Hi,
I´m running a squid proxy on a suse 8.1 box.
I have got some problems if I try to download files from websites like
http://website.de:8080
I got a connection error.
I have pasted port 8080 as safe in squid.conf and no other filter rules
should block the site.
Any hints ?
a) Firewallproblem:
/etc/sysconfig/SuSEfirewall
# 9.)
FW_SERVICES_INT_TCP="3128" # Squid normally runs on port 3128, change to
your setup!
or
/sbin/iptables -A INPUT -j ACCEPT -i eth1 -p tcp --dport 3128
# 12.)
FW_SERVICE_SQUID="yes"
# 15.) If you like transparent proxy ... (no setup on clients required)
FW_REDIRECT="0/0,192.168.0.0/24,tcp,80,3128" # change your network here
or
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j
REDIRECT --to-port 8080
b) Squidproblem:
There are many sites using different port for their webserver, e.g. with
apache tomcat (J2EE, sava-servlets, jsp) oder other webservers unsing non
standard http-port.
For accessing this servers you have to change the acls for your squid, so
port 8080 and others are accessible (and some other fixes following up):
/etc/squid/squid.conf
<file-start>
# Cache-ACL's
acl QUERY urlpath_regex cgi-bin \?
acl LOCALWEB url_regex ^http://127.0.0.1
acl UNILAN src 192.168.0.0-192.168.255.255 # <- put here your ip-range!
acl APACHE dstdomain .yourdomain.tdl # <- put here your domain-name, if you
have one
no_cache deny QUERY
no_cache deny LOCALWEB
no_cache deny UNILAN
always_direct allow APACHE
# Access-ACL's
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl SSL_ports port 443 563
acl Safe_ports port 21 80 280 448 591 777 443 563 70 210 1025-65535
acl CONNECT method CONNECT
acl localnet src 192.168.0.0-192.168.255.255 # <- put here your ip-range!
acl extern_eth0 src