nixCraft

I am using Kanotix 2.6.17, KDE 3.5.2, iptables, and a stand alone behind a router. I am trying to get squid to work and have spent 2-3 weeks browsing dozens of sites asking for help, and have gotten nowhere. Here is what I have done.
# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
# iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
# iptables-save > /etc/sysconfig/iptables
# /etc/init.d/squid restart
Restarting Squid HTTP proxy: squid.

squid.conf uncomented lines

http_port 127.0.0.1:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
maximum_object_size 32768 KB
maximum_object_size_in_memory 8 KB
cache_dir ufs /var/spool/squid 1400 16 256
refresh_pattern Release$ 0 41% 720
refresh_pattern Packages\.gz$ 0 41% 720
refresh_pattern Sources\.gz$ 0 41% 720
refresh_pattern \.orig.tar.gz$ 525600 0% 525600 override-lastmod ignore-reload
refresh_pattern \.diff.gz$ 525600 0% 525600 override-lastmod ignore-reload
refresh_pattern \.deb$ 525600 0% 525600 override-lastmod ignore-reload
refresh_pattern \.dsc$ 525600 0% 525600 override-lastmod ignore-reload
refresh_pattern ^ftp: 0 50% 43200
refresh_pattern ^gopher: 0 50% 720
refresh_pattern \.shtml$ 0 10% 720
refresh_pattern \.html$ 0 50% 720
refresh_pattern \.htm$ 0 50% 720
refresh_pattern \.php.$ 0 10% 720
refresh_pattern \.img$ 0 50% 720
refresh_pattern \.jpeg$ 0 50% 720
refresh_pattern \.jpg$ 0 50% 720
refresh_pattern . 0 20% 720
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 192.168.7.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
cache_mgr admin
cache_effective_user squid
cache_effective_group squid
visible_hostname BRYANCLIENT
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Two thoughts come to mind. I got something wrong in the squid.conf (even though that is what I was to put), or there is something in the kernel that is blocking what I am trying to do, and if there is I have no clue as to how to get at it. Access.log and cache.log are both empty. I really would like to know how to get this sorted out as so much of what you can do to controll the internet via other packages are depended upon squid.

No problem will sort out your problem.

However, let us know your setup. To troubleshoot your problem we need to know exact setup.

Do you want to configure your squid server as a router and proxy server for rest of lan?
Do you have two lan cards in your squid linux server? If so an you specify the IP address for both ?

By looking your iptables rules and squid.conf both configurations are not correct at the movment?

Gives us as much as background and your problem will be sorted out

I have two independent boxes inbehind an off the shelf router. They both are connected to each other and the internet through eth0 with each assigned one IP (I have preassigned for simplicity). One box is run with WinXP and this box with Linux. The Linux box can see the XP (still have to figure out the XP to Linux side) can get on the internet no prob, so my IP is fine. The problem I am having is that there are so many sites dealing with so many ways of setting up squid that as a newbie I have no way of deciphering what applys to me and what does not. Hope that is enough info.

You have forced squid to accept request from localhost only (127.0.0.1) so it will never ever work with Windows XP or other Lan computer.

First, remove all iptables rules with following command (later we will setup iptables, once squid started to work):
Open squid.conf file:
Find out line that read as follows:
Replace it:
Save the file and restart squid:
Now go to Windows box and setup proxy IP and 3128 port.

And test it and it should work.

__________________
Rocky Jr.
You may have my body & soul, but you will never touch my pride!

If you have knowledge, let others light their candles at it.

Certified to work on HP-UX / Sun Solaris / RedHat

For those commands, one problem. I am using the kanotix distro (its debian based) which does not use service or chkconfig commands. I have been using a couple of commands that you can use with /etc/rc.d/init.d/*.*, but I do know that you can't do the same things as service or chkconfig. Do you know what their equivalent commands are or the pack that will allow me to use those?

Heh, to stop firewall:
create a script and put following lines:

Append following
Save the script and setup executable permissions:
Now run script and your firewall will stop:


To start/stop/restart squid (Debian and others do not use service command):
Rest stuff is same

Thank you. Will have to wait until I get off work to work on it. That is basically what I have been doing all along except the script I have been using shell one line at a time. Sure will simplify things.

I did the firewall.stop and madethe changes to squid and restarted, I have gone no farther because now I am concerned about something else. I am getting an eth0: Tx timeout -reset. I ran ifconfig with this result:
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:01:53:00:9F:17
inet addr:192.168.7.151 Bcast:192.168.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:5 Base address:0xe400

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:130 errors:0 dropped:0 overruns:0 frame:0
TX packets:130 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11224 (10.9 KiB) TX bytes:11224 (10.9 KiB)

Is this happening because squid is finally kicking in and do I then go back and do what you told me to do in the first place, or do I need to make other changes first.

Also what about the line
acl localhost src 127.0.0.1/255.255.255.255 192.168.7.0/255.255.255.0
And that 192.168.7.0 the 0 isn't my IP, but when I did put in the IP squid came back with a warning and on some site it said to just putting a 0 was fine. I am having real difficulty of making any sence as to how squid works.

192.168.7.0/255.255.255.0 is your network address/id - It means squid will work with all your network computers including windows XP.

You need to run all commands as the root user.

Replace
With
Add one more acl called lan
And find line that read as:
Below that append following line:
Restart squid:
See if port 3128 is open or not with following of command (paste output here):
If port 3128 is open then you can connect from windows XP to linux squid.

__________________
Vivek | My personal blog
Linux Evangelist
Play hard stay cool