Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => Linux Proxy Server Support => Topic started by: nickcol on December 06, 2004, 01:24:04 PM
-
Hi
I have setup Nat and a squid transparent proxy as per the How to on a Rh9 pc. The proxy seems to work as http requests are being logged and you can view websites etc.
But I cannot access any ftp servers or https sites. Any Ideas Why ?
Seems like none of ports other than 80 are being forwarded through.
Have i got a config problem or do i need to use iptables to let https ftp through.?
Thanks
Nick
-
Maybe the problem is that your squid is denying the access to ssl ports or safeports. You can check your squid.conf, review your acl rules if you are blocking access to ssl ports.
Regards
Leo
-
my config is a below.Can you tell me which bit needs changing to allow https and ftp.
Nick
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl vitaldog src 192.168.10.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow vitaldog
http_access deny all
nick
-
Try enabling access to ssl and safe ports. Change the default deny for allow like this :
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports.
Maybe this works for you!
Be aware enabling this 'cause your granting access to other related ports in you acl list. So be sure to have a good firewall already configure in your network.
Regards!
Leo
-
Thanks for that.
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
sorted this out and i know have https access.
I will sortout what ports I need now.
Nick
-
good luck!!
Regards!!!
Leo
-
hello there
I have just seen this post and I want to setup transparent proxying
for https
I have followed the instructions as specicfied by you guys
however transparent proxy for https is not working
my /etc/squid/squid.conf settings for same are
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
but it is working perfectly for http requests
how do I get access to both http and https
what are the rules in addition to above?
plz help me!
stefan
-
well.. i as far as i know in transparent mode you have to never worry about https while using squid but if you are using simple proxy using squid then have to specify https proxy port and ip same as http port and ip in browser.
Hope it gives you the hint.
-
HI
thanks for your response ricky :D
As far as I have sen in many forums the answer I got was
transparent proxy setup using squid as proxy even for https requsets
was not possible
My aim is
to setup transparent proxy so that the cleints dont have to bother about
changing their browser settings for ip and port
I just wanted this as many of my users are using hotmail
and are not able to log in to hotmail
I want it to do it with transparent proxy itself
when I first saw this post I initially thought it was easily possible
but with the setting as mentioned Isantana I am not able to log in to
hotmail
(I am using squid/2.5 stable)
any methods for making this possible??
please expalin to me the configs in detail..
-
Well from my side I don't know how is that happening to that guys but I have been using Squid in transparent mode (ie the config i have given in the tutorial section) from almost a Year and I never faced such problem. May be You have some firewall blocking https port and so even transparent will not work.
Well untill i m not able to generate that problem then how i can solve that. So unable to create it here. its all fine here :( . I think you have to look out more, though i m still looking the way around
-
hello
I need to know where I am going wrong
I am not able to do even basic transparent proxying now
configs are perfectly as per those given in your tutorial
actually
I added 2 rules
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j REDIRECT --to-port 3128
and now transparent proxying is not happening thru port 80 also
even after
adding
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
plz guide me how to set it right
-
i doubt if your proxy server is configured to listen on port 3128, are you sure ?
Are their any other rules apart of these, also r you running any firewall application like firestarter ?
-
hi
now I am able to access internet using tranparent proxying ;
earlier also I was able access thru ip and port
I am not using any firewalls also
but still am not able to figure out what went wrong :?
I am now able to connect to https(eg hotmail.com)
but I am not able to get the logs corresponding to same
in /var/log/squid/acces.log
when i watch the same with command
tail -f /var/log/squid/acces.log
are not https requests not logged? in squid?
-
Hi All,
From last 3-4 days I am struggling to access the HTTPS sites through squid 2.5 STABLE10 version.
Most of the users says its not posible.
Anybody have any idea.?
Please help me
Nilesh
-
hi shree
pls mention your kinf of proxy, ie. simple or transparent and try to enable ssl and safe ports
-
I am using transparent proxy.
I tried with enabling ssl ports with normal proxy also.
-
so where is the problem shree ?
-
I was not able to access https and ftp sites through squid
-
to access ftp sites.. make your browser to work in passive mode..
About https not working.. hmm.. check my squid's tutorial and compare it with your squid.conf .
-
Hi :
I am trying to access the following sites via https via squid proxy.
https://<ip_address>:10000
https://<ip_address>:19368
In squid .conf I have done this
acl SSL_ports port 10000 19638 # server access
I restarted squid however when I tried to go to the actual web site, my browser just says the below forever:
Waiting for <ip_address>
In the browser settings, proxy setup for SSL connections is on the default port 3128.
Why does the request just sits there and do nothing :?: :oops:
Is there more additions in squid.conf or browser proxy setup for this to work :?:
-
mm..
Waiting for <ip_address>
Well.. above message simply means that the IP address is not working ! Are you sure the service at port 10000 etc is running properly !
-
Well.. above message simply means that the IP address is not working ! Are you sure the service at port 10000 etc is running properly !
I can ping the IP address.
Yes I am sure as I can access the https url with the ports without a proxy server. With the proxy server it just hangs :?:
Why or do I just keep waiting :?:
Do I need to add the IP address with the ports in squid.conf :?: If so how :?:
Thank You