Re: [squid-users] Port Problem with squid
On Mon, Jun 2, 2008 at 11:18 AM, Edward Dam [EMAIL PROTECTED] wrote: I've cleared the rules, and then applied your recommended iptables command. Unfortunately, it puts me right back to where I started. When the www.example.com redirects to http://www2.example.com:8098/login.aspx, it never gets there and times out. First, Pls clear the rule I have given, http_port 3128 transparent because of the above rule , you are running squid in transparent intercept mode. I hope you can browse all the other site successfully. Pls let me know. Could you pls check can squid redirect www.example.com to www2.example.com:8098/login.aspx without running squid in transparent intercept mode ? Pls let me know if it can not , Then, It is www.example.com that redirects to www.example.com, What is this www.example.com ? Is it under your control. is it running apache? I think you will have to redirect to www2.example.com:8098/login.aspx there. Hope to hear from you. -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
Hello, thank you again for the reply. When I take off transparent mode, the result is the same, it does not access (time out) There seems to be some confusion on what I am trying to do. I am NOT trying to redirect www.example.com to www2.example.com:8098/login.aspx via my proxy server. The site www.example.com redirects to www2.example.com:8098/login.aspx as it is. The web server at www.example.com does this automatically when you go to www.example.com However users behind my proxy never get to the redirect. It either times out or, if I forward port 8098 to 3128, I get the error I previously showed. I hope that clears up any confusion, and I apologize if I was not clear previously. On Mon, Jun 2, 2008 at 2:01 PM, Indunil Jayasooriya [EMAIL PROTECTED] wrote: On Mon, Jun 2, 2008 at 11:18 AM, Edward Dam [EMAIL PROTECTED] wrote: I've cleared the rules, and then applied your recommended iptables command. Unfortunately, it puts me right back to where I started. When the www.example.com redirects to http://www2.example.com:8098/login.aspx, it never gets there and times out. First, Pls clear the rule I have given, http_port 3128 transparent because of the above rule , you are running squid in transparent intercept mode. I hope you can browse all the other site successfully. Pls let me know. Could you pls check can squid redirect www.example.com to www2.example.com:8098/login.aspx without running squid in transparent intercept mode ? Pls let me know if it can not , Then, It is www.example.com that redirects to www.example.com, What is this www.example.com ? Is it under your control. is it running apache? I think you will have to redirect to www2.example.com:8098/login.aspx there. Hope to hear from you. -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
When I take off transparent mode, the result is the same, it does not access (time out) without squid, When you access www.example.com, does it redirect to www2.example.com:8098/login.aspx ? If yes, Webserver www.example.com is OK. Hope to hear from you. Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
Yes, that is correct. If I bypass squid and go to www.example.com, it automatically redirects to www2.example.com:8098/login.aspx OK, SOUNDS GOOD. i.e nothing wrong with webserver www.example.com www2.example.com is running on port 8098. Can you change it to port 80 ? Then, Pls browse www.example.com via squid. -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
www2.example.com server is not my within my company. I cannot change the port on it Again, pls disable both transparent intercept mode and dansguardian in squid. Then, browse www.example.com via squid. Pls give me the output of below command tail -f /var/log/squid/acccess.log and, also I need the output of below 2 apache logs of www.example.com at the same time? tail -f /var/log/httpd/access_log tail -f /var/log/httpd/error_log I think it is the easiest way to see what is going on there? -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
On mån, 2008-06-02 at 10:06 +0800, Edward Dam wrote: When a user points to www.example.com, that webpage/server redirects them to http://www2.example.com:8098/login.aspx The redirection is timing out. I've put port 8098 as one of the Safe_ports in squid.conf, and allowed both example.com and www2.example.com in my filters. Still no go. My iptables configuration on the squid server is wide open, with the exception of the redirection of port 80 to 8080. Any ideas, or suggestions for me? That traffic is outside of Squid unless the client is configured to use Squid as proxy. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Port Problem with squid
No other logging for it. Thanks for your logs. I think that 10.43.8.20 is the server where www2.example.com. So far, We checked in two ways. One way is without squid (Direct connection)Then, It worked. What is this path, Is it via a firewall? Pls write down that PATH. The , other PATH is via squid proxy. Then, It does not work. What is this PATH? I want to see reverse path filtering. hope to hear form you. - Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
10.1.15.245 is the squid server. It resides on the LAN. 10.1.15.240 is the LAN interface 10.1.15.241 is connected to INTRANET What is you laptop ip? We know you (i.e your laptop) can access www2.example.com without squid. Can you tracert to www2.example.com (NOT throuogh squid) I think 10.1.15.240 is the gateway of your LAPTOP Pls come back to me... From my laptop (through squid) C:\Documents and Settings\eddtracert www2.example.com Tracing route to 10.43.8.20 over a maximum of 30 hops 11 ms1 ms1 ms 10.1.15.245 -- this is my squid server 21 ms1 ms1 ms 10.1.15.240 -- the is our router - LAN interface 3 1 ms1 ms1 ms 10.1.15.241 --- this is the 2nd interface on the router, connected to the WAN (intranet, not internet) 411 ms12 ms13 ms 10.43.113.57 5 8 ms13 ms12 ms 10.43.112.2 613 ms13 ms13 ms 10.43.8.20 Trace complete. C:\Documents and Settings\edd On Mon, Jun 2, 2008 at 3:25 PM, Indunil Jayasooriya [EMAIL PROTECTED] wrote: No other logging for it. Thanks for your logs. I think that 10.43.8.20 is the server where www2.example.com. So far, We checked in two ways. One way is without squid (Direct connection)Then, It worked. What is this path, Is it via a firewall? Pls write down that PATH. The , other PATH is via squid proxy. Then, It does not work. What is this PATH? I want to see reverse path filtering. hope to hear form you. - Thank you Indunil Jayasooriya -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
my laptop IP is 10.1.15.57. 10.1.15.240 is the LAN interface of the router. It is normally the gateway - however when I am using squid (transparent) the squid server becomes my gateway. Yeah, Interesting. Then, this is your network setup if you bypass squid , your laptop - Firewall - intranet(www.example.com) it directs to www2.example.com If you go via squid, this would be your network setup your laptop - squid - Firewall - intranet(www.example.com) it directs to www2.example.com I think 10.1.15.240 is the gateway of squid server. How many ethernet does this squid server have? I think this is something that belongs to routing... -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
I am GLAD to hear am very happy about your effort in solving this ISSUE. HAPPY squiding. On Mon, Jun 2, 2008 at 1:57 PM, Edward Dam [EMAIL PROTECTED] wrote: Hello Thank you for all your help. I have figured out that it is actually related to DNS. When I put the intranet DNS server (from that other domain) in front of my own DNS server in resolv.conf, it now works through squid. Thank you again for all your help, and I apologize if I wasted your time. On Mon, Jun 2, 2008 at 4:18 PM, Indunil Jayasooriya [EMAIL PROTECTED] wrote: my laptop IP is 10.1.15.57. 10.1.15.240 is the LAN interface of the router. It is normally the gateway - however when I am using squid (transparent) the squid server becomes my gateway. Yeah, Interesting. Then, this is your network setup if you bypass squid , your laptop - Firewall - intranet(www.example.com) it directs to www2.example.com If you go via squid, this would be your network setup your laptop - squid - Firewall - intranet(www.example.com) it directs to www2.example.com I think 10.1.15.240 is the gateway of squid server. How many ethernet does this squid server have? I think this is something that belongs to routing... -- Thank you Indunil Jayasooriya -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
2008/6/1 Edward Dam [EMAIL PROTECTED]: We have one intranet site: www.example.com When a user points to www.example.com, that webpage/server redirects them to http://www2.example.com:8098/login.aspx The redirection is timing out. I've put port 8098 as one of the Safe_ports in squid.conf, and allowed both example.com and www2.example.com in my filters. Still no go. My iptables configuration on the squid server is wide open, with the exception of the redirection of port 80 to 8080. Any ideas, or suggestions for me? the port 8098 isn't redirected to squid. this port is probabily passing out of proxy. -- Wenderson Souza e-mail: [EMAIL PROTECTED] msn: [EMAIL PROTECTED]
Re: [squid-users] Port Problem with squid
I have now redirected the port, using the following command: iptables -t nat -A PREROUTING -m tcp -p tcp --dport 8098 -j REDIRECT --to-port 3128 It seems I am getting further, but now I get: __ ERROR The requested URL could not be retrieved While trying to process the request: GET /login.aspx HTTP/1.1 Host: example.com:8098 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.example.com/Page/Default.aspx The following error was encountered: * Invalid Request Some aspect of the HTTP Request is invalid. Possible problems: * Missing or unknown request method * Missing URL * Missing HTTP Identifier (HTTP/1.0) * Request is too large * Content-Length missing for POST or PUT requests * Illegal character in hostname; underscores are not allowed Your cache administrator is webmaster __ . Any thoughts on this one? On Mon, Jun 2, 2008 at 10:27 AM, Wenderson Souza [EMAIL PROTECTED] wrote: 2008/6/1 Edward Dam [EMAIL PROTECTED]: We have one intranet site: www.example.com When a user points to www.example.com, that webpage/server redirects them to http://www2.example.com:8098/login.aspx The redirection is timing out. I've put port 8098 as one of the Safe_ports in squid.conf, and allowed both example.com and www2.example.com in my filters. Still no go. My iptables configuration on the squid server is wide open, with the exception of the redirection of port 80 to 8080. Any ideas, or suggestions for me? the port 8098 isn't redirected to squid. this port is probabily passing out of proxy. -- Wenderson Souza e-mail: [EMAIL PROTECTED] msn: [EMAIL PROTECTED]
Re: [squid-users] Port Problem with squid
When a user points to www.example.com, that webpage/server redirects this is an port 80 request them to http://www2.example.com:8098/login.aspx then, it should redirect to port 8098 So, I think , pls try below. iptables -t nat -A PREROUTING -m tcp -p tcp -d www.example.com --dport 80 -j REDIRECT --to-port 8098 -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
Thank you. I already have set the http_port 3128 transparent option in squid.conf. The problem persists, however On Mon, Jun 2, 2008 at 1:17 PM, Indunil Jayasooriya [EMAIL PROTECTED] wrote: When a user points to www.example.com, that webpage/server redirects this is an port 80 request them to http://www2.example.com:8098/login.aspx then, it should redirect to port 8098 So, I think , pls try below. iptables -t nat -A PREROUTING -m tcp -p tcp -d www.example.com --dport 80 -j REDIRECT --to-port 8098 -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
I've cleared the rules, and then applied your recommended iptables command. Unfortunately, it puts me right back to where I started. When the www.example.com redirects to http://www2.example.com:8098/login.aspx, it never gets there and times out. The rule that I put in to forward port 8098 requests to 3128 seems to have gotten me further (at least an error message rather than a timeout) Thanks to everyone for their help thusfar. On Mon, Jun 2, 2008 at 1:17 PM, Indunil Jayasooriya [EMAIL PROTECTED] wrote: When a user points to www.example.com, that webpage/server redirects this is an port 80 request them to http://www2.example.com:8098/login.aspx then, it should redirect to port 8098 So, I think , pls try below. iptables -t nat -A PREROUTING -m tcp -p tcp -d www.example.com --dport 80 -j REDIRECT --to-port 8098 -- Thank you Indunil Jayasooriya