[squid-users] tunnel state data
Hello everyone In one of my clients squid frozen. Looking at cache.log I saw the last line w/ an error message: Tunnel State Data Connection error FD 265 read/write= failure (32) Broken pipe It is not the first time that it happens, but this time I could see this message before restarting squid. It is a bug or a normal message indicating a sporadic error?? Using:3.1.6-1.2+squeeze2 + debian squeeze + kernel 2.6.32-5-amd64 best regards
[squid-users] Authentication with active directory (Windows Server 2008).
Hello, I would like an opinion of you, I'm implentando squid in the company where I work and would like to integrate with our active directory (windows server 2008 R2) in the same way that the ntlm but the same was giving a little problem because the user accounts were being blocked. Sorry I'm a translation using Google Translate. -- Atenciosamente, João Paulo Ferreira Computer Science Student + 55 (71) 9297 - 1260 + 55 (71) 8837 - 7080 j...@joaoferreira.eti.br "Nunca diga para Deus que você tem um grande problema, diga sim, para o seu problema que você tem um grande Deus."
[squid-users] Autenticação com active directory (Windows Server 2008).
Olá, Gostaria de uma opinião de vocês, estou implentando o squid na empresa onde trabalho e gostaria de integrar com o nosso active directory (windows server 2008 R2) da mesma forma que o ntlm porém o mesmo estava dando um probleminha, pois as contas de usuários estavam sendo bloqueadas. Desculpe a tradução estou utilizando o Google Translate. -- Atenciosamente, João Paulo Ferreira Computer Science Student + 55 (71) 9297 - 1260 + 55 (71) 8837 - 7080 j...@joaoferreira.eti.br "Nunca diga para Deus que você tem um grande problema, diga sim, para o seu problema que você tem um grande Deus."
[squid-users] Help-me please
Gentlemen, I'm here again asking for your help, I currently have a 02 doing balancing proxy servers with RR with heart ... But I have been facing a big problem with respect to the account of my users, they are being blocked automatically by Active Directory, probably due to high attempts handshake protocol used in ntlm. [Proxy] Squid 2.6 CentOS 5.7 [PDC] Windows Server 2008 R2 Active Directory Who had the solution was happy. -- Atenciosamente, João Paulo Ferreira Computer Science Student + 55 (71) 9297 - 1260 jferreira...@gmail.com "Nunca diga para Deus que você tem um grande problema, diga sim, para o seu problema que você tem um grande Deus."
[squid-users] Help-me
Hello, I'm trying to configure squid 3.1.19 on CentOS 6.0 authenticating with Active Directory, the helper is the authentication NEGOTIATE with KERBERO. infrastructure Squid: 03/01/19 Operating System: Windows Server 2008 R2 and CentOS 6.0 Other software: Winbind and Kerberos. Problem: Every time the user will access the network in the cache.log segunte the message: "authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token'" Does anyone know a possible solution? thank you
Re: [squid-users] Help-me recompile squid
Is there any way to know what parameters were used by the YUM installation? 2012/2/11 Andrew Beverley : > On Sat, 2012-02-11 at 11:36 -0200, João Paulo Ferreira wrote: >> Does anyone know how do I recompile my squid that was installing the >> tool using yum (centos)? > > I've never used yum, but you should be able to recompile by downloading > the packaged sources. The following page will probably help: > > http://wiki.centos.org/HowTos/RebuildSRPM > > Andy > > -- Atenciosamente, João Paulo Ferreira Computer Science Student + 55 (71) 9297 - 1260 jferreira...@gmail.com "Nunca diga para Deus que você tem um grande problema, diga sim, para o seu problema que você tem um grande Deus."
[squid-users] Help-me recompile squid
Hello, Does anyone know how do I recompile my squid that was installing the tool using yum (centos)? I need to change the parameter: - with-filedescriptors = 16384 to 10. thank you -- Atenciosamente, João Paulo Ferreira Computer Science Student + 55 (71) 9297 - 1260 jferreira...@gmail.com "Nunca diga para Deus que você tem um grande problema, diga sim, para o seu problema que você tem um grande Deus."
Re: [squid-users] WARNING: file cache.log squid
Is there any way to solve? On Mon, Feb 6, 2012 at 5:51 PM, Sebastian Muniz wrote: > Weird... > register exists: > seba@sin:~$ dig cs.websl.blackberry.com > ;; QUESTION SECTION: > ;cs.websl.blackberry.com. IN A > > ;; ANSWER SECTION: > cs.websl.blackberry.com. 426 IN CNAME cs.websl.dyn.blackberry.net. > cs.websl.dyn.blackberry.net. 30 IN A 206.53.146.25 > > Maybe CNAME is confusing squid? > Regards > Sebastian > > > > On 2/6/2012 4:42 PM, João Paulo Ferreira wrote: >> >> Hello, >> >> Today I noticed something strange in my squid log file: / var / log / >> squid / cache.log >> >> 06/02/2012 17:33:19 | ipcacheParse: No Address records in response to >> 'cs.websl.blackberry.com' >> >> Fished in the network and found that my squid can not resolve name for >> the address. This is a problem? >> >> > -- Atenciosamente, João Paulo Ferreira Computer Science Student + 55 (71) 9297 - 1260 jferreira...@gmail.com "Nunca diga para Deus que você tem um grande problema, diga sim, para o seu problema que você tem um grande Deus."
[squid-users] WARNING: file cache.log squid
Hello, Today I noticed something strange in my squid log file: / var / log / squid / cache.log 06/02/2012 17:33:19 | ipcacheParse: No Address records in response to 'cs.websl.blackberry.com' Fished in the network and found that my squid can not resolve name for the address. This is a problem? -- Atenciosamente, João Paulo Ferreira Computer Science Student + 55 (71) 9297 - 1260 jferreira...@gmail.com "Nunca diga para Deus que você tem um grande problema, diga sim, para o seu problema que você tem um grande Deus."
Re: [squid-users] Problem in squid 3.1.4
Hello Amos, Thanks. [squid.conf] auth_param ntlm program /usr/bin/ntlm_auth SUCOM_NET/MUSSURUNGA --helper-protocol=3Dsquid-2.5-ntlmssp auth_param ntlm children 20 # Quantidade de processos ntlm abertos #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm use_ntlm_negotiate off #auth_param ntlm max_challenge_lifetime 5 minutes auth_param basic program /usr/bin/ntlm_auth SUCOM_NET/MUSSURUNGA --helper-protocol=3Dsquid-2.5-basic auth_param basic children 5 auth_param basic realm Proxy SUCOM_NET auth_param basic credentialsttl 2 hours I did not understand what should be done, please explain if you can get very grateful! On Wed, Jan 25, 2012 at 12:18 AM, Amos Jeffries wrote: > > On 25.01.2012 13:24, João Paulo Ferreira wrote: >> >> Hello >> >> Sorry my English is not the same as good. >> >> I have installed in my company with Squid 3.1.4 (Winbind, Samba, Kerberos), >> but I have noticed the following message in the file caches.log >> * >> got NTLMSSP command 3, expected 1* >> > > This is a message NTLM helpers often produce when trying to handle Kerberos > packets. > > Without seeing the squid.conf auth_param settings you used it is hard to be > sure. > But I think you used Samba ntlm_auth and forgot the SPNEGO parameter to > change it from NTLM to Negotiate auth protocol. > ntlm_auth --helper-format=gss-spnego > > http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html > > If that does not work use the squid_kerb_auth helper to perform > Negotiate/Kerberos. > > > PS. please also update to a more recent squid. 3.1.16 or later work a lot > better with NTLM. > > Amos -- Atenciosamente, João Paulo Ferreira Computer Science Student + 55 (71) 9297 - 1260 jferreira...@gmail.com "Nunca diga para Deus que você tem um grande problema, diga sim, para o seu problema que você tem um grande Deus."
[squid-users] Problem in squid 3.1.4
Hello Sorry my English is not the same as good. I have installed in my company with Squid 3.1.4 (Winbind, Samba, Kerberos), but I have noticed the following message in the file caches.log * got NTLMSSP command 3, expected 1* I searched the community and informed them that the problem is the type of authentication that clients are sending. But I found the solution. I really need your help. -- Atenciosamente, João Paulo Ferreira Computer Science Student + 55 (71) 9297 - 1260 jferreira...@gmail.com "Nunca diga para Deus que você tem um grande problema, diga sim, para o seu problema que você tem um grande Deus."
[squid-users] How can i remove an entry from the current cache using squid client?
I've installed squid and cached 2 requests, and I can see then using: [EMAIL PROTECTED] squid]# /usr/sbin/squidclient -p 80 cache_object://localhost/objects HTTP/1.0 200 OK Server: squid/2.7.STABLE4 Date: Fri, 26 Sep 2008 08:35:34 GMT Content-Type: text/plain Expires: Fri, 26 Sep 2008 08:35:34 GMT X-Cache: MISS from test Via: 1.0 test:80 (squid/2.7.STABLE4) Connection: close KEY 134E77B5F13E86B8585D7FE0AF1CE79E GET http://127.0.0.1/app/servlet?p1=992567224&p2=2.4 STORE_OK IN_MEMORY SWAPOUT_DONE PING_DONE CACHABLE,DISPATCHED,VALIDATED LV:1222351389 LU:1222351521 LM:-1EX:-1 0 locks, 0 clients, 3 refs Swap Dir 0, File inmem_lo: 0 inmem_hi: 718 swapout: 718 bytes queued KEY 7FB72FC4992B0B2642793622D4C67347 GET http://127.0.0.1/app/servlet?p1=992567224&p2=2.2 STORE_OK IN_MEMORY SWAPOUT_DONE PING_DONE CACHABLE,DISPATCHED,VALIDATED LV:1222351389 LU:1222351521 LM:-1EX:-1 0 locks, 0 clients, 3 refs Swap Dir 0, File 0X01 inmem_lo: 0 inmem_hi: 519 swapout: 519 bytes queued KEY 3F7E6EB1215D6456CB2C6576D4465E9D GET cache_object://localhost/objects STORE_PENDING NOT_IN_MEMORY SWAPOUT_NONE PING_NONE RELEASE_REQUEST,PRIVATE,VALIDATED LV:-1LU:1222418134 LM:-1EX:1222418134 3 locks, 1 clients, 1 refs Swap Dir -1, File 0X inmem_lo: 0 inmem_hi: 1042 swapout: 0 bytes queued Client #0, 0x88733d8 copy_offset: 1042 seen_offset: 1042 copy_size: 4096 flags: Now say I'd like to remove the 1st entry I do: Squidclient -p 80 -m PURGE "http://127.0.0.1/app/servlet?p1=992567224&p2=2.4"; But I get a 404 and nothing is really purged. How can I purge it? Cheers, Paulo This e-mail message contains information which is confidential and may be privileged. It is intended for use by the addressee only. If you are not the intended addressee, we request that you notify the sender immediately and delete or destroy this e-mail message and any attachment(s), without copying, saving, forwarding, disclosing or using its contents in any other way. TomTom N.V., TomTom International BV or any other company belonging to the TomTom group of companies will not be liable for damage relating to the communication by e-mail of data, documents or any other information.
[squid-users] squid-3.0.STABLE7 ICAP [FinanzIT: Viruscheck]
hi , we have here a little problem with the squid above. we have: snip acl NETZ_i001 src "/opt/squid-3.0.STABLE7/etc/acl/netz_001" # # User ACLs # # # default Profile acl USER_sehr_hoch proxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_sehr_hoch" acl USER_hoch proxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_hoch" acl USER_mittel proxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_mittel" acl USER_niedrigproxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_niedrig" acl USER_sehr_niedrig proxy_auth "/opt/squid-3.0.STABLE7/etc/acl/user_sehr_niedrig" icap_service res_defaultrespmod_precache 0 icap://localhost:1344/wwrespmod?profile=default # Default Request-Profile icap_service req_default reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=default icap_service req_hoch reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=hoch icap_service req_mittel reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=mittel icap_service req_niedrigreqmod_precache 0 icap://localhost:1344/wwreqmod?profile=niedrig icap_service req_sehr_hoch reqmod_precache 0 icap://localhost:1344/wwreqmod?profile=sehr_hoch icap_service req_sehr_niedrigreqmod_precache 0 icap://localhost:1344/wwreqmod?profile=sehr_niedrig # ICAP Klassen fuer das default profile icap_class icap_default res_default icap_class icap_req_defaultreq_default icap_class icap_001netz req_default icap_class icap_sehr_hoch req_sehr_hoch icap_class icap_hochreq_hoch icap_class icap_mittel req_mittel icap_class icap_niedrig req_niedrig icap_class icap_sehr_niedrigreq_sehr_niedrig # webwasher default Profile icap_access icap_001netz deny !NETZ_i001 icap_access icap_sehr_hoch deny !USER_sehr_hoch icap_access icap_hoch deny !USER_hoch icap_access icap_mitteldeny !USER_mittel icap_access icap_niedrig deny !USER_niedrig icap_access icap_sehr_niedrig deny !USER_sehr_niedrig icap_access icap_defaultallow all end. squid config. if there is an ip accessing squid, which is not listed in NETZ_001 without user-authentication, the client have to go to the last line for icap response mode access. this works in 2.5.STABLE12. now it matches in the second icap_access line for reqmod_profile icap_sehr_hoch too: 2008/07/01 13:09:55.099| ICAPAccessCheckCallbackWrapper matchedClass = icap_req_default 2008/07/01 13:09:55.099| ACLChecklist::preCheck: 0x87c0980 checking 'icap_access icap_001netzdeny !NETZ_i001' 2008/07/01 13:09:55.099| ACLList::matches: checking !NETZ_i001 2008/07/01 13:09:55.099| ACL::checklistMatches: checking 'NETZ_i001' 2008/07/01 13:09:55.099| aclMatchIp: 'XX.XX.XX.XX' NOT found 2008/07/01 13:09:55.099| ACL::ChecklistMatches: result for 'NETZ_i001' is 0 2008/07/01 13:09:55.099| ACLList::matches: result is true 2008/07/01 13:09:55.099| aclmatchAclList: 0x87c0980 returning true (AND list satisfied) 2008/07/01 13:09:55.099| ACLChecklist::markFinished: 0x87c0980 checklist processing finished 2008/07/01 13:09:55.099| ACLChecklist::check: 0x87c0980 match found, calling back with 0 2008/07/01 13:09:55.099| ACLChecklist::checkCallback: 0x87c0980 answer=0 2008/07/01 13:09:55.099| ICAPAccessCheckCallbackWrapper: answer=0 2008/07/01 13:09:55.100| ICAPAccessCheckCallbackWrapper matchedClass = icap_001netz 2008/07/01 13:09:55.100| ACLChecklist::preCheck: 0x87c0aa8 checking 'icap_access icap_sehr_hoch deny !USER_sehr_hoch' 2008/07/01 13:09:55.100| ACLList::matches: checking !USER_sehr_hoch 2008/07/01 13:09:55.100| ACL::checklistMatches: checking 'USER_sehr_hoch' 2008/07/01 13:09:55.100| aclMatchAcl: returning 0 sending authentication challenge. 2008/07/01 13:09:55.100| ACL::ChecklistMatches: result for 'USER_sehr_hoch' is 0 2008/07/01 13:09:55.100| ACLList::matches: result is true 2008/07/01 13:09:55.100| aclmatchAclList: 0x87c0aa8 returning false (AND list entry failed to match) 2008/07/01 13:09:55.100| ACLChecklist::checkForAsync: requiring Proxy Auth header. 2008/07/01 13:09:55.100| ACLChecklist::markFinished: 0x87c0aa8 checklist processing finished 2008/07/01 13:09:55.100| aclmatchAclList: async=1 nodeMatched=1 async_in_progress=0 lastACLResult() = 1 finished() = 1 2008/07/01 13:09:55.100| ACLChecklist::check: 0x87c0aa8 match found, calling back with 2 2008/07/01 13:09:55.100| ACLChecklist::checkCallback: 0x87c0aa8 answer=2 2008/07/01 13:09:55.100| ICAPAccessCheckCallbackWrapper: answer=2 2008/07/01 13:09:55.100| ICAPAccessCheckCallbackWrapper matchedClass = icap_sehr_hoch 2008/07/01 13:09:55.100| ACLChecklist::~ACLChecklist: destroyed 0x87c0aa8 2008/07/01 13:09:55.100| ACLChecklist::~ACLChecklist: destroyed 0x87c0980 2008/07/01 13:09:55.100| ACLChecklist::~ACLChecklist: destroyed 0x87c0a14 2008/07/01 13:09:55.112| I
[squid-users] TCP_MISS/503
Hello all, my squid, yestarday, started to make it, how you can see it is showing TCP_MISS/""""503""", and not TCP_MISS/200 how is the normal. Have any idea, how can i fix it?? OS version: slackware 11.0 squid version: 2.6.STABLE13 1211309869.395 88 10.0.7.3 TCP_MISS/503 1567 GET http://www.realmac.com.br/webmail - DIRECT/www.realmac.com.br text/html 1211309888.669 66 10.0.7.3 TCP_MISS/503 1550 GET http://www.unoesc.edu.br/ - DIRECT/www.unoesc.edu.br text/html 1211309896.780 5097 10.0.7.3 TCP_MISS/503 1550 GET http://www.unoesc.edu.br/ - DIRECT/www.unoesc.edu.br text/html thanks to all. -- Mauricio Paulo de Sousa
[squid-users] Antwort: Re: [squid-users] icap_class None squid 3.0 [FinanzIT: Viruscheck]
Hi Alex, my question was: Does the special ( implied ) icap_class None exist in squid 3.0 ? We have for about 100 icap_services and icap_classes configured in squid 2.5 witch work as icap-client with webwasher-csm. In some special cases it was necessary to bypass icap for some destination domains. Thats why we use the given syntax: acl NO_ICAP_FOR dstdomain XXX icap_access None deny NO_ICAP_FOR In squid 3.0 it seems not to work as inspected. I have no Idea, what I have to do to define an icap_service that does no req or res, put this in an icap_class do_no_icap and then icap_access do_no_icap allow NO_ICAP_FOR. That's why we use this special None directive in 2.5 Alex Rousskov <[EMAIL PROTECTED] ment-factory.com> An [EMAIL PROTECTED] 29.01.2008 19:43Kopie squid-users@squid-cache.org Thema Re: [squid-users] icap_class None squid 3.0 [FinanzIT: Viruscheck] On Tue, 2008-01-29 at 08:53 +0100, [EMAIL PROTECTED] wrote: > This syntax worked for squid 2.5: > > acl NO_ICAP_FOR dstdomain XXX > icap_access None deny NO_ICAP_FOR > > in squid 3.0 there comes up: > > FATAL: Did not find ICAP class 'None' referenced on line XXX > > Is there a need to config an icap_class None an how do I do this ? If you do not want ICAP, you can disable it with icap_enable. If you want to fine-tune access for an existing ICAP class, then you should use that class name on the icap_access line. If you are using ICAP services without classes, then you can try to use a service name on the icap_access line, but that may not work. You should probably just add a class for your service. For example, icap_service service_req reqmod_precache 0 icap://10.0.0.104:1344/req icap_class class_req service_req icap_access class_req deny NO_ICAP_FOR icap_access class_req allow all The whole icap_service/class design is rather cumbersome and confusing. It will probably be replaced when we add support for service chaining in Squid3. HTH, Alex.
[squid-users] icap_class None squid 3.0 [FinanzIT: Viruscheck]
This syntax worked for squid 2.5: acl NO_ICAP_FOR dstdomain XXX icap_access None deny NO_ICAP_FOR in squid 3.0 there comes up: FATAL: Did not find ICAP class 'None' referenced on line XXX Is there a need to config an icap_class None an how do I do this ? Regards JP
[squid-users] requested URL not be retrieved
Hello all, access.log show it after entered in gmail.com and on access the main google page, and some others sites. it happen on IE7 and Firefox 2.0.0.9 on windows xp 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request -method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method 10.7.7.41 - TCP_DENIED/400 - error:unsupported-request-method -- and the squid error page show it ERROR The requested URL could not be retrieved While trying to process the request: utmb=173272373; __utmc=173272373; __utmz=173272373.1194545804.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); TZ=120; GMAIL_RTT=250; GMAIL_LOGIN=T1194545801921/119454580192 GET /mail/ HTTP/1.1 Accept-Encoding: gzip, deflate Host: mail.google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3 ---: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: __utma=173272373.649209981.1194545804.1194545804.1194545804.1; __ The following error was encountered: * Invalid Request Some aspect of the HTTP Request is invalid. Possible problems: * Missing or unknown request method * Missing URL * Missing HTTP Identifier (HTTP/1.0) * Request is too large * Content-Length missing for POST or PUT requests * Illegal character in hostname; underscores are not allowed -- Mauricio Paulo de Sousa
[squid-users] Squid Authentication
Hi all, How I can migrate a user database NCSA (Squid authentication) to LDAP? Thanks. Regards, Paulo
[squid-users] Compiling Squid to auth on ldap server
Hello all, I would like to compile my squid to make autentication on a ldap server, can anybody help me? if possible, show me how to define the acl autentication. thanks :D -- Mauricio Paulo de Sousa
[squid-users] SSL Reverse Proxy
We have multiple windows webservers that are available to the WWW. On all the servers we have different SSL certs for various apps. Is it possible or viable to have a Squid server running as a reverse proxy with one SSL cert to different webservers? As an example if you browse https://url.squidserver/webserver1 then it would display contents from "webserver1" encrypted, and https://url.squidserver/webserver2 from webserver2. I am trying to rather have one SSL cert for all our apps on various servers. Hope this makes sense. Paulo
[squid-users] squid and intranet
Hi I am new in squid and I am using the squid/2.5.STABLE14. Before I didnt use squid to access my intranet server by http://name_server. Now that I am using squid the only way to access my intranet server is taping the FQDN http://name_server.domain.local. And each time I try to access by the simple name (http://name_server) I have the error in the access.log: 1169558360.997 149 172.16.32.0 TCP_MISS/503 1522 GET http://name_server/ - DIRECT/name_server text/html And when I try to access by the FQDN name (http://name_server.domain.local) I have the entry in the access.log: 1169559704.107 174 172.16.32.0 TCP_REFRESH_HIT/304 230 GET http://name_server.domain.local /IMG/accueil/41.jpg - DIRECT/172.16.111.30 - I am looking for a solution to this problem because my antivirus clients pass also throw the proxy they can not update with the my antivirus server Thanks a lot for your help. Paulo
Re: [Was: [squid-users] Original IP Client]
In the squid 2.6 have a option "'--enable-linux-tproxy" in compilation. Someone already test this? rgs, paulo On 10/11/06, Alexandre Correa <[EMAIL PROTECTED]> wrote: i didn´t tested with non-transparent ... but i think thats this patch works only with transparent proxy ! On 10/11/06, Kenneth P. Oncinian <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > > use balabit.com tproxy patch !!! > > > > http://www.balabit.com/downloads/tproxy/ > > How about if the squid setup is not transparent? > Is this possible? > > > regards, > Kenneth > > > > > :) > > > > > > > > On 10/11/06, Paulo <[EMAIL PROTECTED]> wrote: > >> Hi. > >> I have configured squid as proxy server. > >> When ever any client go to web, its originating IP becomes the IP of > >> the proxy server. > >> I want to ask how can i forward real IP of client instead of IP of > >> proxy for the gateway. > >> > >> regards, > >> > >> Paulo Raponi > >> > > > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFLaLM9MTaiXoaMBgRArG6AJ9qN9UJ4GI4Dp83GpuL7GFE8Q3ZIwCfTQyf > 7d/BXt34CbzHkInjZT2uIdY= > =TZs6 > -END PGP SIGNATURE- > -- / 7 /_( |_| |_| Abraços |_| Let´s Rock! |_| /\ /\|=|/ / \ |_| / Alexandre J. Correa ) _ \ http://fotolog.net/alexandrecorrea / |_| \ [EMAIL PROTECTED] / -=-o / \ /~\_/ \/
[squid-users] Original IP Client
Hi. I have configured squid as proxy server. When ever any client go to web, its originating IP becomes the IP of the proxy server. I want to ask how can i forward real IP of client instead of IP of proxy for the gateway. regards, Paulo Raponi
RE: [squid-users] no access to sites Intranet
I fogot to tell my linux and squid version: Linux ipcop1.4.10, Kernel 2.4.31, squid 2.5.STABLE12 -Message d'origine- De : paulo braga [mailto:[EMAIL PROTECTED] Envoyé : jeudi 7 septembre 2006 23:00 À : squid-users@squid-cache.org Objet : [squid-users] no access to sites Intranet Hi I made VPN connection between 2 sites. On the same server I installed OpenVPN and Squid. The only problem I am having is that I can't access any of my Intranet web servers on the other side of the VPN, even if I use the IP address. I can ping them by their name and access the share folders but I can't open the web pages of the same server. Each time I try to browse them I have an answer like "The requested URL could not be retrieved". When I tell my browser to not use the proxy for the local address it works fine, but I have to make the change host by host. I configured the resolv.conf to point to my private DNS server and I still have the same problem. I wonder if have to change something in squid.conf file? Thanks a lot for the help zelinho
[squid-users] no access to sites Intranet
Hi I made VPN connection between 2 sites. On the same server I installed OpenVPN and Squid. The only problem I am having is that I can't access any of my Intranet web servers on the other side of the VPN, even if I use the IP address. I can ping them by their name and access the share folders but I can't open the web pages of the same server. Each time I try to browse them I have an answer like "The requested URL could not be retrieved". When I tell my browser to not use the proxy for the local address it works fine, but I have to make the change host by host. I configured the resolv.conf to point to my private DNS server and I still have the same problem. I wonder if have to change something in squid.conf file? Thanks a lot for the help zelinho
Re: [squid-users] HELLP!!!
and if I don´t want to use "blue coat"... Can I use transparent squid + openldap? if yes someone have any tutorial? - Original Message - From: "Paulo" <[EMAIL PROTECTED]> To: "Chris Robertson" <[EMAIL PROTECTED]>; Sent: Friday, August 05, 2005 8:09 PM Subject: Re: [squid-users] HELLP!!! which Other methods of authentication ? - Original Message - From: "Chris Robertson" <[EMAIL PROTECTED]> To: Sent: Friday, August 05, 2005 7:52 PM Subject: RE: [squid-users] HELLP!!! -Original Message- From: Paulo [mailto:[EMAIL PROTECTED] Sent: Friday, August 05, 2005 2:43 PM To: Chris Robertson; squid-users@squid-cache.org Subject: Re: [squid-users] HELLP!!! I don´t understand. It´s possible to use authentication with squid in transparent mode or not? It's not possible to use the auth_param directive with an intercepting proxy. Other methods of authentication are possible, but left as a excercise for the reader. Chris __ Informação do NOD32 1.1187 (20050805) __ Esta mensagem foi verificada pelo NOD32 Sistema Antivírus http://www.nod32.com.br __ Informação do NOD32 1.1187 (20050805) __ Esta mensagem foi verificada pelo NOD32 Sistema Antivírus http://www.nod32.com.br
Re: [squid-users] HELLP!!!
which Other methods of authentication ? - Original Message - From: "Chris Robertson" <[EMAIL PROTECTED]> To: Sent: Friday, August 05, 2005 7:52 PM Subject: RE: [squid-users] HELLP!!! -Original Message- From: Paulo [mailto:[EMAIL PROTECTED] Sent: Friday, August 05, 2005 2:43 PM To: Chris Robertson; squid-users@squid-cache.org Subject: Re: [squid-users] HELLP!!! I don´t understand. It´s possible to use authentication with squid in transparent mode or not? It's not possible to use the auth_param directive with an intercepting proxy. Other methods of authentication are possible, but left as a excercise for the reader. Chris __ Informação do NOD32 1.1187 (20050805) __ Esta mensagem foi verificada pelo NOD32 Sistema Antivírus http://www.nod32.com.br
Re: [squid-users] HELLP!!!
I don´t understand. It´s possible to use authentication with squid in transparent mode or not? - Original Message - From: "Chris Robertson" <[EMAIL PROTECTED]> To: Sent: Friday, August 05, 2005 7:29 PM Subject: RE: [squid-users] HELLP!!! -Original Message- From: Paulo [mailto:[EMAIL PROTECTED] Sent: Friday, August 05, 2005 2:06 PM To: squid-users@squid-cache.org Subject: [squid-users] HELLP!!! Please, I am trying to use authentication in squid (any one) in transparent way but neither the screen appears asking for password in the browser! Can someone tell what should add to squid.conf? I tried with NCSA but can be any another. Thanks, Paulo Daniel. Perhaps I'm misinterpreting your request, but what I see is "How do I do proxy authentication with an intercepting proxy?" The short answer is you can't. http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.16 Longer answers are available in the list archives (http://www.squid-cache.org/mail-archive/squid-users/200505/0001.html for example). Chris __ Informação do NOD32 1.1187 (20050805) __ Esta mensagem foi verificada pelo NOD32 Sistema Antivírus http://www.nod32.com.br
[squid-users] HELLP!!!
Please, I am trying to use authentication in squid (any one) in transparent way but neither the screen appears asking for password in the browser! Can someone tell what should add to squid.conf? I tried with NCSA but can be any another. Thanks, Paulo Daniel.
[squid-users] how to force user to change their passwords
Hi Guys Does anyone know how to force users to change their passwords from , let me say, 30 to 30 days, without using pam_auth ? And before that limit day he receives an alert telling him that his password is going to be expired?? ( preferencially via web browser or inside the authenticated method used). thanks in advanced -- Paulo Ricardo Bruck - consultor signature.asc Description: Esta é uma parte de mensagem assinada digitalmente
[squid-users] squid-ldap(samba)
i have a ldap-samba server on 127.0.0.1 389 with dc=siga,dc=local = and cn=manager,dc=siga,dc=local Ive crated a group called proxy with users on in. Can I have a sample of squid.conf to allow only the users on = the proxy group (cn=proxy,ou=GROUPS,dc=siga,dc=local) to have internet. Im a newcomer on linux Please ? tahnks
Re: [squid-users] OT gui for squidguard
Em Qui, 2005-05-26 às 17:52 -0400, Matt Benjamin escreveu: > Paulo, Hi Matt > > Don't know of one, but we've done bugfixes on the Webmin module, though > it is still imperfect (error handling), added a config backup feature, > and have used it as recently as Webmin-1.8.0. > > Fwiw and no warranty: > > https://secure.linuxbox.com/tiki/tiki-download_file.php?fileId=72 > thanks Matt I'm trying to use, as I use debian I have to arrange some archives to work. BTW can you provide me an example of webmin-squidguard config ?? best regards > Matt > > Paulo Ricardo Bruck wrote: > > >Hi guys > > > >Does anyone know a GUI to configure squidguard ? > >I have already tried webmin but it's deprecated... > >( http://www.niemueller.de/webmin/modules/squidguard/ ) > > > >thanks in advanced > > > > > > -- Paulo Ricardo Bruck - consultor Contato Global Solutions tel 011 5031-4932 fone/fax 011 5034-1732 cel 011 9235-4327 signature.asc Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente
[squid-users] OT gui for squidguard
Hi guys Does anyone know a GUI to configure squidguard ? I have already tried webmin but it's deprecated... ( http://www.niemueller.de/webmin/modules/squidguard/ ) thanks in advanced -- Paulo Ricardo Bruck - consultor signature.asc Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente
[squid-users] Squid proxy slow
I have two different proxy servers on our network, the one is currently in production (linux 2.4.17, squid 2.4Stable1, ext2 file system) and doing no auth. The dev (linux 2.6.9, squid 2.5Stable9, reiserfs file system) server is doing ntlm auth against a windows NT server. When I download the same file at the same time from the current production server I get speeds of avg 10 kb/s and on the dev server it stays at about 550 b/s. Both servers are using the same link. Could the auth be slowing down the download to that extend? Or what should I actually be looking for? Paulo
[squid-users] Downloads Slow down
HI, I have a squid server (squid 2.5stable9) running, some users are complaining when they download files that it runs at max speed and then suddenly it will slow down to 2kb/s. The problem is that they say that this happens at different intervals with various files, I know that this is a question that is very broad. But what could I start looking at to troubleshoot this? Thanks Paulo
Re: [squid-users] squid + winbind weird behavior
" winbind privileged pipe permissions (Samba-3.X) ntlm_auth requires access to the privileged winbind pipe in order to function properly. You enable this access by changing group of the winbind_privileged directory to the group you run Squid as (cache_effective_group setting in squid.conf). chgrp squid /path/to/winbind_privileged " I've added squid group, added user nobody into it and put it in my squid.conf. But as you can see below, there's only read perms for squid group, so the error is still there. 4 drwxr-s--- 2 root squid 4096 2005-02-17 14:15 winbindd_privileged I don't know how the hell this worked for others, since other users from squid will only have read access to the dir, when they should have execute permissions too. Anyways, thanks for the answer. Paulo Pires Qui, 2005-02-17 às 00:40 +0100, Henrik Nordstrom escreveu: > On Wed, 16 Feb 2005, Paulo Pires wrote: > > > chown nobody /usr/local/samba-3.0.10/var/locks/winbindd_privileged > > > > This solved the thing. We can't change the perms cause it's a socket, so > > it's better to change the owner to the user which runs squid. > > You should change the group, not the owner.. > > http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 > http://us4.samba.org/samba/docs/man/winbindd.8.html > > Changing the owner will make Samba quite upset about the security. > > Regards > Henrik
Re: [squid-users] squid + winbind weird behavior
Well chown nobody /usr/local/samba-3.0.10/var/locks/winbindd_privileged This solved the thing. We can't change the perms cause it's a socket, so it's better to change the owner to the user which runs squid. Cya Qua, 2005-02-16 às 16:00 +, Paulo Pires escreveu: > Hi list > > For the last year I've installed several squid proxies, which > authenticate themselves against NT Domains. Each domain is primarly > controlled by a Samba PDC (at the moment, Samba-3.0.10) and I have no > problems at all. Since Monday, I've tried unsuccessfully to get a > squid-2.5-stable8 to run with samba-3.0.11 against a Windows 2003 PDC. > > Here's the steps: > > * compile and install samba with winbind and pam support > * configure smb.conf > + workgroup > + password server > + security=domain > + winbind settings > * cp nsswitch/libnss_winbind.so /lib && ln > -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 > * start samba > * net rpc join -S PDC_NAME -w DOMAIN -U user_with_perms > * restart samba > * change /etc/nsswitch.conf > * samba tests > + wbinfo -u /-g /-t > > * compile and install squid > + --prefix=/usr/local/squid-x.xx-yyy --enable-carp --enable-delay-pools > --enable-kill-parent-hack --enable-ssl --enable-auth="ntlm,basic" > --enable-external-acl-helpers="wbinfo_group" > > * squid + winbind tests > + ntlm_auth --helper-protocol=squid-2.5-basic -> user password OK > > Everything is ok, it should be working. I then restart samba, and start > squid, and when configuring a client browser (IE, Firefox,...) it > returns the following: > > [2005/02/16 15:46:06, 2] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429) > winbindd_pam_auth_crap: non-privileged access denied. ! > winbindd_pam_auth_crap: Ensure permissions > on /usr/local/samba-3.0.10/var/locks/winbindd_privileged are set > correctly. > [2005/02/16 15:46:06, 2] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642) > NTLM CRAP authentication for user [(null)]\[(null)] returned > NT_STATUS_ACCESS_DENIED (PAM: 4) > > > Squid is running as nobody.nogroup, but I've got this conf on other > proxies and never had any problem. I've been to #squid and #samba @ > freenode.net but no one ever gave me a good tip about this, so I'm > really cracking my head up. > > > Thanks in advance, > Paulo Pires >
[squid-users] squid + winbind weird behavior
Hi list For the last year I've installed several squid proxies, which authenticate themselves against NT Domains. Each domain is primarly controlled by a Samba PDC (at the moment, Samba-3.0.10) and I have no problems at all. Since Monday, I've tried unsuccessfully to get a squid-2.5-stable8 to run with samba-3.0.11 against a Windows 2003 PDC. Here's the steps: * compile and install samba with winbind and pam support * configure smb.conf + workgroup + password server + security=domain + winbind settings * cp nsswitch/libnss_winbind.so /lib && ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 * start samba * net rpc join -S PDC_NAME -w DOMAIN -U user_with_perms * restart samba * change /etc/nsswitch.conf * samba tests + wbinfo -u /-g /-t * compile and install squid + --prefix=/usr/local/squid-x.xx-yyy --enable-carp --enable-delay-pools --enable-kill-parent-hack --enable-ssl --enable-auth="ntlm,basic" --enable-external-acl-helpers="wbinfo_group" * squid + winbind tests + ntlm_auth --helper-protocol=squid-2.5-basic -> user password OK Everything is ok, it should be working. I then restart samba, and start squid, and when configuring a client browser (IE, Firefox,...) it returns the following: [2005/02/16 15:46:06, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429) winbindd_pam_auth_crap: non-privileged access denied. ! winbindd_pam_auth_crap: Ensure permissions on /usr/local/samba-3.0.10/var/locks/winbindd_privileged are set correctly. [2005/02/16 15:46:06, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642) NTLM CRAP authentication for user [(null)]\[(null)] returned NT_STATUS_ACCESS_DENIED (PAM: 4) Squid is running as nobody.nogroup, but I've got this conf on other proxies and never had any problem. I've been to #squid and #samba @ freenode.net but no one ever gave me a good tip about this, so I'm really cracking my head up. Thanks in advance, Paulo Pires
[squid-users] Log entries
I run squid 2.5Stable6 and samba 3.0.9, using ntlm auth. My squid logs will show the following: 1104824883.157 8 192.168.x.x TCP_DENIED/407 1334 GET http://www.squid-cache.org/Doc/FAQ/FAQ-25.html - NONE/- text/html 1104824883.161 0 192.168.x.x TCP_DENIED/407 1338 GET http://www.squid-cache.org/Doc/FAQ/FAQ-25.html - NONE/- text/html 1104824884.406 1245 192.168.x.x TCP_MISS/200 2795 GET http://www.squid-cache.org/Doc/FAQ/FAQ-25.html PANDRE DIRECT/206.168.0.9 text/html Can someone tell me why the logs contain th following? Looks like the auth only goes through on the 3 try, can this be fixed? Paulo
[squid-users] squid dynamic cache
squid dynamic cache by default squid don`t make cache of dynamic content e.g ( .asp files). I need to cache asp files in my proxy, anyone know how can I do this task?
[squid-users] authentication w/ ADS
Hi guys I've been reading about winbind/samba/ldap/squid and I got a little confuse about it. I'll be start an instalation of squid2.5 + debian and I would like to authenticate using NTLM + Windows 2000 + ADS. Client wants authentication using NTLM and 2 different groups from ADS. Question What's the best choice? a) squid + samba + winbind or b) squid+samba+winbin+LDAP ?? Thanks in advanced
[squid-users] numbers of ACL's that squid support x memory
Hi guys Searching google and squid's history list I couldn't find an answer. How many acls squid can handle/support??? as an example Iá trying to load around 370.000 sites and I receive an out of memory machine: amd-k6-II 300Mhz debian sid squid 2.5.4-3 128MRAM cache_mem 8M cache_dir aufs /var/spool/squid 1800 16 256 Should I use squidguard to solve the problem??? --
RE: [squid-users] squid can ' t load acl's
Em Sex, 2004-01-23 Ãs 12:23, Elsen Marc escreveu: > > > Em Sex, 2004-01-23 Ãs 06:30, Elsen Marc escreveu: > > > > > > > > > > > Iá trying to use squid w/ a huge list ( more tham 200.000 > > sites) and > > > > when I start squid , after +_1 min I receive a message > > saying that it > > > > could not start. > > > > > > > > Starting proxy server: 2004/01/22 18:01:45 > > > > /etc/init.d/squid: line 133: 9223 Terminated > > > > start-stop-daemon --quiet --start --pidfile $PIDFILE > > --exec $DAEMON -- > > > > $SQUID_ARGS > > > squid. > > > > > > > > > >What's in cache.log ? > > > > > > nothing... the squid even starts.. but if I comment the acl and > > http_accesss everything runs smoothly.80) > > Should I increase RAM memory to 256M or 512M ??? > > > > It is possible that squid dies immediately due to mem. allocation > problems on the box. yes, exactly. looking at console I saw a lot of Out of Memory. After that I upgraded to 256MRAM, but unfortunatly I received same message ( Out of memory) should I upgrade to 512M??? or should I use a redirector/squidguard ??? > Verify this by looking at your system's error log, I suppose : > > # dmesg > > on Debian. > > Also simply start squid in a shell , see what gives. I see the startup > script redirect everything to /dev/null. This is counter productive for > analyzing this issue : > > Simply try : > > # ./path_to_squid_exec/squid > > This might be more informative > > M.
RE: [squid-users] squid can ' t load acl's
Em Sex, 2004-01-23 Ãs 06:30, Elsen Marc escreveu: > > > > > Iá trying to use squid w/ a huge list ( more tham 200.000 sites) and > > when I start squid , after +_1 min I receive a message saying that it > > could not start. > > > > Starting proxy server: 2004/01/22 18:01:45 > > /etc/init.d/squid: line 133: 9223 Terminated > > start-stop-daemon --quiet --start --pidfile $PIDFILE --exec $DAEMON -- > > $SQUID_ARGS > squid. > > > >What's in cache.log ? nothing... the squid even starts.. but if I comment the acl and http_accesss everything runs smoothly.80) Should I increase RAM memory to 256M or 512M ??? remember that I have a : debian sid 128MRAM cache_mem 8M cache_dir aufs /var/spool/squid 1800 16 256 here a small piece of #acl porn_urls url_regex -i "/etc/squid/blacklists/porn/urls" #http_access deny porn_urls 208.185.190.12/fetishes ass2k.com/teens1/index.html naked-pussy-pics.com/xxx-adult-porn-pics alcohollinks.com/diabolic/bb.htm 213.4.130.210/personal6/diego707/bdsm free-black-nude-pic.com/perfect_tits/index.html xrated-asian.com/erotic_jasmine scstelecomm.com/sex free-lesbian-lovers-pics.com/hardcore_porn_pics/index.html bloodyhole.com/buff24 Looking at squid's list someone suggest to use of SquidGuardian , but may main concern about it is that is no longer developed... ( sorry about my poor English 80) any suggestions?? > >M. >
[squid-users] squid can ' t load acl's
Hi guys Iá trying to use squid w/ a huge list ( more tham 200.000 sites) and when I start squid , after +_1 min I receive a message saying that it could not start. Starting proxy server: 2004/01/22 18:01:45 /etc/init.d/squid: line 133: 9223 Terminated start-stop-daemon --quiet --start --pidfile $PIDFILE --exec $DAEMON -- $SQUID_ARGS
[squid-users] how include a deny message in error log html
Hi guys Happy 2004 80) Bart gave me a goog help telling me to use degug_options ALL,2 9,28 in squid.conf example: http://mirror.phy.bnl.gov/debian-iso/gluck.debian.org/cdimage/testing/netinst/i386/beta -1/ is DENIED, because it matched 'government_domains' ^^ BTW is there a way to insert this message in the HTML error page?? I try all possibilities showed at http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#custom-err-msgs but none of them show me the ACL... Maybe using %m Error message returned by external auth helper ??? thanks
Re: [squid-users] Access deny page
Em Qua, 2003-12-31 Ãs 11:24, Schelstraete Bart escreveu: > Inrease the debugging in squid.As far as I know this is the only way > to know this... Yes, thanks very much Bart . I think it's the correct way. debug_options ALL,2 9,28 show the file where is the ACL here's is the line: 2003/12/31 14:26:47| The request GET http://mirror.phy.bnl.gov/debian-iso/gluck.debian.org/cdimage/testing/netinst/i386/beta -1/ is DENIED, because it matched 'government_domains' BTW is there a way to insert this message in the HTML error page?? I try all possibilities showed at http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#custom-err-msgs but none of them show me the ACL... maybe using %m Error message returned by external auth helper ??? > . > If you have more then 50.000 domains/url's you should better consider to > use a thrid-party filter. (Squidguard, dansguardian) yes. I know dansguardian would be the best but it is not cheap for our client ( we live in Brazil) squidguard should be great , but unfortunatly it's out of date as far as I know... , no support thank's again > > >Bart > Paulo Ricardo wrote: > > >Hi guys > > > >Just a simple question. How can i known which word in ACL type is > >blocking access from some user? I'm asking that because I have 10 lists > >and some of them w/ more than 50.000 domains/url... > > > >Is there a way to insert the word/url wich is blocked in error message? > > > >as example: > >__ > > > >ERROR > >The requested URL could not be retrieved > > > > > > > >While trying to retrieve the URL: > >http://mirror.phy.bnl.gov/debian-iso/gluck.debian.org/cdimage/testing/netinst/i386/beta-1/ > > > >The following error was encountered: > > > > * Access Denied. list /etc/squid/blacklist/government/.gov > >^^ > >Access control configuration prevents your request from being > >allowed at this time. Please contact your service provider if > >you feel this is incorrect. > > > >Your cache administrator is webmaster. > > > > > > > > > >Generated Wed, 31 Dec 2003 12:54:29 GMT by cerberusint.intranet > >(squid/2.5.STABLE4) > >__ > > > > > > > >cheers > > > > > > > >
[squid-users] Access deny page
Hi guys Just a simple question. How can i known which word in ACL type is blocking access from some user? I'm asking that because I have 10 lists and some of them w/ more than 50.000 domains/url... Is there a way to insert the word/url wich is blocked in error message? as example: __ ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://mirror.phy.bnl.gov/debian-iso/gluck.debian.org/cdimage/testing/netinst/i386/beta-1/ The following error was encountered: * Access Denied. list /etc/squid/blacklist/government/.gov ^^ Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is webmaster. Generated Wed, 31 Dec 2003 12:54:29 GMT by cerberusint.intranet (squid/2.5.STABLE4) __ cheers
Re: [squid-users] Squid, snmp and MRTG
On Mon, 15 Dec 2003, Duane Wessels wrote: wessel> Indeed your attached cache.log shows that 1.3.6.1.4.1.3495.1.5.2.1.2 wessel> is not a valid OID for the running Squid process. Maybe the MIB file wessel> that MRTG is using is out of date? try adding this lines to you "mtrg.cfg" file: # Load Mibs LoadMIBs: /etc/squid/mib.txt (or wherever the mib.txt file is) -- Paulo Matos --- -- |Sys & Net Admin| Serviço de Informática | |Faculdade de Ciências e Tecnologia | Tel: +351-21-2948596 | |Universidade Nova de Lisboa| Fax: +351-21-2948548 | |P-2829-516 Caparica| e-Mail: [EMAIL PROTECTED] | --- --
[squid-users] squid + iptables
A simple question from a Squid newbie: I have a Squid running ok in a linux box and another box with iptables running ok too (my internet gateway). What i have to do do in my iptables to block port 80 and permit http connections through Squid ??? I am a little bit confused. hugs, Paulo