[squid-users] Squid v4.45

Periko Support pheriko.support at gmail.com
Sun Aug 29 19:37:46 UTC 2021 

Hello guys.

I'm worrying with all the info u give me guys, tracking the sites
win10 use to query and confirm it has connection.

Is a little annoying when users call u and complain about that, even
if they have internet access.

Part of IT life.

Thanks all for your input!!!

On Sun, Aug 22, 2021 at 11:55 PM L.P.H. van Belle <belle at bazuin.nl> wrote:
>
> In your windows config.
> Remove the ip adres from the gateway and configure your proxy settings.
> Without proxy and gateway no internet.
>
> Or setup SSL proxy
> Add something like this in your firewall and you catch all.
>
> # Redirect HTTP on eth0 from LAN_CIDR to locally installed Squid instance using REDIRECT for intercept mode
> iptables -t mangle -A PREROUTING -i eth0 -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 6080 -m comment --comment "Squid-Intercept 80->6080"
>
> # Redirect HTTPS on eth0 from CIDR to locally installed Squid instance using REDIRECT for intercept mode
> -A PREROUTING -i eth0 -s 192.168.0.0/24 -p tcp --dport 443 -j REDIRECT --to-port 6433 -m comment --comment "Squid-Intercept 443->6433"
>
> And read :
> https://wiki.squid-cache.org/KnowledgeBase/Block%20QUIC%20protocol
>
>
> >The NIC status simply says that *somehow* the Internet is available.
> No, windows 10 does a DNS querie to an MS server, block that and and you see "no internet"
> Even if you have internet.
>
> Maybe PiHole is something for you that does most of what you want.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: squid-users
> > [mailto:squid-users-bounces at lists.squid-cache.org] Namens
> > Periko Support
> > Verzonden: maandag 23 augustus 2021 7:55
> > Aan: squid-users at lists.squid-cache.org
> > Onderwerp: Re: [squid-users] Squid v4.45
> >
> > On Thu, Aug 19, 2021 at 7:40 PM Amos Jeffries
> > <squid3 at treenet.co.nz> wrote:
> > >
> > >
> > > FYI, there is no such version as Squid 4.45.
> >
> > Amos sorry, is 4.15 my mistake.
> > >
> > > What is the output when you run "squid -v" ?
> > >
> >  squid -v
> > Squid Cache: Version 4.15
> > Service Name: squid
> >
> > This binary uses OpenSSL 1.1.1k-freebsd  25 Mar 2021. For legal
> > restrictions on distribution see
> > https://www.openssl.org/source/license.html
> >
> > configure options:  '--with-default-user=squid'
> > '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin'
> > '--datadir=/usr/local/etc/squid'
> > '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var'
> > '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid'
> > '--with-pidfile=/var/run/squid/squid.pid'
> > '--with-swapdir=/var/squid/cache' '--without-gnutls'
> > '--with-included-ltdl' '--enable-auth' '--enable-zph-qos'
> > '--enable-build-info' '--enable-loadable-modules'
> > '--enable-removal-policies=lru heap' '--disable-epoll'
> > '--disable-linux-netfilter' '--disable-linux-tproxy'
> > '--disable-translation' '--disable-arch-native'
> > '--disable-strict-error-checking' '--enable-eui'
> > '--enable-cache-digests' '--enable-delay-pools' '--disable-ecap'
> > '--disable-esi' '--enable-follow-x-forwarded-for'
> > '--with-mit-krb5=/usr/local' 'CFLAGS=-I/usr/local/include -O2 -pipe
> > -I/usr/local/include -I/usr/local/include -fstack-protector-strong
> > -DLDAP_DEPRECATED -fno-strict-aliasing ' 'LDFLAGS=-L/usr/local/lib
> > -L/usr/local/lib -L/usr/local/lib -pthread -L/usr/local/lib
> > -lpcreposix -lpcre -Wl,-rpath,/usr/local/lib:/usr/lib
> > -fstack-protector-strong ' 'LIBS=-lkrb5 -lgssapi_krb5 '
> > 'KRB5CONFIG=/usr/local/bin/krb5-config'
> > 'krb5_config=/usr/local/bin/krb5-config' '--enable-htcp'
> > '--enable-icap-client' '--enable-icmp' '--enable-ident-lookups'
> > '--enable-ipv6' '--enable-kqueue' '--with-large-files'
> > '--enable-http-violations' '--without-nettle' '--enable-snmp'
> > '--enable-ssl' '--with-openssl=/usr'
> > '--enable-security-cert-generators=file'
> > 'LIBOPENSSL_CFLAGS=-I/usr/include' 'LIBOPENSSL_LIBS=-lcrypto -lssl'
> > '--enable-ssl-crtd' '--disable-stacktraces'
> > '--disable-ipf-transparent' '--disable-ipfw-transparent'
> > '--enable-pf-transparent' '--with-nat-devpf' '--disable-forw-via-db'
> > '--enable-wccp' '--enable-wccpv2' '--enable-auth-basic=LDAP SASL DB
> > SMB_LM NCSA PAM POP3 RADIUS fake getpwnam NIS'
> > '--enable-auth-digest=eDirectory LDAP file'
> > '--enable-external-acl-helpers=LDAP_group eDirectory_userip
> > file_userip unix_group delayer kerberos_ldap_group'
> > '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake
> > SMB_LM' '--enable-storeio=aufs diskd ufs'
> > '--enable-disk-io=DiskThreads DiskDaemon AIO Blocking IpcIo Mmapped'
> > '--enable-log-daemon-helpers=file DB'
> > '--enable-url-rewrite-helpers=fake LFS'
> > '--enable-storeid-rewrite-helpers=file'
> > '--enable-security-cert-validators=fake' '--prefix=/usr/local'
> > '--mandir=/usr/local/man' '--disable-silent-rules'
> > '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2'
> > 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc'
> > 'CPPFLAGS=-I/usr/local/include -I/usr/local/include' 'CXX=c++'
> > 'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include
> > -fstack-protector-strong -DLDAP_DEPRECATED -fno-strict-aliasing  '
> > 'CPP=cpp' --enable-ltdl-convenience
> > > On 19/08/21 4:12 am, Periko Support wrote:
> > > > Hello guys.
> > > >
> > > > I have been searching the issue I have with windows 10
> > and the ugly
> > > > job he do to put the NIC "Internet access" and went we have squid
> > > > behind "no internet".
> > > >
> > >
> > > The NIC status simply says that *somehow* the Internet is available.
> > > that means DNS resolution, TCP connectivity, HTTP
> > transactions and HTTPS
> > > transactions are all fully working and producing responses.
> >
> > Windows 10 if for some reason cannot reach the internet will
> > say "no internet".
> >
> > I had sniff the communication and I just found thos 2 sites that looks
> > like windows use to check connectivity.
> >
> > >
> > > Break any one and you will get "no internet". Even when the rest
> > > continue working fine. So it can tell you when some sort of failure
> > > occurs, but is not reliable when it claims success.
> > >
> > >
> > > Please be aware that using your Squid proxy properly is one
> > way Windows
> > > can receive all those services and claim "Internet Access".
> > >
> > >
> > > > I have sniff logs and  I just found this sites went I
> > turn on the computer:
> > > >
> > > > .msftconnecttest.com
> > > > .windows.com
> > > >
> > > > Some has win over this annoying thing with windows 10?
> > > >
> > > > No-Trans[parent Proxy WPAD.
> > > >
> > >
> > > Check that your firewall does not permit HTTP(S)
> > connections directly
> > > from clients to the Internet.
> >
> > I don't allow direct connection to the Internet, all 80/443 must cross
> > under squid.
> >
> > > When;
> > >   * your network gateway firewall(s) block direct connections (other
> > > than from Squid) to HTTP(S), and
> > >   * your proxy logs show those Win10 connection URLs happening, and
> > >   * Win10 NIC says "Interent Access"
> > >
> > > Then you know that the proxy usage is how "Internet Access" happens,
> > > that is what you want so no problem.
> > >
> > >
> >
> > I still haven't found the solution to this little issue.
> >
> > Regards!!!
> >
> > > Amos
> > > _______________________________________________
> > > squid-users mailing list
> > > squid-users at lists.squid-cache.org
> > > http://lists.squid-cache.org/listinfo/squid-users
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
> >
> >
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list