5938911)
Then it should be a firewall blocking connections to port 3128.

I don't have a firewall on either computers, the CentOS machine is a minimal install, and the port is inaccessible from both my laptop, and my Raspberry Pi.

anonaii 12-19-2018 03:51 AM

I'm an idiot, firewalld was installed and running


All times are GMT -5. The time now is 12:14 PM.