[squid-users] Squid 3 proxy server (non transparent) - Deny Google Talk Port from Johannes Sidarta on 2009-06-29 (squid-users)

From: Johannes Sidarta <jo.sidarta_at_gmail.com>
Date: Tue, 30 Jun 2009 11:53:03 +1000

Hi all,
At the moment I'm using 2 NIC (1 for external connected to ADSL modem
/ router) and 1 for internal network.
External ethernet = eth0 (192.168.1.4)
Internal ethernet = eth1 (192.168.0.4)
Client IP = 192.168.0.20

I've installed Squid3 proxy server and use non-transparent mode. I've
opened port 5222 (for GChat). Also configure Google Chat software to
use HTTP Proxy: 192.168.0.4:8090; I still unable to connect to Google
Chat.

This is snippet of my squid.conf:
http_port 8090
...
logformat LOGS (%{%d/%b %H:%M:%S}tl) (%Ss/%Hs/%Sh) (%>a=>%la) (%ru)
%mt-%<stbytes %trms
access_log /var/log/squid3/access.log LOGS
...
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl InternalNetworks src 192.168.0.0/24
...
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 5222       # GChat
acl Safe_ports port 5050       # YM
acl Safe_ports port 11004      # YM
acl Safe_ports port 1863       # MSN
...
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow InternalNetworks
...
htcp_access deny all
http_access deny all

My access log:
(30/Jun 07:23:13) (TCP_DENIED/403/NONE) (192.168.0.20=>192.168.0.4)
(talk.l.google.com:5222) text/html-2008bytes 0ms
(30/Jun 07:23:13) (TCP_DENIED/403/NONE) (192.168.0.20=>192.168.0.4)
(talk3.l.google.com:5222) text/html-2011bytes 0ms
(30/Jun 07:23:13) (TCP_DENIED/403/NONE) (192.168.0.20=>192.168.0.4)
(talk2.l.google.com:5222) text/html-2011bytes 0ms
(30/Jun 07:23:13) (TCP_DENIED/403/NONE) (192.168.0.20=>192.168.0.4)
(talk1.l.google.com:5222) text/html-2011bytes 0ms
(30/Jun 07:23:13) (TCP_DENIED/403/NONE) (192.168.0.20=>192.168.0.4)
(talk4.l.google.com:5222) text/html-2011bytes 0ms
(30/Jun 07:23:13) (TCP_DENIED/403/NONE) (192.168.0.20=>192.168.0.4)
(gmail.com:5222) text/html-1984bytes 0ms

Can anyone give me a hint on why squid still disable port 5222 even
after I open it? (please note, I've restarted the squid3 server but
the problem still exists)

I believe my iptable rules are okay, because Squid can detect requests
from my client ip (192.168.0.20 => 192.168.0.4)

Thanks

Johannes
Received on Tue Jun 30 2009 - 01:53:14 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 30 2009 - 12:00:04 MDT