[squid-users] squid-3.4.8 intercept

Cassiano Martin cassiano at polaco.pro.br
Tue Nov 18 18:14:35 UTC 2014 

Thats because you have not set your local network to squid. You have
to allow your network  range 66.159.32.0/24

2014-11-18 15:59 GMT-02:00 Frank <frank at cronomagic.com>:
>     Hi,
>
>     Since upgrading from 3.1.22 to 3.4.8 I have been unable to get the
> transparent mode
> to accept my IP.  I am seeing permission denied in the transaction when I do
> a packet dump.
> I have read the documentation making changes for 3.4.8.
> I even allowed everything and no go.
>
> I also compiled squid and here is my configure script:
>
> ./configure \
>   --prefix=/usr/share/squid-3.4.8  \
>   --libdir=/usr/lib${LIBDIRSUFFIX} \
>   --sysconfdir=/etc/squid \
>   --localstatedir=/var/log/squid \
>   --datadir=/usr/share/squid-3.4.8 \
>   --with-pidfile=/var/run/squid/squid.pid \
>   --mandir=/usr/man \
>   --with-logdir=/var/log/squid \
>   --enable-snmp \
>   --enable-ipf-transparent \
>   --enable-ipfw-transparent
> #  --enable-auth="basic" \
> #  --enable-basic-auth-helpers="NCSA" \
> #  --enable-linux-netfilter \
> #  --enable-async-io \
> #  --disable-strict-error-checking
>
> My machine the browser is on:
>
> 66.159.32.31
>
> The machine that is running squid:
>
> 66.159.47.22
>
> Here is my squid.conf
>
> ===================================================================================
>
> #
> # Recommended minimum configuration:
> #
>
> cache_effective_user  squid
> cache_effective_group  squid
>
> # Example rule allowing access from your local networks.
> # Adapt to list your (internal) IP networks from where browsing
> # should be allowed
> acl localnet src all    # RFC1918 possible internal network
> #acl localnet src 66.159.32.0/24        # RFC1918 possible internal network
> #acl localnet src 108.161.167.0/24      # RFC1918 possible internal network
> #acl localnet src 66.159.47.0/24        # RFC1918 possible internal network
> #acl localnet src 127.0.0.0/24  # RFC1918 possible internal network
>
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
>
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> ########http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
> ###########http_access deny CONNECT !SSL_ports
>
> # Only allow cachemgr access from localhost
> ###############http_access allow localhost manager
>
> ###############http_access deny manager
>
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> ############http_access deny to_localhost
>
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
>
> http_access allow localnet
> http_access allow localhost
>
> # And finally deny all other access to this proxy
> #http_access deny all
> http_access allow all
>
> # Squid normally listens to port 3128
> http_port 3128
> http_port 3129 intercept
>
> always_direct allow all
>
> # Uncomment and adjust the following to add a disk cache directory.
> cache_dir ufs /usr/share/squid/cache 100 32 512
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/log/squid/cache/squid
>
> #
> # Add any of your own refresh_pattern entries above these.
> #
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20%     4320
>
> ==================================================================================
>
> And I have configured my browser to use HTTP Proxy 66.159.47.22 Port 3129
>
> I also setup iptables on my machine as follows and that didn't work either.
> Same permission
> denied.
>
>
> /sbin/iptables -t nat -A OUTPUT -p tcp -s 66.159.32.31 --dport 80 -j DNAT
> --to 66.159.47.22:3129
>
> Let me know if further info is needed.   Any help would be greatly
> appreciated.
>
> --
> Regards,
> Frank Torontour
> Network Administrator
> frank at cronomagic.com
> 514-341-1579 EXT-214
> 1-800-427-6012 Ext-214
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

More information about the squid-users mailing list