Here's what you have told me about your situation: - Box #1/ IP unknown / RH 7.3 box running an iptables firewall, DNS server, Squid and squidGuard.
- Box #2/ IP 192.168.X.X / Running an Apache webserver that hosts the redirect page listed as 'proxy.DOMAINNAME.com' (I'm assuming that you are redirecting to a *page*, and not simply a domain.) - Box #3/ IP 192.168.0.10 / Your workstation. I had asked if you are able to telnet to port 80 on proxy.DOMAINNAME.com from the squid box. I probably should have been more specific; I'm wanting to know if Box #1 can telnet to port 80 on Box #2. Jeff Gainer wrote: > > I can telnet to port 80 on 192.168.0.2. Sorry, I don't know who 192.168.0.2 is, and I don't know where you are telnetting from. > I cannot telnet to port 80 on proxy.DOMAINNAME.com either by name or IP > the connection is refused. Does 'proxy.DOMIANNAME.com' = Box #2? Where are you telnetting from? > Which one of the messages below shows that I am not connectioning to the > webserver? You attempted to browse http://www.hackers.com/, a site listed in your blacklists. Squid sent the request to squidGuard. squidGuard logged (trimmed): > Request(users/hacking/-) http://www.hackers.com/ 192.168.0.10/- - GET This log entry indicates that the request came from 192.168.0.10 and was processed as a member of the 'users' source group. The url was found to be listed in the 'hacking' destination group, and based upon your config file, squidGuard would have returned the url of the redirect page to Squid: 'redirect http://proxy.DOMAINNAME.com' (This would actually list a page, and not just a domain.) As of this point, squidGuard has done exactly what it was supposed to do, and it has completed its responsibilities.. Squid then attempted to retrieve 'http://proxy.DOMAINNAME.com'. Squid displayed an error page telling you that when it tried to retrieve 'http://proxy.DOMAINNAME.com' the connection was refused. Here's the access.log record that you supplied (trimmed): > 192.168.0.10 TCP_MISS/503 1047 GET http://www.hackers.com/ - NONE/- - The status on this log record is 'TCP_MISS/503'. Although it shows the hackers.com url, the status and bytes retrieved (1047) pertain to the redirect page, not hackers.com. While retrieving the specified redirect page, squid logged a 503 status (503 Service Unavailable). > I have looked at all my log files to try and find out why I am being > refused but I can not find anything in them. Which one should I be > looking in? I think you should look in your apache configuration. > Still confused as to why Squid works but squidGuard does not. I don't understand that statement. From what I see, squidGuard worked fine. Rick Matthews > > BTW Thanks for your help in this matter. > > ----- Original Message ----- > From: "Rick Matthews" <[EMAIL PROTECTED]> > To: "squidguard" <[EMAIL PROTECTED]> > Sent: Friday, November 15, 2002 2:16 PM > Subject: RE: Redirection Troubles > > > > Squid is not being allowed to connect to your webserver. > > > > Can you telnet to port 80 on proxy.DOMAINNAME.com from the squid box? > > > > Rick > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Gainer > > > Sent: Friday, November 15, 2002 8:04 AM > > > To: squidguard > > > Subject: Re: Redirection Troubles > > > > > > > > > > > > From access.log > > > 1037368706.369 79 192.168.0.10 TCP_MISS/503 1047 GET > > > http://www.hackers.com/ - NONE/- - > > > > > > > > > From squidGuard.log > > > 2002-11-15 07:57:43 [9186] init domainlist > > > /var/lib/squidGuard/blacklists/hacking/domains > > > 2002-11-15 07:57:43 [9183] init domainlist > > > /var/lib/squidGuard/blacklists/hacking/domains > > > 2002-11-15 07:57:43 [9187] init domainlist > > > /var/lib/squidGuard/blacklists/hacking/domains > > > 2002-11-15 07:57:43 [9185] init domainlist > > > /var/lib/squidGuard/blacklists/hacking/domains > > > 2002-11-15 07:57:43 [9184] init domainlist > > > /var/lib/squidGuard/blacklists/hacking/domains > > > 2002-11-15 07:57:43 [9183] init urllist > > > /var/lib/squidGuard/blacklists/hacking/urls > > > 2002-11-15 07:57:43 [9185] init urllist > > > /var/lib/squidGuard/blacklists/hacking/urls > > > 2002-11-15 07:57:43 [9186] init urllist > > > /var/lib/squidGuard/blacklists/hacking/urls > > > 2002-11-15 07:57:43 [9186] squidGuard 1.2.0 started (1037368663.618) > > > 2002-11-15 07:57:43 [9186] squidGuard ready for requests > (1037368663.854) > > > 2002-11-15 07:57:43 [9183] squidGuard 1.2.0 started (1037368663.630) > > > 2002-11-15 07:57:43 [9183] squidGuard ready for requests > (1037368663.861) > > > 2002-11-15 07:57:43 [9187] init urllist > > > /var/lib/squidGuard/blacklists/hacking/urls > > > 2002-11-15 07:57:43 [9187] squidGuard 1.2.0 started (1037368663.647) > > > 2002-11-15 07:57:43 [9187] squidGuard ready for requests > (1037368663.880) > > > 2002-11-15 07:57:43 [9184] init urllist > > > /var/lib/squidGuard/blacklists/hacking/urls > > > 2002-11-15 07:57:43 [9184] squidGuard 1.2.0 started (1037368663.608) > > > 2002-11-15 07:57:43 [9184] squidGuard ready for requests > (1037368663.893) > > > 2002-11-15 07:57:43 [9185] squidGuard 1.2.0 started (1037368663.658) > > > 2002-11-15 07:57:43 [9185] squidGuard ready for requests > (1037368663.900) > > > > > > From hacking.log > > > 2002-11-15 07:58:26 [9183] Request(users/hacking/-) > http://www.hackers.com/ > > > 192.168.0.10/- - GET > > > > > > ----- Original Message ----- > > > From: "Rick Matthews" <[EMAIL PROTECTED]> > > > To: "Jeff Gainer" <[EMAIL PROTECTED]>; "squidguard" > > > <[EMAIL PROTECTED]> > > > Sent: Thursday, November 14, 2002 9:18 PM > > > Subject: RE: Redirection Troubles > > > > > > > > > > When the error occurs, what entries are being written to: > > > > > > > > /var/log/squid/access.log > > > > /var/log/squid/squidGuard.log > > > > /var/log/squid/hacking.log > > > > > > > > Rick > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Gainer > > > > Sent: Wednesday, November 13, 2002 5:58 PM > > > > To: squidguard > > > > Subject: Redirection Troubles > > > > > > > > > > > > I have squidguard running on RedHat 7.3. This machine is functions > as > > > a firewall with NAT (using iptables), DNS server and Squid > > > > Proxy(using Transparent Proxy). My webserver (apache using virtual > hosts) > > > is on a different computer using a non-routable IP > > > > 192.168.X.X. > > > > > > > > The problem I have is that I can get web pages off the vitual > hosts > > > with no problem however. When I add squidquard into the > > > > squid.conf the page I get redirected to a page that shows the > following. > > > > > > > > Can anyone help me with this problem. > > > > > > > > Jeff > > > > > > > > ERROR > > > > The requested URL could not be retrieved > > > > > > > > > > > > > > > > While trying to retrieve the URL: http://proxy.DOMAINNAME.com > > > > The following error was encountered: > > > > Connection Failed > > > > The system returned: > > > > (111) Connection refused > > > > The remote host or network may be down. Please try the request again. > > > > Your cache administrator is root. > > > > > > > > > > > > > > > > My squid.conf has the following in it > > > > redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf > > > > > > > > and have my squidGuard.conf set up with the following > > > > > > > > # > > > > # CONFIG FILE FOR SQUIDGUARD > > > > # > > > > > > > > dbhome /var/lib/squidGuard/blacklists > > > > logdir /var/log/squid > > > > > > > > src admin { > > > > # List of IP addesses here > > > > ip XXX.XXX.XXX.XXX > > > > } > > > > > > > > > > > > src users { > > > > # List of IP addesses here > > > > ip XXX.XXX.XXX.XXX > > > > } > > > > > > > > > > > > > > > > dest hacking { > > > > domainlist hacking/domains > > > > urllist hacking/urls > > > > log hacking.log > > > > } > > > > > > > > > > > > > > > > > > > > acl { > > > > > > > > admin { > > > > pass all > > > > } > > > > > > > > users { > > > > pass !hacking all > > > > redirect http://proxy.DOMAINNAME.com > > > > } > > > > > > > > > > > > default { > > > > pass none > > > > redirect http://proxy.DOMAINNAME.com > > > > } > > > > } > > > > > > > >
