Hi Squid friends,
I want to setup a transparent proxy and accelerator mode, I'm working with
Squid 2.4.STABLE6 and Iptables 1.2.5 on RH Linux 7.2.
I'm deploying a three-hommed firewall, the transparent proxy is working
fine, but the accelerator mode is not working.
This error message is displayed when I try to access to the web site:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.dominio.com
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being allowed at
this time. Please contact your service provider if you feel this is
incorrect.
Your cache administrator is root.
Generated Sun, 02 Jun 2002 03:38:34 GMT by firewall (Squid/2.4.STABLE6)
My squid.conf is this:
----------------------------------------------------------------------------
-----------
http_port 80 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 8000 16 256
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl red_interna src 172.16.0.0/255.255.0.0
acl red_dmz src 192.168.0.0/255.255.255.0
acl acceleratedHost dst 192.168.0.11/255.255.255.255
acl acceleratedPort port 80
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#Default:
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# And finally deny all other access to this proxy
http_access allow localhost
http_access allow acceleratedHost acceleratedPort
http_access allow red_interna
http_access allow red_dmz
http_access deny all
----------------------------------------------------------------------------
-----------
The iptables is accepting connections to to the web server external IP on
port 80 ... and 8080 (internal) for transparent proxy.
Please what is the problem? or what is missing??
Thank you very much.
Geffrey.
Received on Sun Jun 02 2002 - 07:34:18 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:24 MST