Hello all,
I am running squid2.5.stable4 on a server (kernel 2.4.7.20. masquerade with
iptables).
As soon as one of my workstation try a web request i read that in my
cache.log file:
2003/12/24 13:19:24| comm_udp_sendto: FD 4, 212.27.32.176, port 53: (1)
Operation not permitted
2003/12/24 13:19:24| idnsSendQuery: FD 4: sendto: (1) Operation not
permitted
and obvioulsy it does not work:-((
let me tell you that i have no Local DNS running and that 212.27.32.175 is
one of my ISP's DNS.
If i stop running squid everything is ok.
i think my firewall-masq rules are not right but i can't find what is wrong
(i join my squid.conf and ipatbles rules)
Someone has a idea to help me?
thank's
Cordialement,
_____________________________________________________________________
Vincent GAUVIN - Formateur TICE
Circonscription de REIMS VI 13 rue Chanzy BP 2028 51070 REIMS Cédex (France)
Tel : (33) 03.26.02.19.14
mailto : vincent.gauvin@ac-reims.fr
http://ienreims6.dyndns.org/
Le site des TICE dans la Marne http://tic-et-tice.dyndns.org
_____________________________________________________________________
"iptables -L"
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
"squid.conf"
#port sur lequel le proxy Ă(c)coute les clients Web
http_port 8080
cache_effective_user squid
cache_effective_group squid
#ne pas utiliser le cache pour ? et .cgi
hierarchy_stoplist cgi-bin ? .cgi
#mĂ(c)moire RAM allouĂ(c)e au proxy
cache_mem 8 MB
#taille maximale des fichiers qui seront enregistrĂ(c)s dans le cache
maximum_object_size 4096 KB
#rĂ(c)pertoire dans lequel seront stockĂ(c)s les fichiers enregistrĂ(c)s.
#dans cet exemple, la taille maximale de ce rĂ(c)pertoire sera de 200Mo
# il y aura 16 sous divisions dans /var/spool/squid
#- et il y aura 256 divisions dans ces 16 sous divisions
cache_dir ufs /var/spool/squid 200 16 256
#fichiers de log nĂ(c)cessaires pour contrĂ´ler le fonctionnement du cache
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
cache_swap_log /usr/local/squid/var/logs/swap.log
#localisation de la table MIME de squid
mime_table /usr/local/squid/etc/mime.conf
#informations relatives au processus
pid_filename /var/run/squid.pid
debug_options ALL,1
#listes d'accès
acl allowed_hosts src 192.168.0.0/255.255.0.0
# acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object
# acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563
acl safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
acl serveurlocal dst 127.0.0.1/255.255.255.255
#autorisation/interdiction des listes dĂ(c)finies
http_access allow manager
http_access allow manager allowed_hosts
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow allowed_hosts
http_access allow serveurlocal
#email du manager du cache
cache_mgr vincent.gauvin@ac-reims.fr
visible_hostname cache
#rotation des fichiers log
logfile_rotate 5
httpd_accel_host virtual
httpd_accel_port 8080
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host off
log_fqdn on
#pour exclure du cache l'intranet (local)
acl web-local dstdomain localhost
always_direct allow web-local
Received on Sun Dec 28 2003 - 07:13:11 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:26 MST