Re: [squid-users] Squid not working for me from Dave Coventry on 2008-01-07 (squid-users)

From: Dave Coventry <dgcoventry@dont-contact.us>
Date: Mon, 7 Jan 2008 14:21:28 +0200

AAaaargh! Sorry, I meant to reply to the list, but that doesn't seem
to be the default. Sorry.

Amos,

Many thanks for the reply; I had almost given up!

On Jan 7, 2008 12:52 PM, Amos Jeffries <squid3@treenet.co.nz> wrote:
>
> So this is a webserver accelerator too?
> Think about adding defaultsite= option to cope with the many broken web
> clients that may be accessing your server.

The main requirement is for some kind of control over the user's
browsing habits.

> This port is also the cause of your problem. You are running squid as a
> non-privileged user. To access a special port <1024 you MUST run squid
> as root and let it drop down to unprivileged by itself at the right times.

Yes it is being started as root with /etc/init.d/squid restart, or by
the boot sequence.

The line http_port 192.168.60:80 vhost vport=8080 has a typo, which I
have since corrected.

In fact I have been researching this quite extensively and have tried
a number of different configurations of squid.conf without success so
far.

My squid.conf now looks like this:

visible_hostname Base
acl IQNetwork src 192.168.60.0/24
acl all src 0.0.0.0/0.0.0.0
http_access allow IQNetwork
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

> Please use Squid 2.6STABLE17 or 3.0STABLE1.
> There are serious security advisories out on all earlier releases.

I have downloaded and recompiled Squid2.6.STABLE17 as part of the
ongoing effort to get it working, but still no joy.

My iptables look like this:

root@Base:/home/dave# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp
dpt:www to:192.168.60.254:3128
DNAT tcp -- anywhere anywhere tcp
dpt:https to:192.168.60.254:3128
DNAT tcp -- anywhere anywhere tcp
dpt:3128 to:192.168.60.254:3128
DNAT tcp -- anywhere anywhere tcp
dpt:webcache to:192.168.60.254:3128

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE 0 -- 192.168.60.0/24 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

But still no joy....
Received on Mon Jan 07 2008 - 05:21:36 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:04 MST