[squid-users] Transparent proxy with squid and Dansguardian
HI I am trying to set up a router that allows a group of devices on a network to access the internet via Dansguardian and squid. I am setting it up as a transparent proxy and locking down the ports with IPtables. I am using IPtables to redirect connections on port 80 from the client and remap them to 8080 for dansguardian, dans is then set up to talk to squid on 127.0.0.1:3128 the iptables rules are iptables -A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j REDIRECT --to-ports 8080 iptables -A POSTROUTING -j MASQUERADE if I set the rule above to REDIRECT to 3128, the cache works as expected. If I set it above, I can see traffic in DG and in the cache log of squid but the target IF address is stripped out and I seem to be getting a forwarding loop. I am not sure what is going on but it seems that Dansguardian is rewriting the target address and getting squid to loop back on itself. All the various versions are current to ubuntu 14.04 although the dansguardian is a little old in this distro. Any pointers would be greatly appreciated. Darren B. Currently the processes running and listening are root@dnsmasq:~# netstat -ntlp | grep LISTEN tcp0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1068/dnsmasq tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1022/sshd tcp0 0 0.0.0.0:31280.0.0.0:* LISTEN 1610/squid3 tcp0 0 0.0.0.0:80800.0.0.0:* LISTEN 4202/dansguardian tcp0 0 0.0.0.0:1 0.0.0.0:* LISTEN 1149/perl tcp6 0 0 :::53 :::* LISTEN 1068/dnsmasq tcp6 0 0 :::22 :::* LISTEN 1022/sshd tcp6 0 0 :::3129 :::* LISTEN 1610/squid3 Squid config is currently this acl localnet1 src 172.25.101.0/24 # RFC1918 possible internal network acl localnet2 src 172.25.102.0/24 # RFC1918 possible internal network acl localnet3 src 172.25.103.0/24 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow localhost http_access allow localnet1 http_access allow localnet2 http_access allow localnet3 http_access deny !Safe_ports always_direct allow all http_access deny CONNECT !SSL_ports cache_effective_user proxy cache_effective_group proxy # http_access deny manager http_port 3128 intercept http_port 3129 debug_options All,2 78,5 cache_dir ufs /mnt/ksn/squid/cache 100 16 256 coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 #Performance Tuning Options hosts_file /etc/hosts dns_nameservers 127.0.0.1 cache_replacement_policy heap LFUDA cache_swap_low 90 cache_swap_high 95 #cache_mem 200MB logfile_rotate 10 memory_pools off maximum_object_size 50 MB maximum_object_size_in_memory 50 KB quick_abort_min 0 KB quick_abort_max 0 KB log_icp_queries off client_db off buffered_logs on half_closed_clients off ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Transparent Proxy by squid 2.6 stable 14 in ubuntu 7.10 not working
--- kang ason [EMAIL PROTECTED] wrote: Date: Fri, 1 Feb 2008 07:00:27 -0800 (PST) From: kang ason [EMAIL PROTECTED] Subject: Transparent Proxy by squid 2.6 stable 14 in ubuntu 7.10 not working To: squid-users@squid-cache.org Dear all i have server running squid (transparent proxy) in linux (squid installed using synaptic Package Manager on ubuntu 7.10 with squid 2.6 Stable 14) this server have two interfaces, eth0 to internet eth1 to LAN And this is my squid.conf http_port 192.168.10.10:8080 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY cache_vary on acl apache rep_header Server ^Apache broken_vary_encoding allow apache cache_mem 128 MB cache_swap_low 98 cache_swap_high 99 maximum_object_size 51200 KB minimum_object_size 0 KB ipcache_size 2048 ipcache_low 98 ipcache_high 99 fqdncache_size 2048 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir ufs /var/spool/squid 5000 18 256 access_log /var/log/squid/access.log squid cache_log /dev/null cache_store_log /dev/null emulate_httpd_log off log_ip_on_direct on mime_table /usr/share/squid/mime.conf log_mime_hdrs off pid_filename /var/run/squid.pid log_fqdn off ftp_user [EMAIL PROTECTED] ftp_list_width 32 ftp_passive on ftp_sanitycheck on hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT ## Client IP Address acl VLAN10 src 192.168.10.0/255.255.255.0 http_access deny CONNECT !SSL_ports http_access deny !Safe_ports http_access deny purge http_access allow purge localhost http_access deny manager http_access allow VLAN10 http_access allow manager localhost http_access allow localhost http_access deny all icp_access allow all cache_mgr [EMAIL PROTECTED] cache_effective_user proxy cache_effective_group proxy visible_hostname Proxy.server always_direct allow all coredump_dir /var/spool/squid extension_methods REPORT MERGE MKACTIVITY CHECKOUT store_dir_select_algorithm round-robin ## end of squid.conf and this is my iptables for squid transparent iptables -t nat -A PREROUTING -i eth1 -s 192.168.10/24 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -A PREROUTING -t nat -i eth1 -p tcp -s 192.168.10.0/24 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -s 192.168.10/24 -j MASQUERADE when i look into /var/log/squid/access.log, i can found client access squid. if client setting browser using proxy into 192.168.10.10 with port 8080, i can see client in /var/log/squid/access.log what wrong with my squid.conf or iptables rules? why transparent proxy not working, why client must setting using proxy in their browser if the want using proxy. thanks. regards ason Cah Kopeng Lereng Utara Gunung Merbabu - Never miss a thing. Make Yahoo your homepage. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [squid-users] Transparent Proxy by squid 2.6 stable 14 in ubuntu 7.10 not working
Lets just go over all these settings kang ason wrote: --- kang ason [EMAIL PROTECTED] wrote: Date: Fri, 1 Feb 2008 07:00:27 -0800 (PST) From: kang ason [EMAIL PROTECTED] Subject: Transparent Proxy by squid 2.6 stable 14 in ubuntu 7.10 not working To: squid-users@squid-cache.org Dear all i have server running squid (transparent proxy) in linux (squid installed using synaptic Package Manager on ubuntu 7.10 with squid 2.6 Stable 14) this server have two interfaces, eth0 to internet eth1 to LAN And this is my squid.conf http_port 192.168.10.10:8080 transparent Fine. BUT, is 192.168.10.10 an IP assigned to eth1 ?? As a test you can drop the IP here and FW inbound traffic to 192.168.10.10:8080 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY You can kill these to and replace them with the refresh_patterns below. cache_vary on acl apache rep_header Server ^Apache broken_vary_encoding allow apache cache_mem 128 MB cache_swap_low 98 cache_swap_high 99 maximum_object_size 51200 KB minimum_object_size 0 KB ipcache_size 2048 ipcache_low 98 ipcache_high 99 fqdncache_size 2048 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir ufs /var/spool/squid 5000 18 256 access_log /var/log/squid/access.log squid cache_log /dev/null Better to have a cache_log and see whats going wrong with squid when something does. cache_store_log /dev/null Better to use cache_store_log none and prevent all the attempted writes to /dev/null emulate_httpd_log off log_ip_on_direct on mime_table /usr/share/squid/mime.conf log_mime_hdrs off pid_filename /var/run/squid.pid log_fqdn off ftp_user [EMAIL PROTECTED] ftp_list_width 32 ftp_passive on ftp_sanitycheck on hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 Useful to add: refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 I know its the default config line, but better to use CIDR or no mask here (default is /32) acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync It's useful to make sure _ALL_ of the SSL_Ports are also in Safe_Ports. acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT ## Client IP Address acl VLAN10 src 192.168.10.0/255.255.255.0 Better to use CIDR 192.168.10.0/24 http_access deny CONNECT !SSL_ports http_access deny !Safe_ports http_access deny purge http_access allow purge localhost Ahhh... that will never match. The line above ALWAYS denies purge. Kill it or switch the config lines. http_access deny manager http_access allow VLAN10 http_access allow manager localhost again, that will never match for the global 'deny manager' above. http_access allow localhost http_access deny all icp_access allow all cache_mgr [EMAIL PROTECTED] cache_effective_user proxy cache_effective_group proxy visible_hostname Proxy.server always_direct allow all coredump_dir /var/spool/squid extension_methods REPORT MERGE MKACTIVITY CHECKOUT store_dir_select_algorithm round-robin ## end of squid.conf and this is my iptables for squid transparent iptables -t nat -A PREROUTING -i eth1 -s 192.168.10/24 -p tcp --dport 80 -j REDIRECT --to-port 8080 Well, unless you have other IPA assigned to eth1, using IP here is pretty redundant, iptables -A PREROUTING -t nat -i eth1 -p tcp -s 192.168.10.0/24 -j ACCEPT So what is NAT meant to be doing with this traffic? ACCEPT allows without changes. It seems to me that port-80 traffic is being redirected to squid, and the rest is let out into the internet with RFC1918 private addresses (depending on -t filter -A FORWARD bridging rules). iptables -t nat -A POSTROUTING -o eth0 -s 192.168.10/24 -j MASQUERADE Try this: iptables -t nat -A PREROUTING -o eth0 -s 192.168.10.10 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i eth1 -s 192.168.10/24 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t filter -A FORWARD -i eth1 -s 192.168.10/24 -p tcp --dport 80 -j REJECT when i look into /var/log/squid/access.log, i can found client access squid. if client setting browser using proxy into 192.168.10.10 with port 8080, i can see client in /var/log/squid/access.log what wrong with my squid.conf or iptables rules? why transparent proxy not working, why client must setting using proxy in their
Re: [squid-users] transparent proxy with squid
hello, Thanks for your reply. This rule exist in my setup and from logs I can see the 443 traffic directed to the local squid port and then I am routing it to the main squid box. The strange thing is that I am not seeing any return path of the 443 request I am sending. My setup is [Transparent squid box] -- [squid box] -- [squid-cache box] -- - {external world} If I send the 443 request using my squid box then that works perfectly fine and I get all my 443 requests. Considering this in mind, theoretically 443 traffic from the transparent squid box should work with the PREROUTING rule which you have mentioned, but its not working in my case. It would be a great help for me if you can suggest me the way out to it. Thanks in advance. With Regards, -- Sushil. On Tue, 4 Oct 2005 [EMAIL PROTECTED] wrote: I would assume you'd need to do something similiar to: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128 Tim Rainier Information Services, Kalsec, INC [EMAIL PROTECTED] Sushil Deore [EMAIL PROTECTED] 10/04/2005 01:06 PM To Henrik Nordstrom [EMAIL PROTECTED] cc squid-users@squid-cache.org Subject [squid-users] transparent proxy with squid Dear Henrik, I configured a transparent proxy with squid by referring http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#ss2.3 Though Daniel has strictly mentioed not to ask him about HTTPS with transparent proxy but still I do have certain doubts in my mind which I'll try to explain here. I am setting up a wireless network for which I'll be using transparent proxy with squid. Though my transparent proxy is working fine and serving all port 80 traffic. I also need to serve https request and at this stage I am stucked up. With a seperate squid box as a proxy server I am serving the HTTPS request. Kindly let me know or suggest me how do I serve the HTTPS request using the transparent proxy or do I need to setup any additional setup to serve HTTPS traffic? Thanks in advance. With Regards, -- Sushil.
Re: [squid-users] transparent proxy with squid
On 04.10 22:36, Sushil Deore wrote: I configured a transparent proxy with squid by referring http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#ss2.3 Though Daniel has strictly mentioed not to ask him about HTTPS with transparent proxy but still I do have certain doubts in my mind which I'll try to explain here. I am setting up a wireless network for which I'll be using transparent proxy with squid. Though my transparent proxy is working fine and serving all port 80 traffic. I also need to serve https request and at this stage I am stucked up. With a seperate squid box as a proxy server I am serving the HTTPS request. Kindly let me know or suggest me how do I serve the HTTPS request using the transparent proxy or do I need to setup any additional setup to serve HTTPS traffic? Useless and impossible with squid. use NAT. http://www.shorewall.net/Shorewall_Squid_Usage.html#id2459723 http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#ss2.3 http://lists.debian.org/debian-isp/2001/07/msg00315.html -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity...
[squid-users] transparent proxy with squid
Dear Henrik, I configured a transparent proxy with squid by referring http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#ss2.3 Though Daniel has strictly mentioed not to ask him about HTTPS with transparent proxy but still I do have certain doubts in my mind which I'll try to explain here. I am setting up a wireless network for which I'll be using transparent proxy with squid. Though my transparent proxy is working fine and serving all port 80 traffic. I also need to serve https request and at this stage I am stucked up. With a seperate squid box as a proxy server I am serving the HTTPS request. Kindly let me know or suggest me how do I serve the HTTPS request using the transparent proxy or do I need to setup any additional setup to serve HTTPS traffic? Thanks in advance. With Regards, -- Sushil.
Re: [squid-users] transparent proxy with squid
I would assume you'd need to do something similiar to: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128 Tim Rainier Information Services, Kalsec, INC [EMAIL PROTECTED] Sushil Deore [EMAIL PROTECTED] 10/04/2005 01:06 PM To Henrik Nordstrom [EMAIL PROTECTED] cc squid-users@squid-cache.org Subject [squid-users] transparent proxy with squid Dear Henrik, I configured a transparent proxy with squid by referring http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#ss2.3 Though Daniel has strictly mentioed not to ask him about HTTPS with transparent proxy but still I do have certain doubts in my mind which I'll try to explain here. I am setting up a wireless network for which I'll be using transparent proxy with squid. Though my transparent proxy is working fine and serving all port 80 traffic. I also need to serve https request and at this stage I am stucked up. With a seperate squid box as a proxy server I am serving the HTTPS request. Kindly let me know or suggest me how do I serve the HTTPS request using the transparent proxy or do I need to setup any additional setup to serve HTTPS traffic? Thanks in advance. With Regards, -- Sushil.
Re: [squid-users] Transparent Proxy with Squid and Host: header
Don't reply to others questions when making a new question. Doing so will sort your question into the same thread. On Wed, 31 Aug 2005, Enrico Demarin wrote: Is there any way to fall back on the original IP destination of the request if the Host: header cannot be resolved ? Not today, but patches implementing this is welcome. Regards Henrik
[squid-users] Transparent Proxy with Squid and Host: header
Hi everyone, I have a question: i have set up squid in transparent mode, but i ran into the following case: the client has a hosts file, where it defines for example host19 as following 38.25.63.10 host19 then he attempts a connection using either IE or Firefox: http://host19 the result is that squid gives an error, saying host19 couldnt be found. The client resolves host19 using the hosts lookup table, but sends a Host: host19 header within the request, and squid attempts the connection to that address, which it can't resolve. Is there any way to fall back on the original IP destination of the request if the Host: header cannot be resolved ? thanks in advance Enrico -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.17/85 - Release Date: 30/08/2005
[squid-users] Transparent Proxy using squid and wccp
Hello, I have attempted to conduct a transparent proxy using squid and a cisco router according to information in the article http://www.linux-mag.com/content/view/1957/2303. It seems to me that the packets are getting redirected by the router but squid isnt forwarding. Please look thru and advise Squid runs on Fedora Core 3 and installed via rpm. The router run IOS 12.2 I succeeded in getting the squid box registered with router Router#sh ip wccp Global WCCP information: Router information: Router Identifier: 192.168.1.18 Protocol Version:1.0 Service Identifier: web-cache Number of Cache Engines: 1 Number of routers: 1 Total Packets Redirected:3660 Redirect access-list:150 Total Packets Denied Redirect: 0 Total Packets Unassigned:0 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 but I am unable to browse tcpdump on the linux box running FC 3 shows unreacheable admin prohibited while the debug screenshot is Router# *Mar 1 03:17:39.183: WCCP-PKT: Received valid Here_I_Am packet from 192.168.1.23 w/rcvd_id 0335 *Mar 1 03:17:39.183: WCCP-PKT: Sending I_See_You packet to 192.168.1.23 w/ rcvd_id 0336 *Mar 1 03:17:46.491: ICMP: dst (192.168.1.18) prohibited unreachable rcv from 192.168.1.23 *Mar 1 03:17:49.195: WCCP-PKT: Received valid Here_I_Am packet from 192.168.1.23 w/rcvd_id 0336 *Mar 1 03:17:49.195: WCCP-PKT: Sending I_See_You packet to 192.168.1.23 w/ rcvd_id 0337 *Mar 1 03:17:49.443: ICMP: dst (192.168.1.18) prohibited unreachable rcv from 192.168.1.23 Below is my Router COnfig Router#sh conf Using 1198 out of 155640 bytes ! version 12.2 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! enable secret 5 $1$.nU6$zrTYq3u9FqrEs1z3VR6yO/ enable password 12345 ! ip subnet-zero ip wccp version 1 ip wccp web-cache redirect-list 150 ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.18 255.255.255.0 ip nat inside no ip mroute-cache speed auto half-duplex no cdp enable ! interface FastEthernet0/1 ip address 111.222.111.110 255.255.255.128 ip wccp web-cache redirect out ip nat outside no ip mroute-cache duplex auto speed auto no cdp enable ! ip nat pool ovrld 111.222.111.110 111.222.111.110 prefix-length 24 ip nat inside source list 7 pool ovrld overload ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 ip http server ! ! access-list 7 permit 192.168.1.0 0.0.0.255 access-list 150 permit tcp 192.168.1.0 0.0.0.255 any access-list 150 deny tcp any any ! ! call rsvp-sync ! ! mgcp profile default ! ! ! dial-peer cor custom ! ! ! ! line con 0 exec-timeout 0 0 line 33 62 flush-at-activation line aux 0 line vty 0 4 password 1234 login ! end
RE: [squid-users] Transparent Proxy using squid and wccp
Squid wont works with rpm You have to install squid Source with -enable-linux-netfilter feature. -Original Message- From: Kola Ibikunle [mailto:[EMAIL PROTECTED] Sent: Saturday, July 09, 2005 2:38 AM To: squid-users@squid-cache.org Subject:[squid-users] Transparent Proxy using squid and wccp Hello, I have attempted to conduct a transparent proxy using squid and a cisco router according to information in the article http://www.linux-mag.com/content/view/1957/2303. It seems to me that the packets are getting redirected by the router but squid isnt forwarding. Please look thru and advise Squid runs on Fedora Core 3 and installed via rpm. The router run IOS 12.2 I succeeded in getting the squid box registered with router Router#sh ip wccp Global WCCP information: Router information: Router Identifier: 192.168.1.18 Protocol Version:1.0 Service Identifier: web-cache Number of Cache Engines: 1 Number of routers: 1 Total Packets Redirected:3660 Redirect access-list:150 Total Packets Denied Redirect: 0 Total Packets Unassigned:0 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 but I am unable to browse tcpdump on the linux box running FC 3 shows unreacheable admin prohibited while the debug screenshot is Router# *Mar 1 03:17:39.183: WCCP-PKT: Received valid Here_I_Am packet from 192.168.1.23 w/rcvd_id 0335 *Mar 1 03:17:39.183: WCCP-PKT: Sending I_See_You packet to 192.168.1.23 w/ rcvd_id 0336 *Mar 1 03:17:46.491: ICMP: dst (192.168.1.18) prohibited unreachable rcv from 192.168.1.23 *Mar 1 03:17:49.195: WCCP-PKT: Received valid Here_I_Am packet from 192.168.1.23 w/rcvd_id 0336 *Mar 1 03:17:49.195: WCCP-PKT: Sending I_See_You packet to 192.168.1.23 w/ rcvd_id 0337 *Mar 1 03:17:49.443: ICMP: dst (192.168.1.18) prohibited unreachable rcv from 192.168.1.23 Below is my Router COnfig Router#sh conf Using 1198 out of 155640 bytes ! version 12.2 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! enable secret 5 $1$.nU6$zrTYq3u9FqrEs1z3VR6yO/ enable password 12345 ! ip subnet-zero ip wccp version 1 ip wccp web-cache redirect-list 150 ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.18 255.255.255.0 ip nat inside no ip mroute-cache speed auto half-duplex no cdp enable ! interface FastEthernet0/1 ip address 111.222.111.110 255.255.255.128 ip wccp web-cache redirect out ip nat outside no ip mroute-cache duplex auto speed auto no cdp enable ! ip nat pool ovrld 111.222.111.110 111.222.111.110 prefix-length 24 ip nat inside source list 7 pool ovrld overload ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 ip http server ! ! access-list 7 permit 192.168.1.0 0.0.0.255 access-list 150 permit tcp 192.168.1.0 0.0.0.255 any access-list 150 deny tcp any any ! ! call rsvp-sync ! ! mgcp profile default ! ! ! dial-peer cor custom ! ! ! ! line con 0 exec-timeout 0 0 line 33 62 flush-at-activation line aux 0 line vty 0 4 password 1234 login ! end
[squid-users] Transparent Proxy in Squid with Websense
I have the firewall which can help to forward the web traffic to the web proxy server. I used Squid as the proxy server and all traffic can pass to firewall then to Squid. However, when I used Websense with Squid, I got the following symptom: 1. In transparent proxy, that is no setting in client IE browser: Client - Firewall - Squid - Websense - Web Server I found error and I cannot access the Internet browser 2. With the same configuration setting in squid.conf with IE configured: Client - Squid - Websense - Web Server The client can access the web server. 3. Without Websense in Transparent Proxy (ie. No setting in client IE) Client - Firewall - Squid I can also access the Internet. My question is why I cannot intregrate Firewall, Squid Websense together in Transparent Proxy setting. Thanks!!!
Re: [squid-users] Transparent Proxy Using SQUID CACHE
hi there yes Elsen u are right i am having problems with https sites too ... On Sat, 26 Mar 2005 23:44:15 +0100, Elsen Marc [EMAIL PROTECTED] wrote: Hi there i am having a little problem i have run a squid cache with IPTABLES .every thing is working fine it gets transparent requests and serves web pages perfectly but problem is that its not working as transparent for MSN /YAHOO messengers .i have to put an HTTP proxy on MSN to connect that can any one help me how to throw that traffic out too transparently http://www.squid-cache.org/mail-archive/squid-users/200503/0853.html M.
[squid-users] Transparent Proxy Using SQUID CACHE
Hi there i am having a little problem i have run a squid cache with IPTABLES .every thing is working fine it gets transparent requests and serves web pages perfectly but problem is that its not working as transparent for MSN /YAHOO messengers .i have to put an HTTP proxy on MSN to connect that can any one help me how to throw that traffic out too transparently Regards Data Grey
RE: [squid-users] Transparent Proxy Using SQUID CACHE
Hi there i am having a little problem i have run a squid cache with IPTABLES .every thing is working fine it gets transparent requests and serves web pages perfectly but problem is that its not working as transparent for MSN /YAHOO messengers .i have to put an HTTP proxy on MSN to connect that can any one help me how to throw that traffic out too transparently http://www.squid-cache.org/mail-archive/squid-users/200503/0853.html M.