Thanks, but I'm still having problems. Obviously something I'm doing wrong,
hence me asking for help! Haha..
Surely people are doing this successfully as a transparent proxy (I don't
want to cache anything).
Matt Ashfield
Network Analyst
Integrated Technology Services
University of New Brunswick
(506) 447-3033
mda@unb.ca
-----Original Message-----
From: trainier@kalsec.com [mailto:trainier@kalsec.com]
Sent: August 4, 2005 12:31 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] still having problems with Mircosoft Update
This issue has been discussed numerous times on this list.
For an archive search, try:
http://www.google.com/search?q=site:squid-cache.org+%2B%22Windows+Update%22&
hl=en&lr=&start=30&sa=N
Tim Rainier
"Matt Ashfield" <mda@unb.ca>
08/04/2005 11:36 AM
Please respond to
<mda@unb.ca>
To
<squid-users@squid-cache.org>
cc
Subject
[squid-users] still having problems with Mircosoft Update
Hi All,
I'm Running squid 2.5 on a RedHat Enterprise server. I'm running it as a
transparent proxy, but am having problems getting it to allow users to get
to windowsupdate properly. It can get to the site, but when it checks for
updates, it fails. I've tried adjusting my MTU size, but this did not
help.
I think my issue is that WindowsUpdate uses port 443 and I'm not sure if
I'm
accommodating this in my configuration correctly. Below is as much info as
I
think may be useful.
My iptables rule looks like below. The first line is to redirect all port
80
requests to my squid port of 3128. The other two lines are for DNS:
iptables -t nat -A PREROUTING -s 192.168.144.0/23 -p tcp --dport 80 -j
REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -p tcp --dport 53 -j SNAT --to-source
x.x.144.200
iptables -t nat -A POSTROUTING -p udp --dport 53 -j SNAT --to-source
x.x.144.200
Within my squid.conf, I am running squid on port 3128. I have a redirector
script, and have the following lines that seem pertinent:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 563 443
acl Safe_ports port 80 21 70 210 911 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
redirector_access allow REDIRECT !SSL_ports
As well, to allow windowsupdate sites I have:
acl NoRedirect url_regex -i .*microsoft\.com
acl NoRedirect url_regex -i .*akamai\.net
acl NoRedirect url_regex -i .*akamai\.com
acl NoRedirect url_regex -i .*windows\.com
acl NoRedirect url_regex -i .*windowsupdate\.com
acl NoRedirect url_regex -i .*windowsupdate\.net
acl NoRedirect url_regex -i .*msft\.com
acl NoRedirect url_regex -i .*msft\.net
acl NoRedirect url_regex -i .*nsatc\.com
acl NoRedirect url_regex -i .*nsatc\.net
acl NoRedirect url_regex -i .*edgesuite\.net
acl NoRedirect url_regex -i .*akadns\.com
acl NoRedirect url_regex -i .*akadns\.net
acl NoRedirect url_regex -i .*207.46.*
acl NoRedirect url_regex -i .*64.2.21.*
acl NoRedirect url_regex -i .*unb\.ca.*
acl NoRedirect url_regex -i windowsupdate
redirector_access deny NoRedirect
Any help is greatly appreciated.
Cheers
Matt
Received on Thu Aug 04 2005 - 10:29:07 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT