[squid-users] dansguardian, squid, shorewall
I am having a problem with getting this combination to work properly. Yes, I have searched the docs, faq and the web for an answer. The only solutions I can find are for much older versions and do not work with the current versions. I am running squid 3.0STABLE1, shorewall 3.4.5 and dansguardian 2.8.0.6 on my firewall machine. shorewall is configured to redirect through dansguardian as a transparent proxy: REDIRECT loc 8080tcp http ACCEPT loc fw tcp 8080 Watching the logs, requests to dansguardian look fine, but the requests showing in the squid log are missing the domain portion of the request. The really strange part is that if the request comes to dansguardian from the localhost (127.0.0.1) directly on port 8080 everything works fine and the request in the squid log has the domain part of the request, but if the request comes from a machine on the local net, the squid log shows that the domain portion of the request is missing. If I change the shorewall rules do only redirect through squid, everything works fine, I just don't get any content filtering. Please help, I have been tearing my hair out on this now for two days. --Richard
Re: [squid-users] dansguardian, squid, shorewall
Have you configured the http_port with 'transparent' ? Is it linux based? Did you compile --enable-linux-netfilter? Adrian On Sat, Jan 05, 2008, Richard Pyne wrote: > I am having a problem with getting this combination to work properly. Yes, > I have searched the docs, faq and the web for an answer. The only > solutions I can find are for much older versions and do not work with the > current versions. > > I am running squid 3.0STABLE1, shorewall 3.4.5 and dansguardian 2.8.0.6 on > my firewall machine. > > shorewall is configured to redirect through dansguardian as a transparent > proxy: > > REDIRECT loc 8080tcp http > ACCEPT loc fw tcp 8080 > > Watching the logs, requests to dansguardian look fine, but the requests > showing in the squid log are missing the domain portion of the request. > > The really strange part is that if the request comes to dansguardian from > the localhost (127.0.0.1) directly on port 8080 everything works fine and > the request in the squid log has the domain part of the request, but if > the request comes from a machine on the local net, the squid log shows > that the domain portion of the request is missing. > > If I change the shorewall rules do only redirect through squid, everything > works fine, I just don't get any content filtering. > > Please help, I have been tearing my hair out on this now for two days. > > --Richard -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Re: [squid-users] Problem with Squid-3.0.STABLE1 and ICAP
Hi Christos, Thanks for your reply. I am posting the squid-icap server conversation and also the debug messages here. Christos Tsantilas wrote: Hi Selvi, selvi wrote: Hello All, I am in the process of integrating squid-3.0.STABLE1 with Python based ICAP Server. Here, i am not able to get the response modification. Is it a custom ICAP server? I am using the Python based ICAP Server. ICAP related configurations given are: icap_enable on icap_send_client_ip on icap_service content respmod_precache 0 icap://:1344/respmod icap_class class_1 content icap_access class_1 allow all I am not seeing any error messages in the ICAP Server side. Squid also behaves normally except the following message in cache.log "essential ICAP service is invalidated by reconfigure: icap://:1344/respmod [down,gone,!opt]". But when i perform some web access through ICAP enabled squid proxy, empty page is displayed (the browser displays nothing). This message means that the squid tried to send an options request to the ICAP server and the ICAP server answer was not correct (or just did not like to the squid) I am suggesting to enable debug for ICAP client in squid3: debug_options 93,9 0,9 And search in debug messages to see what they say about. You can also post the debug messages here. Also grabbing the conversation between squid and ICAP server using wireshark or similar tool will be helpful... Regards, Christos A snapshot of the conversation between squid and ICAP server is given below (using tcpdump). 11:04:02.978996 IP squid225.kovaiteam.com.60111 > squid225.kovaiteam.com.1344: S 2637131307:2637131307(0) win 32767 16396,sackOK,timestamp 1238745316 0,nop,wscale 8> E..<[EMAIL PROTECTED]@.0 [EMAIL PROTECTED]/[EMAIL PROTECTED] I... 11:04:02.979009 IP squid225.kovaiteam.com.1344 > squid225.kovaiteam.com.60111: S 2632376145:2632376145(0) ack 2637131308 win 32767 E..<[EMAIL PROTECTED]@[EMAIL PROTECTED]/n,[EMAIL PROTECTED] I...I... 11:04:02.979020 IP squid225.kovaiteam.com.60111 > squid225.kovaiteam.com.1344: . ack 1 win 128 1238745316 1238745316> [EMAIL PROTECTED]@[EMAIL PROTECTED]/n,...R.A. I...I... 11:04:02.981160 IP squid225.kovaiteam.com.60111 > squid225.kovaiteam.com.1344: P 1:752(751) ack 1 win 128 [EMAIL PROTECTED]@[EMAIL PROTECTED]/n,...R^.. I...I...RESPMOD icap://172.16.1.225:1344/respmod ICAP/1.0 Host: 172.16.1.225:1344 Date: Fri, 04 Jan 2008 05:34:02 GMT Encapsulated: req-hdr=0, res-hdr=277, res-body=546 Allow: 204 X-Client-IP: 172.16.1.34 GET http://172.16.1.225:8088/gui/test.html HTTP/1.0 Accept: */* Accept-Language: en-us Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Host: 172.16.1.225:8088 Proxy-Connection: Keep-Alive Authorization: Basic dmljYWNoZTp2aWNhY2hl HTTP/1.1 200 OK Date: Fri, 04 Jan 2008 05:34:02 GMT Server: Apache/2.0.52 (Red Hat) Last-Modified: Fri, 04 Jan 2008 05:25:31 GMT ETag: "64cce8-1d-442debd2f28c0" Accept-Ranges: bytes Content-Length: 29 Connection: close Content-Type: text/html; charset=UTF-8 11:04:02.981170 IP squid225.kovaiteam.com.1344 > squid225.kovaiteam.com.60111: . ack 752 win 128 1238745318 1238745318> [EMAIL PROTECTED]@[EMAIL PROTECTED]/q..N. I...I... 11:04:02.982351 IP squid225.kovaiteam.com.60111 > squid225.kovaiteam.com.1344: P 752:792(40) ack 1 win 128 [EMAIL PROTECTED]@./[EMAIL PROTECTED]/qR\1. I...I...1d Hello Selvi 0 11:04:02.982360 IP squid225.kovaiteam.com.1344 > squid225.kovaiteam.com.60111: . ack 792 win 128 1238745319 1238745319> [EMAIL PROTECTED]@..)[EMAIL PROTECTED]/qC.$. I...I... 11:04:02.987875 IP squid225.kovaiteam.com.1344 > squid225.kovaiteam.com.60111: P 1:429(428) ack 792 win 128 [EMAIL PROTECTED]@[EMAIL PROTECTED]/qC].. I...I...ICAP/1.0 200 OK Date: Fri, 04 Jan 2008 05:34:02 GMT Encapsulated: res-hdr=0 res-body=269 Server: ICAP-Server-Software/1.0 HTTP/1.0 200 OK Content-Length: 29 Accept-Ranges: bytes Server: Apache/2.0.52 (Red Hat) Last-Modified: Fri, 04 Jan 2008 05:25:31 GMT Connection: close ETag: "64cce8-1d-442debd2f28c0" Date: Fri, 04 Jan 2008 05:34:02 GMT Content-Type: text/html; charset=UTF-8 Hello Selvi 11:04:02.987889 IP squid225.kovaiteam.com.60111 > squid225.kovaiteam.com.1344: . ack 429 win 128 1238745325 1238745325> [EMAIL PROTECTED]@.0 [EMAIL PROTECTED]/qC.l. I...I... 11:04:02.988074 IP squid225.kovaiteam.com.1344 > squid225.kovaiteam.com.60111: F 429:429(0) ack 792 win 128 [EMAIL PROTECTED]@[EMAIL PROTECTED]/qC.k. I...I... 11:04:02.993135 IP squid225.kovaiteam.com.60111 > squid225.kovaiteam.com.1344: F 792:792(0) ack 430 win 128 [EMAIL PROTECTED]@[EMAIL PROTECTED]/qC.e. I...I... 11:04:02.993148 IP squid225.kovaiteam.com.1344 > squid225.kovaiteam.com.60111: . ack 793 win 128 1238745330 1238745330> [EMAIL PROTECTED]@[EMAIL PROTECTED]/qD.`. I...I... Debug Messages determined using ' d
[squid-users] squid proxy - FTP authentication failure
Hi , i am having problem when i connect to FTP site through squid, the error message as follows : An FTP authentication failure Squid sent the following FTP command : PASS and then received this reply Login incorrect. Unable to set anonymous privileges. I am using IE / ws_ftp to open the FTP through Proxy, but there are no prompt for me to input user name and password. However, if i tried to connect anonymous FTP site , it success. I have surf around the web for nearly 2 days , i found similar problem from others' users but i can't get anysolution. Pls. help. thx.
[squid-users] coss vs aufs vs diskd
Hi all, I am trying to deploy a cache server in a environment for kids (approx 2000). Currently my cache (squid-2.6-stable17) is configured to use diskd, but since it's in a test environment I did not reach the limit where I read under high load it will crash. Coss since it's experimental, yet some users have given it good remarks as far as performance and stability. So should I stick with diskd or switch to coss? Thanks BSD Networking, Microsoft Notworking
Re: [squid-users] Problem with Squid-3.0.STABLE1 and ICAP
Hi Selvi, selvi wrote: > > I am using the Python based ICAP Server. Is the icap-server from the following location? http://sourceforge.net/projects/icap-server/ I try to use it some months ago with squid3 but I had problems too. >From the debug messages I am seeing that at least one response from the ICAP server is wrong. The Encapsulated Header at the ICAP server response has wrong syntax, must be: Encapsulated: res-hdr=0, res-body=269 > > 2008/01/05 15:19:41.425| ICAPModXact remains final [FD 14;RrB/w icapx1] > 2008/01/05 15:19:41.425| ICAP/ICAPModXact.cc(574) have 428 bytes to > parse [FD 14;RrB/w icapx1] > 2008/01/05 15:19:41.425| ICAP/ICAPModXact.cc(575) > ICAP/1.0 200 OK^M > Date: Sat, 05 Jan 2008 09:49:41 GMT^M > Encapsulated: res-hdr=0 res-body=269^M Here missing a "," ^ > Server: ICAP-Server-Software/1.0^M > ^M > HTTP/1.0 200 OK^M > Content-Length: 29^M > Accept-Ranges: bytes^M > Server: Apache/2.0.52 (Red Hat)^M > Last-Modified: Sat, 05 Jan 2008 07:22:49 GMT^M > Connection: close^M > ETag: "64cce7-1d-442f47e85e440"^M > Connection: close^M > ETag: "64cce7-1d-442f47e85e440"^M > Date: Sat, 05 Jan 2008 09:49:41 GMT^M > Content-Type: text/html; charset=UTF-8^M > ^M > > Hello Selvi > > > > ^M > > 2008/01/05 15:19:41.426| ICAP/ICAPModXact.cc(653) parse ICAP headers > 2008/01/05 15:19:41.426| ICAP/ICAPModXact.cc(882) have 428 head bytes to >
Re: [squid-users] dansguardian, squid, shorewall
Yes, yes and yes. Linux neowall 2.6.23.12 #1 SMP PREEMPT Wed Jan 2 20:09:47 MST 2008 i686 pentium4 i386 GNU/Linux It is running on a P4 3G cpu with 2 Gig of RAM squid was configured with: --sysconfdir=/etc/squid \ --localstatedir=/var/cache/squid \ --enable-async-io \ --enable-snmp \ --enable-gnuregex \ --enable-linux-netfilter here is my squid.conf: http_port 127.0.0.1:3128 transparent visible_hostname neowall.neoharbor.com hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache access_log /var/cache/squid/logs/access.log squid refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 192.168.0.0/16 10.1.0.0/16 127.0.0.1 http_access allow our_networks http_access allow localhost http_reply_access allow all icp_access allow all forwarded_for off coredump_dir /var/cache/squid and my dansquadian.conf: reportinglevel = 3 languagedir = '/etc/dansguardian/languages' language = 'ukenglish' loglevel = 3 logexceptionhits = on logfileformat = 1 filterip = filterport = 8080 proxyip = 127.0.0.1 proxyport = 3128 accessdeniedaddress = 'http://neowall.neoharbor.com/cgi- bin/dansguardian.pl' nonstandarddelimiter = on usecustombannedimage = 1 custombannedimagefile = '/etc/dansguardian/transparent1x1.gif' filtergroups = 1 filtergroupslist = '/etc/dansguardian/filtergroupslist' bannediplist = '/etc/dansguardian/bannediplist' exceptioniplist = '/etc/dansguardian/exceptioniplist' banneduserlist = '/etc/dansguardian/banneduserlist' exceptionuserlist = '/etc/dansguardian/exceptionuserlist' showweightedfound = on weightedphrasemode = 2 urlcachenumber = 1000 urlcacheage = 900 phrasefiltermode = 2 preservecase = 0 hexdecodecontent = 0 forcequicksearch = 0 reverseaddresslookups = off reverseclientiplookups = off createlistcachefiles = on maxuploadsize = -1 maxcontentfiltersize = 256 usernameidmethodproxyauth = on usernameidmethodntlm = off # **NOT IMPLEMENTED** usernameidmethodident = off preemptivebanning = on forwardedfor = on usexforwardedfor = off logconnectionhandlingerrors = on maxchildren = 120 minchildren = 8 minsparechildren = 4 preforkchildren = 6 maxsparechildren = 32 maxagechildren = 500 ipcfilename = '/tmp/.dguardianipc' urlipcfilename = '/tmp/.dguardianurlipc' nodaemon = off nologger = off softrestart = off Thank you for your reply. --Richard On 5 Jan 2008 at 19:17, Adrian Chadd wrote: > Have you configured the http_port with 'transparent' ? > > Is it linux based? Did you compile --enable-linux-netfilter? > > > > Adrian > > > On Sat, Jan 05, 2008, Richard Pyne wrote: > > I am having a problem with getting this combination to work properly. Yes, > > I have searched the docs, faq and the web for an answer. The only > > solutions I can find are for much older versions and do not work with the > > current versions. > > > > I am running squid 3.0STABLE1, shorewall 3.4.5 and dansguardian 2.8.0.6 on > > my firewall machine. > > > > shorewall is configured to redirect through dansguardian as a transparent > > proxy: > > > > REDIRECT loc 8080tcp http > > ACCEPT loc fw tcp 8080 > > > > Watching the logs, requests to dansguardian look fine, but the requests > > showing in the squid log are missing the domain portion of the request. > > > > The really strange part is that if the request comes to dansguardian from > > the localhost (127.0.0.1) directly on port 8080 everything works fine and > > the request in the squid log has the domain part of the request, but if > > the request comes from a machine on the local net, the squid log shows > > that the domain portion of the request is missing. > > > > If I change the shorewall rules do only redirect through squid, everything > > works fine, I just don't get any content filtering. > > > > Please help, I have been tearing my hair out on this now for two days. > > > > --Richard > > -- > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commerc
[squid-users] Modify squid.conf on a SUSE 9.3 Box
I am having an access problem making modifications to the SQUID.CONF file in the ETC/SQUID Folder. I have granted myself full access on a SUSE 9.3 box. I really want to get Squid up and running is there somthing that I am missing? Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: [squid-users] Transparent IPFW bypass for one host
Hello, please, if you are writing a new post, send it as new mail and not as reply/followup on old mail. It makes people with threading clients angry and they can also in such case miss your e-mail. Thank you. On 04.01.08 13:46, jeff donovan wrote: > Message-Id: <[EMAIL PROTECTED]> > From: jeff donovan <[EMAIL PROTECTED]> > To: squid > In-Reply-To: <[EMAIL PROTECTED]> > Date: Fri, 4 Jan 2008 13:46:57 -0500 > References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > Subject: [squid-users] Transparent IPFW bypass for one host > greetings > > I'm having a syntax brain fart. > I have a transparent proxy and i need one host to bypass the redirect > to squid. > > what is the correct syntax for IPFW ?? especially when this is a squid mailing list and you're asking FreeBSD related question > here is what i have. > > ipfw add 2 fwd 127.0.0.1,3128 tcp from any to any in recv en1 > > > i need to add a rule that allows host 192.168.1.1 not to have port 80 > traffic redirected to squid ? > > TIA > -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK]
Re: [squid-users] How to fix skype sound problem over squid ?
On 04.01.08 16:13, Cihad BOYNUKALIN wrote: > Subject: [squid-users] How to fix skype sound problem over squid ? > To: squid-users@squid-cache.org > > While I am tring to make a skype conversation through a squid installed > server, the sound cuts many time and the voice reaches with a lateness all > the time. When I try thesame action through a direct internet connection > over a modem without a squid installed server, the sound comes great. I thing you should be warned that this is misuse of proxy features and not guaranteed to work. > On the other hand I am completely not able to connect a conversation under > the LIVE tab. Its always gives the error "Call failed". (Through squid > again) In addition to this when I would like to make a skype call it takes > too much time to start ringing. check squid's cache log what is says. Did you configure skype to use proxy, didn't you? > And my iptables settings are as below: that has nothing to do with iptables, unless you are trying to intercept protocols other than HTTP, which usually won't work with proxy. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "One World. One Web. One Program." - Microsoft promotional advertisement "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
Re: Fwd: [squid-users] Squid, SNMP and MRTG
Indunil Jayasooriya wrote: HERE'S MY squid.conf acl mynet src 192.1.54.0/24 192.168.9.0/24 http_access allow mynet snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic localhost snmp_access deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 0.0.0.0 What am I missing? HOPE to hear from you. Check your squid log, are you getting access denied errors to the cache-manager? I had the exact same problem that you are mentioning and once I allowed access to the cache-manager I started showing traffic on my graphs. these are my squid logs. pls see below. this is the out put of tail -f /var/log/squid/access.log no access denied errors to be found. Have you checked to make sure that your cron job is running successfully? One thing I found is that the command has to be run from the same directory that the squid-rrd files are in. Otherwise it complains about not finding the files. I set up a cron job that called a .sh script which first cd's into the /usr/local/www/squid-rrd directory and then runs the command to generate the data. Kind regards, Elvar [EMAIL PROTECTED] ~]# tail -f /var/log/squid/access.log 1199438808.276 50 192.1.54.62 TCP_REFRESH_MISS/200 13247 GET http://192.1.54.62/squid/objects.day.png - DIRECT/192.1.54.62 image/png 1199438808.276 61 192.1.54.62 TCP_REFRESH_MISS/200 12579 GET http://192.1.54.62/squid/connections.day.png - DIRECT/192.1.54.62 image/png 1199438808.291 25 192.1.54.62 TCP_REFRESH_MISS/200 12443 GET http://192.1.54.62/squid/hitratio.day.png - DIRECT/192.1.54.62 image/png 1199438808.299 22 192.1.54.62 TCP_REFRESH_MISS/200 12264 GET http://192.1.54.62/squid/cpu.day.png - DIRECT/192.1.54.62 image/png 1199438808.319 28 192.1.54.62 TCP_REFRESH_MISS/200 12983 GET http://192.1.54.62/squid/diskd.day.png - DIRECT/192.1.54.62 image/png 1199438808.321 44 192.1.54.62 TCP_REFRESH_MISS/200 12489 GET http://192.1.54.62/squid/pagefaults.day.png - DIRECT/192.1.54.62 image/png 1199438808.330 10 192.1.54.62 TCP_REFRESH_MISS/200 13770 GET http://192.1.54.62/squid/select.day.png - DIRECT/192.1.54.62 image/png 1199438808.330 31 192.1.54.62 TCP_REFRESH_MISS/200 13757 GET http://192.1.54.62/squid/memory.day.png - DIRECT/192.1.54.62 image/png 1199438808.987 7738 192.1.54.62 TCP_MISS/200 1176 POST http://mail.google.com/mail/? - DIRECT/209.85.201.83 text/javascript 1199438810.352 1365 192.1.54.62 TCP_MISS/200 10918 POST http://mail.google.com/mail/? - DIRECT/209.85.201.18 text/javascript 1199438835.157 1175 192.1.54.62 TCP_MISS/200 301 POST http://mail.google.com/mail/channel/bind? - DIRECT/209.85.201.17 text/html 1199438838.910 3753 192.1.54.62 TCP_MISS/200 301 POST http://mail.google.com/mail/channel/bind? - DIRECT/209.85.201.83 text/html 1199438841.822 6605 192.1.54.62 TCP_MISS/204 212 GET http://www.google.lk/url? - DIRECT/64.233.189.104 text/html 1199438842.268 6697 192.1.54.62 TCP_MISS/200 5539 GET http://www.mail-archive.com/squid-users@squid-cache.org/maillist.html - DIRECT/72.52.77.3 text/html 1199438842.766821 192.1.54.62 TCP_MISS/200 5385 GET http://www.mail-archive.com/images/cron-no-logo.gif - DIRECT/72.52.77.3 image/gif 1199438842.795711 192.1.54.62 TCP_MISS/200 534 GET http://www.mail-archive.com/images/cron-top2.gif - DIRECT/72.52.77.3 image/gif 1199438842.801711 192.1.54.62 TCP_MISS/200 1542 GET http://www.mail-archive.com/images/cron-left.jpg - DIRECT/72.52.77.3 image/jpeg This is the OUTPUT of tail -f /var/log/squid/cache.log there Something is going on. [EMAIL PROTECTED] ~]# tail -f /var/log/squid/cache.log 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting '5min' 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting 'diskd' 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting 'store_io' 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting 'storedir' 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting 'info' 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting 'counters' 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting '5min' 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting 'diskd' 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting 'store_io' 2008/01/04 14:55:01| CACHEMGR: @127.0.0.1 requesting 'storedir' it syas unknown. is it related to the below rule of squid.conf where I have given public. acl snmppublic snmp_community public These rules are availbles in squid.conf file. # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager Where have I gone wrong? Hope to hear from you.
Re: [squid-users] squid proxy - FTP authentication failure
On lör, 2008-01-05 at 22:06 +0800, dominic chiu wrote: > I am using IE / ws_ftp to open the FTP through Proxy, but there are no > prompt for me to input user name and password. The ftp:// syntax for non-anonymous FTP is ftp://user:[EMAIL PROTECTED]/path/to/file A client not understaning this form is broken and you should file a bug report with the vendor of such client.. Depending on the client you may also use ftp://[EMAIL PROTECTED]/path/to/file and Squid will then issue a HTTP challenge for the password. But not all clients understands this. Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] squid banner zapping and antivirus filtering
Hello, I'm setting up a box for a friend, a FreeBSD machine that does firewall and nat for his local lan. I've added squid as a transparent proxy so i can also add in adzapping and antivirus and later if the situation calls for it content filtering with dansguardian. I'm using squid 2.6.17 i believe the version is and this time it's not working. I'm wondering if one of my squid parameters is wrong, should a redirector be called with redirect_program or url_rewrite_program? I'm using adzap's zapchain as the squid redirector and running suqidguard, bannerfilter chained off of it, i tried to run squidclam for av but that program kept core dumping. For such a setup would raising the number of redirector processes from 5 to 10 be advisable? I don't want to go out of memory with this setup. If anyone is doing this with other programs i'd like to hear experiences as well. Thanks. Dave.
Re: [squid-users] squid banner zapping and antivirus filtering
Hi Dave, Dave wrote: Hello, I'm setting up a box for a friend, a FreeBSD machine that does firewall and nat for his local lan. I've added squid as a transparent proxy so i can also add in adzapping and antivirus and later if the situation calls for it content filtering with dansguardian. I'm using squid 2.6.17 i believe the version is and this time it's not working. Squid-2.6.17 will work. It's your configuration which seems to be not working. I'm wondering if one of my squid parameters is wrong, should a redirector be called with redirect_program or url_rewrite_program? Can you post your relevant parts of your squid.conf? I'm using adzap's zapchain as the squid redirector and running suqidguard, bannerfilter chained off of it, i tried to run squidclam for av but that program kept core dumping. For such a setup would raising the number of redirector processes from 5 to 10 be advisable? I don't want to go out of memory with this setup. If anyone is doing this with other programs i'd like to hear experiences as well. Thanks. What's your hardware setup? Probably the best setup will be: Client --> Dansguardian --> Squid Thanking you... Dave. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] How to fix skype sound problem over squid ?
Why to pass skype traffic via squid?? Is there any advantage in doing so? On 1/6/08, Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: > On 04.01.08 16:13, Cihad BOYNUKALIN wrote: > > Subject: [squid-users] How to fix skype sound problem over squid ? > > To: squid-users@squid-cache.org > > > > While I am tring to make a skype conversation through a squid installed > > server, the sound cuts many time and the voice reaches with a lateness all > > the time. When I try thesame action through a direct internet connection > > over a modem without a squid installed server, the sound comes great. > > I thing you should be warned that this is misuse of proxy features and not > guaranteed to work. > > > On the other hand I am completely not able to connect a conversation under > > the LIVE tab. Its always gives the error "Call failed". (Through squid > > again) In addition to this when I would like to make a skype call it takes > > too much time to start ringing. > > check squid's cache log what is says. Did you configure skype to use proxy, > didn't you? > > > And my iptables settings are as below: > > that has nothing to do with iptables, unless you are trying to intercept > protocols other than HTTP, which usually won't work with proxy. > > -- > Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > "One World. One Web. One Program." - Microsoft promotional advertisement > "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler >
