Re: [squid-users] New to squid
On 09.05.2012 10:42, Ruiyuan Jiang wrote: Hi, all I am new to Squid. I am trying to setup squid as a reverse proxy to for MS Exchange outlook client access. I compiled squid myself (v3.1.19, Solaris 10, SPARC). I followed the configuration example on the squid web page "ConfigExamples/Reverse/ExchangeRpc". # cat squid.conf # Squid normally listens to port 3128 https_port 156.146.1.133:443 accel cert=/opt/apache2.2.21/conf/ssl.crt/webmail_fnpc_com.crt defaultsite=webmail.fnpc.com cache_peer 10.105.10.20 parent 443 0 no-query originserver login=PASS ssl sslcert=/opt/apache2.2.21/conf/ssl.crt/webmail_fnpc_com.crt name=exchangeServer acl EXCH dstdomain .fnpc.com cache_peer_access exchangeServer allow EXCH cache_peer_access exchangeServer deny all never_direct all EXCH http_access allow EXCH http_acces deny all ^^ typo "ss" miss_access allow EXCH miss_access deny all The cerficate file webmail_fnpc_com.crt is a valid certificate that I got from a CA. Do I need to install two certificates on the server, one for client which I would guess the official certificate (webmail_fnpc_com.crt)? Can I present the same certificate to the internal exchange server? That is what I did to all my Apache reverse proxy servers for Exchange server. The basics of it are that Squid is what interacts with the client. So the public cert needs to be presented there on https_port. What Exchange uses depends on what type of interactions happen there. It is probably safest to have self-signed certs with the self-signing CA trusted by Squid (on cache_peer) so it can verify Exchange, but this only works if the clients are not interacting directly to Exchange via other channels. NP: Squid requires PEM format certificate files. When I ran 'squid -X', I got the below message stating 1. unrecognized: 'https_port', 2. FATAL: Bungled squid.conf line 64: cache_peer 156.146.16.198 parent 443 0 no-query originserver login=PASS ssl sslcert=/opt/apache2.2.21/conf/ssl.crt/webmail_fnpc_com.crt name=exchangeServer When you built squid you omitted --enable-ssl. Ensure you have openssl development library to build against and rebuild your squid. It should accept the SSL related config after that. 2012/05/08 17:22:11.373| parse_peer: token='ssl' ... FATAL: Bungled squid.conf line 64: cache_peer 156.146.16.198 parent 443 0 no-query originserver login=PASS ssl sslcert=/opt/apache2.2.21/conf/ssl.crt/webmail_fnpc_com.crt name=exchangeServer Squid Cache (Version 3.1.19): Terminated abnormally. Amos
RE: [squid-users] New to squid
08, 2012 9:05 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] New to squid On 09.05.2012 10:42, Ruiyuan Jiang wrote: > Hi, all > > I am new to Squid. I am trying to setup squid as a reverse proxy to > for MS Exchange outlook client access. I compiled squid myself > (v3.1.19, Solaris 10, SPARC). I followed the configuration example on > the squid web page "ConfigExamples/Reverse/ExchangeRpc". > > # cat squid.conf > # Squid normally listens to port 3128 > > https_port 156.146.1.133:443 accel > cert=/opt/apache2.2.21/conf/ssl.crt/webmail_fnpc_com.crt > defaultsite=webmail.fnpc.com > cache_peer 10.105.10.20 parent 443 0 no-query originserver login=PASS > ssl sslcert=/opt/apache2.2.21/conf/ssl.crt/webmail_fnpc_com.crt > name=exchangeServer > > acl EXCH dstdomain .fnpc.com > > cache_peer_access exchangeServer allow EXCH > cache_peer_access exchangeServer deny all > never_direct all EXCH > > http_access allow EXCH > http_acces deny all ^^ typo "ss" > miss_access allow EXCH > miss_access deny all > > > The cerficate file webmail_fnpc_com.crt is a valid certificate that I > got from a CA. Do I need to install two certificates on the server, > one for client which I would guess the official certificate > (webmail_fnpc_com.crt)? Can I present the same certificate to the > internal exchange server? That is what I did to all my Apache reverse > proxy servers for Exchange server. The basics of it are that Squid is what interacts with the client. So the public cert needs to be presented there on https_port. What Exchange uses depends on what type of interactions happen there. It is probably safest to have self-signed certs with the self-signing CA trusted by Squid (on cache_peer) so it can verify Exchange, but this only works if the clients are not interacting directly to Exchange via other channels. NP: Squid requires PEM format certificate files. > When I ran 'squid -X', I got the > below message stating 1. unrecognized: 'https_port', 2. FATAL: > Bungled > squid.conf line 64: cache_peer 156.146.16.198 parent 443 0 no-query > originserver login=PASS ssl > sslcert=/opt/apache2.2.21/conf/ssl.crt/webmail_fnpc_com.crt > name=exchangeServer > When you built squid you omitted --enable-ssl. Ensure you have openssl development library to build against and rebuild your squid. It should accept the SSL related config after that. > 2012/05/08 17:22:11.373| parse_peer: token='ssl' ... > FATAL: Bungled squid.conf line 64: cache_peer 156.146.16.198 parent > 443 0 no-query originserver login=PASS ssl > sslcert=/opt/apache2.2.21/conf/ssl.crt/webmail_fnpc_com.crt > name=exchangeServer > Squid Cache (Version 3.1.19): Terminated abnormally. Amos This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited.
Re: [squid-users] New to Squid
I know an implementation with more requirements than you need. You will need a fast disk to the squid cache. The environment I know have the cache on ram disk. I have squid separated from my AD forest by two firewalls, this isn't a problem, you need to open the required ports. On Fri, Mar 13, 2009 at 2:43 PM, sq...@zoomemail.com wrote: > > Good afternoon, > > Our company is currently investigating the use of Squid as our Proxy solution > (Secure Web Gateway?). I was curious if anyone out there has successfully > installed and > managed a Production Squid environment > that would be about the complexity and size of the following (and I'd like > some information on it): > > 1) 3,000 concurrent users > 2) Three sites > Primary Site: 100 Mb/sec Internet Connection > Secondary Site: 30 Mb/sec Internet Connection [This is used for a DR scenario > only] > Tertiary Site: 45 Mb/sec Internet Connection [This is used for a DR scenario > only] > 3) We are a Windows 2000/2003 Domain. It's a single forest with two (2) Child > Domains. There is a firewall between the two (2) child domains. > 4) We need HA Pairs at each site, but because we have VMWare ESX 3.5 > implemented at each site we are throwing around the idea of using 3-4 > virtuals (or however many you > guys would recommend) and using our DR strategy for VM's to V2V to boxes to > the other two (2) sites. > > Your input, comments, and questions would be greatly appreciated, thanks! > >
Re: [squid-users] New to Squid
On Fri, Mar 13, 2009 at 2:43 PM, sq...@zoomemail.com wrote: > Good afternoon, > > Our company is currently investigating the use of Squid as our Proxy solution > (Secure Web Gateway?). I was curious if anyone out there has successfully > installed and > managed a Production Squid environment > that would be about the complexity and size of the following (and I'd like > some information on it): > > 1) 3,000 concurrent users > 2) Three sites > Primary Site: 100 Mb/sec Internet Connection > Secondary Site: 30 Mb/sec Internet Connection [This is used for a DR scenario > only] > Tertiary Site: 45 Mb/sec Internet Connection [This is used for a DR scenario > only] > 3) We are a Windows 2000/2003 Domain. It's a single forest with two (2) Child > Domains. There is a firewall between the two (2) child domains. > 4) We need HA Pairs at each site, but because we have VMWare ESX 3.5 > implemented at each site we are throwing around the idea of using 3-4 > virtuals (or however many you > guys would recommend) and using our DR strategy for VM's to V2V to boxes to > the other two (2) sites. > > Your input, comments, and questions would be greatly appreciated, thanks! Those numbers are not really THAT MUCH demanding (there are environments easily 10 times bigger). Making AD work in a firewalled environment is not really that easy (nor secure), but I'd assume that that side of things has already been covered. In general I'd advise AGAINST going virtual for the kind of loads squid performs, but I have no hard numbers to back this claim up. Also, if you can control your users' browsers' configuration (which would seem to be the case), having a proxy-pac-based HA solution is not hard. -- /kinkie
Re: [squid-users] New to Squid
On 13.03.09 15:00, David Rodríguez Fernández wrote: > I know an implementation with more requirements than you need. > > You will need a fast disk to the squid cache. The environment I know > have the cache on ram disk. Do you have memory cache turned off? This way it's useless to have it. I'd advise using only memory cache, but it afaik has some problems when many or big objects are there. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet.
Re: [squid-users] New to Squid
On Fri, Mar 13, 2009 at 04:14:42PM +0100, Kinkie wrote: > > Making AD work in a firewalled environment is not really that easy > (nor secure), but I'd assume that that side of things has already been > covered. > This is totally off-topic but the above statement is not true. What you need to do is use an IPSEC tunnel - there are MS docuemnts that describe how you can do this. -- Brett Lymn "Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer."
Re: [squid-users] new to squid
Actually, ./configure --help is quite sufficient at displaying compile-time options and their descriptions. I would start there. Tim Rainier Abdock <[EMAIL PROTECTED]> 08/17/2005 01:09 PM To squid-users@squid-cache.org cc Subject [squid-users] new to squid Dear All, I need to set up a tranparent squid box, and want to use CentOS 4, getting squid from source is great, can anybody help me on the compile lines ? Have like 1,000 users. and a bandwidth of 4mb in / 1 mb out. Thanks a lot, Ab.
Re: [squid-users] new to squid
Thanks for the reply, i did not want to compile with too many or too less options, so was not sure ! and another thing is it better to use squid from what CentOS provides or to download it and compile it. Rgds, -Original message- From: [EMAIL PROTECTED] Date: Wed, 17 Aug 2005 20:26:18 +0300 To: squid-users@squid-cache.org Subject: Re: [squid-users] new to squid > Actually, ./configure --help is quite sufficient at displaying > compile-time options and their descriptions. > I would start there. > > Tim Rainier > > > > > Abdock <[EMAIL PROTECTED]> > 08/17/2005 01:09 PM > > To > squid-users@squid-cache.org > cc > > Subject > [squid-users] new to squid > > > > > > > > Dear All, > > I need to set up a tranparent squid box, and want to use CentOS 4, getting > squid from source is great, can anybody help me on the compile lines ? > > Have like 1,000 users. and a bandwidth of 4mb in / 1 mb out. > > > Thanks a lot, > > Ab. > > >
Re: [squid-users] new to squid
Bill Everhart wrote: Hi all, I'm brand new to squid. Up until now I've been using apache mod_proxy with a very simple config: ProxyRequests On Order deny,allow Deny from all Allow from 10 Today I found out I can no longer use mod_proxy because YUM uses byteranges and apache doesn't support that. I have read over the squid config file (wow) and I have a couple of questions: 1. Does squid handle byterange requests? Yes. 2. squid seems over the top for what I need, I'm looking for something that does not cache and just allows traffic from my 10.x network to redhat network. Is there something else out there I should be looking at? NAT? Otherwise check out http://www.linux.org/apps/all/Daemons/Proxy.html 3. Could anyone provide me with a config that doesn't cache anything and just works as a proxy between clients on a 10.x network to rhn? Make the following modifications to the default config file. Search for the lines... #acl our_neworks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks ... Modify and uncomment them. acl our_networks src 10.0.0.0/8 http_access allow our_networks Search for the lines... acl QUERY urlpath_regex cgi-bin \? cache deny QUERY ... Append the following... acl REDHAT dstdomain .redhat.com # Match all hosts in the redhat.com domain cache deny REDHAT # Don't cache content from RedHat's servers ok, that was more then a couple of questions. I apprecite any help you guys can give me. Not sure why you wouldn't want to cache replies from RHN, but there you go. The above assumes you are using Squid 2.6. If using Squid 2.5, replace all instances of "cache" with "no_cache". Chris
Re: [squid-users] New to squid
On Thursday 11 September 2003 18.14, Jennifer Fountain wrote: > Hi, > I am trying to install squid on RH9 (everything is up2date) but I > keep getting this error: > (squid): mimeLoadIcon: cannot parse internal URL Hmm.. I have seen this once before. If I recall correcly this error is seen if your hostname is invalid, for example if the hostname contains underscore characters or other characters not allowed to be used in Internet host names. You can correct this by setting visible_hostname to a valid and correct host name (with domain) for your proxy service. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
RE: Re: [squid-users] New to Squid
Thanks for everyone's input thus far. I guess that I'll have to give you guys more (better) information so you can see exactly what we will need Squid to handle for us. At that point you can /point & /laugh and tell us "the better ways" and then after that see how we can do what we do "today" to meet our current needs and then how to move towards a more ideal setup. Since we need to control user access policies, we have to authenticate them against AD and/or LDAP, so I don't see how you could ever get around that (but I'm sure you'll let me know) =D Thanks and I'll try and send some better information along. --- Original Message --- >From: Kinkie[mailto:REMOVED] Sent: 3/13/2009 11:14:42 AM To : sq...@removed Cc : squid-users@squid-cache.org Subject : RE: Re: [squid-users] New to Squid On Fri, Mar 13, 2009 at 2:43 PM, sq...@removed wrote: > Good afternoon, > > Our company is currently investigating the use of Squid as our Proxy solution > (Secure Web Gateway?). I was curious if anyone out there has successfully > installed and > managed a Production Squid environment > that would be about the complexity and size of the following (and I'd like > some information on it): > > 1) 3,000 concurrent users > 2) Three sites > Primary Site: 100 Mb/sec Internet Connection > Secondary Site: 30 Mb/sec Internet Connection [This is used for a DR scenario > only] > Tertiary Site: 45 Mb/sec Internet Connection [This is used for a DR scenario > only] > 3) We are a Windows 2000/2003 Domain. It's a single forest with two (2) Child > Domains. There is a firewall between the two (2) child domains. > 4) We need HA Pairs at each site, but because we have VMWare ESX 3.5 > implemented at each site we are throwing around the idea of using 3-4 > virtuals (or however many you > guys would recommend) and using our DR strategy for VM's to V2V to boxes to > the other two (2) sites. > > Your input, comments, and questions would be greatly appreciated, thanks! Those numbers are not really THAT MUCH demanding (there are environments easily 10 times bigger). Making AD work in a firewalled environment is not really that easy (nor secure), but I'd assume that that side of things has already been covered. In general I'd advise AGAINST going virtual for the kind of loads squid performs, but I have no hard numbers to back this claim up. Also, if you can control your users' browsers' configuration (which would seem to be the case), having a proxy-pac-based HA solution is not hard. -- /kinkie
Re: [squid-users] New to Squid and Linux
On Wednesday 02 August 2006 21:04, [EMAIL PROTECTED] wrote: > I'm running Fedora Core 5 with Squid 2.5. How do I configure Squid so > that I can view both http and https sites? Unless Fedora provides a completely broken squid.conf with the installation Squid will already be able to handle HTTP and HTTPS well. Just take a look at the http_access statements to grant proper access. Christoph
Re: [squid-users] New to Squid and Linux
This is what my squid.conf looks like. Does it look broke? hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all visible_hostname venus coredump_dir /var/spool/squid Thanks, Michael Quoting Christoph Haas <[EMAIL PROTECTED]>: On Wednesday 02 August 2006 21:04, [EMAIL PROTECTED] wrote: I'm running Fedora Core 5 with Squid 2.5. How do I configure Squid so that I can view both http and https sites? Unless Fedora provides a completely broken squid.conf with the installation Squid will already be able to handle HTTP and HTTPS well. Just take a look at the http_access statements to grant proper access. Christoph
Re: [squid-users] New to Squid and Linux
On Wednesday 02 August 2006 22:16, [EMAIL PROTECTED] wrote: > This is what my squid.conf looks like. Does it look broke? Not at all. Just read and understand the documentation on "http_access" and "acl". Everything else is fine. Christoph
Re: [squid-users] New to Squid and Linux
Now it works from the local machine that is actually running squid, but when I try to SSH using Putty into the squid host I get nothing. I am forwarding port 3128 with Putty and setting the brower to use localhost:3128 for proxy. Maybe I'm understanding this wrong but I thought if I used SSH to connect to the squid host it would appear as a local connection and the acl for localhost for work. Did I totally miss that? Thanks, Michael Quoting Christoph Haas <[EMAIL PROTECTED]>: On Wednesday 02 August 2006 22:16, [EMAIL PROTECTED] wrote: This is what my squid.conf looks like. Does it look broke? Not at all. Just read and understand the documentation on "http_access" and "acl". Everything else is fine. Christoph
Re: [squid-users] New to Squid and Linux
On Thursday 03 August 2006 16:46, [EMAIL PROTECTED] wrote: > Now it works from the local machine that is actually running squid, > but when I try to SSH using Putty into the squid host I get nothing. I > am forwarding port 3128 with Putty and setting the brower to use > localhost:3128 for proxy. Just point your browser to the proxy server on port 3128. SSH is not needed. > Maybe I'm understanding this wrong but I thought if I used SSH to > connect to the squid host it would appear as a local connection and > the acl for localhost for work. SSH supports port forwarding. But that's surely not the normal mode of operation and proxy surfing. I hope it's clear that Squid is a HTTP proxy which is not at all connected to SSH. Christoph
Re: [squid-users] New to Squid and Linux
I'm trying to use SSH to tunnel my traffic to the machine that is running squid. The machines are not on the same network. Michael Quoting Christoph Haas <[EMAIL PROTECTED]>: On Thursday 03 August 2006 16:46, [EMAIL PROTECTED] wrote: Now it works from the local machine that is actually running squid, but when I try to SSH using Putty into the squid host I get nothing. I am forwarding port 3128 with Putty and setting the brower to use localhost:3128 for proxy. Just point your browser to the proxy server on port 3128. SSH is not needed. Maybe I'm understanding this wrong but I thought if I used SSH to connect to the squid host it would appear as a local connection and the acl for localhost for work. SSH supports port forwarding. But that's surely not the normal mode of operation and proxy surfing. I hope it's clear that Squid is a HTTP proxy which is not at all connected to SSH. Christoph
Re: [squid-users] New to Squid and Linux
I think you have the wrong acronym. Do you really want a SSL connection as in a "https" connection? In reading this thread you keep typing SSH, but do you really need to use is SSL. Tim --- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x2651725B Sismet Road Fax: 905-625-6348 Mississauga, Canada E-Mail: [EMAIL PROTECTED] L4W 1P9 --- [EMAIL PROTECTED] wrote: I'm trying to use SSH to tunnel my traffic to the machine that is running squid. The machines are not on the same network. Michael Quoting Christoph Haas <[EMAIL PROTECTED]>: On Thursday 03 August 2006 16:46, [EMAIL PROTECTED] wrote: Now it works from the local machine that is actually running squid, but when I try to SSH using Putty into the squid host I get nothing. I am forwarding port 3128 with Putty and setting the brower to use localhost:3128 for proxy. Just point your browser to the proxy server on port 3128. SSH is not needed. Maybe I'm understanding this wrong but I thought if I used SSH to connect to the squid host it would appear as a local connection and the acl for localhost for work. SSH supports port forwarding. But that's surely not the normal mode of operation and proxy surfing. I hope it's clear that Squid is a HTTP proxy which is not at all connected to SSH. Christoph
RE: [squid-users] New to Squid and Linux
No, I really meant SSH. I'm using Putty from work to my home linux box. Michael -Original Message- From: Tim Neto [mailto:[EMAIL PROTECTED] Sent: Thursday, August 03, 2006 1:57 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] New to Squid and Linux I think you have the wrong acronym. Do you really want a SSL connection as in a "https" connection? In reading this thread you keep typing SSH, but do you really need to use is SSL. Tim --- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x2651725B Sismet Road Fax: 905-625-6348 Mississauga, Canada E-Mail: [EMAIL PROTECTED] L4W 1P9 --- [EMAIL PROTECTED] wrote: > I'm trying to use SSH to tunnel my traffic to the machine that is > running squid. The machines are not on the same network. > > Michael > > Quoting Christoph Haas <[EMAIL PROTECTED]>: > >> On Thursday 03 August 2006 16:46, [EMAIL PROTECTED] wrote: >>> Now it works from the local machine that is actually running squid, >>> but when I try to SSH using Putty into the squid host I get nothing. I >>> am forwarding port 3128 with Putty and setting the brower to use >>> localhost:3128 for proxy. >> >> Just point your browser to the proxy server on port 3128. SSH is not >> needed. >> >>> Maybe I'm understanding this wrong but I thought if I used SSH to >>> connect to the squid host it would appear as a local connection and >>> the acl for localhost for work. >> >> SSH supports port forwarding. But that's surely not the normal mode of >> operation and proxy surfing. >> >> I hope it's clear that Squid is a HTTP proxy which is not at all >> connected >> to SSH. >> >> Christoph >> > > > >
Re: [squid-users] New to Squid and Linux
- Original Message - From: "Michael J McGraw" <[EMAIL PROTECTED]> To: Sent: Thursday, August 03, 2006 9:18 PM Subject: RE: [squid-users] New to Squid and Linux > No, I really meant SSH. I'm using Putty from work to my home linux box. > > Michael In what way do you believe that squid might be involved with this process. -- Brian Gregory. [EMAIL PROTECTED] Computer Room Volunteer. Therapy Centre. Prospect Park Hospital.
Re: [squid-users] New to Squid and Linux
tor 2006-08-03 klockan 10:46 -0400 skrev [EMAIL PROTECTED]: > Now it works from the local machine that is actually running squid, > but when I try to SSH using Putty into the squid host I get nothing. I > am forwarding port 3128 with Putty and setting the brower to use > localhost:3128 for proxy. Should work. Have done that many times. Just make sure you use the correct forwarding method, local port to remote host. Not the opposite.. local port 3128 local address 127.0.0.1 (if it can be specified) remote host 127.0.0.1 remote port 3128 Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] New to Squid and Linux
tor 2006-08-03 klockan 22:03 +0100 skrev Brian Gregory: > > No, I really meant SSH. I'm using Putty from work to my home linux box. > > > > Michael > > In what way do you believe that squid might be involved with this process. He is trying to set up a port forward of the Squid port via SSH, allowing him to connect to the Squid proxy port over SSH as he can't (or won't) connect to it directly from his station. Nothing strange, just a bit odd, but perfectly normal use of SSH the swiss army knife of networking. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] New to Squid and Linux
It works when I am sitting at the linux box but when I try to SSH into it and use the squid proxy through the tunnel I can get no where. I have my Putty tunnel setup for local port 3128 forwarded to remote port 3128. L3128 ip.address.to.linuxbox:3128 L is for local port. Should ip.address.to.linuxbox be 127.0.0.1 also? Michael Quoting Henrik Nordstrom <[EMAIL PROTECTED]>: tor 2006-08-03 klockan 10:46 -0400 skrev [EMAIL PROTECTED]: Now it works from the local machine that is actually running squid, but when I try to SSH using Putty into the squid host I get nothing. I am forwarding port 3128 with Putty and setting the brower to use localhost:3128 for proxy. Should work. Have done that many times. Just make sure you use the correct forwarding method, local port to remote host. Not the opposite.. local port 3128 local address 127.0.0.1 (if it can be specified) remote host 127.0.0.1 remote port 3128 Regards Henrik
Re: [squid-users] New to Squid and Linux
On Thu, 2006-08-03 at 19:24 -0400, [EMAIL PROTECTED] wrote: > I have my Putty tunnel setup for local port 3128 forwarded to remote > port 3128. > > L3128 ip.address.to.linuxbox:3128 > L is for local port. > > Should ip.address.to.linuxbox be 127.0.0.1 also? Yes, most likely. It's the same as your proxy settings when running on the box. Regards Henrik
Re: [squid-users] New to Squid: Few questions on capability
On Fri, 2 Apr 2004, Jason Williams wrote: > Some of the things we are looking for: > > -ability to block types of web sites, web sites etc. Yes, but is a bit tedious to maintain unless you subscribe to one of the web site category databases.. but this is not Squid's fault. > -can we block outgoing access by IP, or groups IP's yes. > -ability to generate log reports yes. > -ability to set logon hours Yes. Regards Henrik
Re: [squid-users] New to Squid & need to upgrade to 2.5
Hi, At 16.33 08/09/2004, kmo vern wrote: I have inherited a Windows NT 4.0 network that is running Squid 2.3.Stable4. The issue is that 2.3Stable4 has a file upload limit of 1MB. I am needing to upgrade to 2.5 because it doesn't have the upload restriction. Just in the past week this is first I have heard of Squid, so I am needing some guidance in this upgrade process. Any help that could be provided would be greatly appreciated. You can find the latest binaries for Windows here: http://www.acmeconsulting.it/SquidNT.htm Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/