April 18, 2014, 08:04:39 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Squid Transparent proxy cannot access ftp or https  (Read 26357 times)

Offline nickcol

  • Linux Noob !
  • *
  • Posts: 5
Squid Transparent proxy cannot access ftp or https
« on: December 06, 2004, 01:24:04 PM »
Hi

I have setup Nat and a squid transparent proxy as per the How to on a Rh9 pc. The proxy seems to work as http requests are being logged and you can view websites etc.

But I cannot access any ftp servers or https sites. Any Ideas Why ?
Seems like none of ports other than 80 are being forwarded through.

Have i got a config problem or do i need to use iptables to let https ftp through.?

Thanks

Nick

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
check acl!
« Reply #1 on: December 06, 2004, 01:44:38 PM »
Maybe the problem is that your squid is denying the access to ssl ports or safeports.  You can check your squid.conf, review your acl rules if you are blocking access to ssl ports.

Regards

Leo

Offline nickcol

  • Linux Noob !
  • *
  • Posts: 5
Squid Transparent proxy cannot access ftp or https
« Reply #2 on: December 06, 2004, 01:51:46 PM »
my config is a below.Can you tell me which bit needs changing to allow https and ftp.

Nick


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl vitaldog src 192.168.10.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443 563   # https, snews
acl Safe_ports port 70      # gopher
acl Safe_ports port 210      # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280      # http-mgmt
acl Safe_ports port 488      # gss-http
acl Safe_ports port 591      # filemaker
acl Safe_ports port 777      # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports


http_access allow vitaldog
http_access deny all



nick

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
ok
« Reply #3 on: December 06, 2004, 02:19:18 PM »
Try enabling access to ssl and safe ports.  Change the default deny for allow like this :

http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports.

Maybe this works for you!

Be aware enabling this 'cause your granting access to other related ports in you acl list.  So be sure to have a good firewall already configure in your network.

Regards!
Leo

Offline nickcol

  • Linux Noob !
  • *
  • Posts: 5
Squid Transparent proxy cannot access ftp or https
« Reply #4 on: December 06, 2004, 03:50:28 PM »
Thanks for that.


http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports

sorted this out and i know have https access.

I will sortout what ports I need now.

Nick

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
ok
« Reply #5 on: December 06, 2004, 04:26:43 PM »
good luck!!

Regards!!!


Leo

Offline anybody

  • Linux Noob !
  • *
  • Posts: 8
I am still having problem in accessing https
« Reply #6 on: December 27, 2004, 10:05:23 AM »
hello there

I have just seen this post and I want to setup transparent proxying
for https

I have followed the instructions as specicfied by you guys

however transparent proxy for https is not working

my /etc/squid/squid.conf settings for same are

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports


but it is working perfectly for http requests

how do I get access to both http and https
what are the rules in addition to above?
plz help me!

stefan

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2378
Squid Transparent proxy cannot access ftp or https
« Reply #7 on: December 29, 2004, 08:13:15 AM »
well.. i as far as i know in transparent mode you have to never worry about https while using squid but if you are using simple proxy using squid then have to specify https proxy port and ip same as http port and ip in browser.

Hope it gives you the hint.

Offline anybody

  • Linux Noob !
  • *
  • Posts: 8
any way?
« Reply #8 on: December 29, 2004, 11:04:09 AM »
HI

thanks for your response ricky :D

As far as I have sen in many forums the answer I got was

transparent proxy setup using squid as proxy even for https requsets
was not possible

My aim is

to setup transparent proxy so that the cleints dont have to bother about

changing their browser settings for  ip and port

I just wanted this as many of my users are using hotmail
and are not able to log in to hotmail

I want it to do it with transparent proxy itself

when I first saw this post I initially thought  it was easily possible
but with the setting as mentioned Isantana I am not able to log in to
hotmail
(I am using squid/2.5 stable)

any methods for  making this possible??

please expalin to me the configs in detail..

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2378
Squid Transparent proxy cannot access ftp or https
« Reply #9 on: January 01, 2005, 03:35:16 PM »
Well from my side I don't know how is that happening to that guys but I have been using Squid in transparent mode (ie the config i have given in the tutorial section) from almost a Year and I never faced such problem. May be You have some firewall blocking https port and so even transparent will not work.

Well untill i m not able to generate that problem then how i can solve that. So unable to create it here. its all fine here :( . I think you have to look out more, though i m still looking the way around

Offline anybody

  • Linux Noob !
  • *
  • Posts: 8
Squid Transparent proxy cannot access ftp or https
« Reply #10 on: January 04, 2005, 06:28:01 AM »
hello

I need to know where I am going wrong
I am not able to do even basic transparent proxying now

configs are perfectly as per those given in your tutorial

actually
I added 2 rules

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j REDIRECT --to-port 3128

and now transparent proxying is not happening thru port 80 also
even after
adding
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

plz guide me how to set it right

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2378
Squid Transparent proxy cannot access ftp or https
« Reply #11 on: January 04, 2005, 09:36:36 AM »
i doubt if your proxy server is configured to listen on port 3128, are you sure ?
Are their any other rules apart of these, also r you running any firewall application like firestarter ?

Offline anybody

  • Linux Noob !
  • *
  • Posts: 8
Squid Transparent proxy cannot access ftp or https
« Reply #12 on: January 04, 2005, 02:12:52 PM »
hi

now I am able to access internet using tranparent proxying ;
earlier also I was able access thru ip and port
I am not using any firewalls also

but still am not able to figure out what went wrong  :?

 I am now able to connect to https(eg hotmail.com)

but I am not able to get the logs corresponding to same
in /var/log/squid/acces.log
when i watch the same with command
tail -f /var/log/squid/acces.log

are not https requests not logged? in squid?

Offline Shree

  • New Member
  • Posts: 3
How to access HTTPS sites through squid.
« Reply #13 on: July 08, 2005, 04:59:58 AM »
Hi All,

From last 3-4 days I am struggling to access the HTTPS sites through squid 2.5 STABLE10 version.

Most of the users says its not posible.

Anybody have any idea.?

Please help me

Nilesh

Offline ilias

  • Linux Learner
  • ***
  • Posts: 116
Squid Transparent proxy cannot access ftp or https
« Reply #14 on: July 08, 2005, 08:58:16 AM »
hi shree

pls mention your kinf of proxy, ie. simple or transparent and try to enable ssl and safe ports