next »

[tallship]

I've followed the guide to get Squid up and rolling as a Transparent proxy. Everything works just fine, I point everyone to the Squid box as the default gateway with DHCPD and then hijack port 80, redirecting it to 3128.

But the users are unable to use the Windows Update service, which fails when "checking for updates".

I've seen a lot of posts about this when googling - but not a single solution. A couple of people, after much frustration did manage to get Windows Update service working, but all they did was post that they had gotten it working and didn't bother to say what they did to correct the problem.

I can post my squid.conf file here if neccessary (it's still pretty basic along the lines of the mini-howto here

Upon googling, this seems like such a common problem that I would think that there would have been some attention given to it in the FAQs at suid-chche.org or other sites, but I've seen no mention of it.

If anyone can provide some assistance It would be greatly appreciated, and we could perhaps add it to the mini-howto here

.

[tallship]

Here's the redirect that hijacks the connection to port 80 on 192.168.1.100 (The Squid box) - from /etc/rc.d/rc.local

NOTE: Connections to this box do not currently go in one nic and out the other, they simply are intercepted by this machine on one NIC and then go out through the Squid machine's default gateway (firewall). This will change later so that all packets will be NAT'd by this box instead of the choke firewall, and this machine will become the firewall at that point.

Code:

/usr/local/squid/sbin/squid
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128

Okay, here's the squid.conf file, stripped of much of it's fluff - this is the complete file at this point - only the extraneous comments have been stripped out:

Code:

~# cat /usr/local/squid/etc/squid.conf
http_port 192.168.1.100:3128

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

cache_mem 32 MB

maximum_object_size 8192 KB

# maximum_object_size_in_memory 8 KB
maximum_object_size_in_memory 20 KB

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

cache_dir ufs /usr/local/squid/cache 1024 16 256

# cache_store_log /usr/local/squid/var/logs/store.log
cache_store_log none

#Default:
# debug_options ALL,1

#Default:
# log_fqdn off

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------

# ftp_user Squid@
ftp_user someone@sld.tld

# ftp_list_width 32
ftp_list_width 80

# on|off determines whether you "CAN" use PASSV mode, you don't have to use it
# ftp_passive on

#  TAG: redirect_rewrites_host_header
#       By default Squid rewrites any Host: header in redirected
#       requests.  If you are running an accelerator then this may
#       not be a wanted effect of a redirector.
#
#Default:
# redirect_rewrites_host_header on

auth_param basic children 5
auth_param basic realm Companies Name
auth_param basic credentialsttl 2 hours

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

# TIMEOUTS
# -----------------------------------------------------------------------------

# ACCESS CONTROLS
# -----------------------------------------------------------------------------

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow all

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access deny to_localhost

http_access deny all

http_reply_access allow all

icp_access allow all

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

cache_mgr someone@sld.tld

cache_effective_user squid
cache_effective_group squid

# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

# MISCELLANEOUS
# -----------------------------------------------------------------------------

coredump_dir /usr/local/squid/cache

# EOF

[Ricky]

I had done lots of work on squid ! really never noticed such problem, may be I am not much interested in window's update, at this point i really don't understand that why win update is not working !

How you are sure that win  update is not working, may be it uses some specific port which is not allowed in our standard coinfiguration !

Well have to look out in this matter ! no idea here too at this moment ! sorry!

   Recommend LS
   Linux User Around