Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => Linux Proxy Server Support => Topic started by: sanjeevlic on October 07, 2005, 10:58:16 AM
-
Please help !!!!!
i am using squid proxy on redhad linux 8.00 . Everything is working fine . only when i try to access YAHOO CHAT ROOM through yahoo messenger . it gives message SINGING IN TAKEING LONGER TIME TRY LATER.
I am having broadband connection and speed while i access web site is very fast
-
Just try yahoo messenger without squid..., Chack wheather the error wiill come after that...
Gaurav
-
Just try yahoo messenger without squid..., Chack wheather the error wiill come after that...
Gaurav
Dear Gaurav
I have tried it without using Squid. its work fine without using squid.
-
PLEASE US NAT AND MAKE YOUR SQUID TO WORK IN TRANSPARENT MODE THEN REDIRECT PORT 80 TO 3120 or 8080 theat is your http port in your squid
THANKS
OZIOMA
-
PLEASE US NAT AND MAKE YOUR SQUID TO WORK IN TRANSPARENT MODE THEN REDIRECT PORT 80 TO 3120 or 8080 theat is your http port in your squid
THANKS
OZIOMA
Thanks OZIOMA
I hav configured the squid transparent proxy every thing is working fine but still the yahoo chat room are not accessible
Please help
Sanjeev
-
PLEASE CHECK YOUR YAHOO MESSENGER CONNECTION PREFRENCE AND REMOVE IT FROM PROXY AND USE NO PROXY
THANKS
OZIOMA
-
Dear OZIOMA
I did as u said , set my messenger setting to no proxy . web sites are accessible but still yahoo chat rooms are not . whereas i can chat with the friends which are alread in my list. But chat rooms are still not accessible . I am still getting SIGNING IN TAKING LONGER TIME .
sanjeev
-
Well.. there are four connection option in yahoo, kindly try all one by one. I hope one will work.
-
Thanks Ricky for reply
I have tried all the four option , Use Proxy , No proxy , Firewall with no proxy and network detection.
We have two proxy server one is squid transparent proxy other not transparent proxy
i have tried under both .
i am able to connect throudh yahoo messsenger but when i connect to any chat room it give signing in to chat taking longer time try later
Please help
sanjeev
-
Ok May be the cause of this is some firewall rule :
If u r not using transparent Proxy ...., means if u r using simple proxy..,Then stop the firewall for once..then try yahoo messanger again
May be it works..not sure
Gaurav
-
I have squid with minimum configuration, I want to block Yahoo,MSN ....messanger from accessing
How to block? what are the changes have i to make in squid.conf.
Please reply
-
jp_durai ::
Please see this --> blocking yahoo and msn in squid proxy (http://www.linuxsolved.com/forums/ftopic1363.html)
-
basically yahoo says that you chatroom or any other service which uses direct connection on bothend does not support any proxy though you are running it in transperent mode sitll its making a proxy connection with yahoo and in this case its not possible to connect to yahoo
-
sanjeevlic
use squid as a transparent proxy ( squid+NAT )
and give DNS on your client machine as give ur ISP.
and in messenger >connection>no network detect
thats it :P
-
My problem is that I want to enable voice chat in yahoo, when i try to connect my client behind squid to yahoo messenger with following options.
1) No porxies------------->never connect(no error shown only trying for a while and then no result)
2)firewall with no proxy------------------->connected but voice chat is not enable(no option for voice chat)
3)use proxies---------------------->connected but again voice chat is not enable(no option for voice)
4)No network detection----------->again failed to connect(no fate)
I've squid and firewall running on same machine
eth1 is my LAN side and eth0 is my Internet NIC.
configurations are
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
-j REDIRECT --to-port 8080
iptables -A INPUT -j ACCEPT -m state \
--state NEW,ESTABLISHED,RELATED -i eth1 -p tcp \
--dport 8080
iptables -A OUTPUT -j ACCEPT -m state \
--state NEW,ESTABLISHED,RELATED -o eth0 -p tcp \
--dport 80
iptables -A INPUT -j ACCEPT -m state \
--state ESTABLISHED,RELATED -i eth0 -p tcp \
--sport 80
iptables -A OUTPUT -j ACCEPT -m state \
--state ESTABLISHED,RELATED -o eth1 -p tcp \
--sport 80
and in the end I am using MASQUERADING which solve my msn problem but yahoo problem still presists.
plz guide me thanks
Regards,
FFIDX
-
If you are doing Maquerading ie. NAT then you should not face voice problem. I suggets you to turn of redirection so that we can check few thigns and see if it works, if still it won't then you must have some firewall rules set in system then you will have to review them.
-
As I've sent you all my configuration. Plz point out my mistake. or plz send me some appropriate configuration.
Thanks,
Regards,
Farrukh
-
should I use SNAT like
iptables -t nat -A POSTROUTING -i eth1 -p tcp -m multiport --dport 5050,11999,5000,5001,5100 -j SNAT --to-source xxx.xxx.xxx.xxx
Then here what source ip should I use, in my case eth0 is my internet NIC and eth1 is my LAN
eth0 = 192.168.0.6/24
eth1 = 192.168.11.0/24
--to-source xxx.xxx.xxx can i use 192.168.0.6 beacause in MASQUERADING it used by default
Sir plz help me
-
give me line of masquerade also as well as make sure that you are using right DNS server in your clients.. if you have enabled caching nameserver then use ur server's IP as use ur ISP's IP as DNS server.
-
iptables -t nat -A POSTROUTING -s 192.168.11.0/24 -d ! 192.168.11.0/24 -o eth0 -j MASQUERADE
This line I am using for masquerading, my eth1 lan interface ip=192.168.11.2 eth0 internet interface ip=192.168.0.6
On the client side the DNS i am using is 192.168.11.2 although I've not configure any dns on my network server.
and in proxy setting i am using 192.168.0.6:8080 as my porxy
Previous setting and this configuration is all about. It is working well for msn and all other browsing accept Yahoo login with no proxy. Can I use following line after Masquerade.
iptables -t nat -A POSTROUTING -i eth1 -p tcp -m multiport --dport 5050,11999,5000,5001,5100 -j SNAT --to-source 192.168.0.6.
Thanks for your help and still waiting for your response.
-
Ok .. try it simple
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
And remove that your masquerade line.
Also is this 192.168.11.2 is the DNS of your ISP ?
Also you dont' need to do NAT for each port as its already being forwarded in above masquerade, everything, every packet.
-
Thanks sir once again but it is not working if i remove your specified or my masquerade line then msn and yahoo both not work and if i use your or my line then msn connected but yahoo problem is still presists...
:(:(
no sir 192.168.11.2 is not DNS of my ISP it is the address of eth1 NIC of my server (proxy+firewall) which i am using as gateway and DNS for my client and proxy address i am using eth0 internet NIC (192.168.0.6) sir This server not directly connected to isp it is connected with ISA
sir any mistake ??? plz guide me
-
those line I gave are two differnet lines, I hope you executed it right, else I don't see any problem.
Also if you are able to open websites properly with that as DNS then no problem in that.
-
I also suggest that temporary you clear all your current settings and then follow this http://www.linuxsolved.com/forums/ftopic115.html
And then tell us if its works, if not then might problem at higher level of firewall ie the server to which your gateway is connected.
-
Yes sir still problem presists, I disable my Squid and just share internet connection but problem is still there it never sign in with no proxy. Sir I am using your specified configuration .
Is it due to to ISA because I am behind ISA(linux box behind ISA) and client is connected through cross cable. Is ISA responsible for all happening??
Any idea!!!
Thank for your guidance
-
To check ISA, connect a client directly to ISA and run Messenger and other things on it, if its fine then our configuration is faulty as its from ISA itself.
Btw, what I suggested you earlier about making test ie only NAT then it should work else problem of ISA
-
Yes My Microsoft client connected successfully behind ISA, The configuration you given to me I've used it as NAT and trun off squid. but problem is still I am facing,
Configuration might be okay as you've tested it, but once again in my senario on my clent i am using 192.168.10.27 and define gateway as 192.168.10.2 which is address of eth1 of my Linux box, on eth1 the gateway i am using is the address of my eth0 which is 192.168.0.6. And in the end on eth0 the gateway i am using is the address of my ISA inner interface which is 192.168.0.1.
I am not configure any DNS for my network.
Is my configuration is ok? then what is the problem, how I get rid off this pain.
Thanks for taking care of me.
Regards,
Farrukh Fida.
-
Is it possible that ISA block my traffic by using MAC-address beacause we have NATed IP address not mac, but question once again then it should block all traffic.
-----------------:(:(:(
-
They can block particular traffic by MAC too but I think this is not the case.
I think I must explain few things here.
On the Linux box ie. which you are using as server to your LAN.
If its running NAT script i provided or any other NAT script then.
eth0 = internet
Should have gatway as given by your ISP,
DNS as given by your ISP
Should have IP & subnet mask as given by your ISP.
eth1 = Your LAN.
Should have IP & subnet mask you set for your LAN ie part of LAN.
No other configuration is required on this interface.
Now..
Your client :
Be it any OS wheter Linux or Windows or MAC OS.
Should have IP & subnet as part of lan
Gateway = IP of eth1 of Linux machine.
DNS = either your ISP's or your Linux box if in that DNS forwarding is enabled.In Redhat and fedora its mostly by default. You only have to make a separate entry in resolv.conf.
nameserver 127.0.0.1
Now you may compare your setup with above and if its identical to it then should work and later you can configure or enable squid too.
-
Yes i got my mistake,
My linux box not directly connected to the internet by using public or ISP assigned IP address on eth0.
So problem is this not in configuration or in a script.
My linux box is client for ISA which is directly connected to ISP by using public IP and ISP assigned DNS. so when I tried to attached a client with my linux server then it shows problem ( connecting yahoo problem ).
so I got it :) Thank you! once again Dear RICKY...:):)
-
NO thats not the mistake
If some computer is connected to internet properly .. whether its direct from ISP or routed from other computer then it can do well as server to internal LAN.
nothing like public or private adress.
The only thing can be doubt upon is setting of Linux box as client to ISA.. ie may be some mistake in that.
-
They can block particular traffic by MAC too but I think this is not the case.
I think I must explain few things here.
On the Linux box ie. which you are using as server to your LAN.
If its running NAT script i provided or any other NAT script then.
eth0 = internet
Should have gatway as given by your ISP,
DNS as given by your ISP
Should have IP & subnet mask as given by your ISP.
eth1 = Your LAN.
Should have IP & subnet mask you set for your LAN ie part of LAN.
No other configuration is required on this interface.
Now..
Your client :
Be it any OS wheter Linux or Windows or MAC OS.
Should have IP & subnet as part of lan
Gateway = IP of eth0 of Linux machine.
DNS = either your ISP's or your Linux box if in that DNS forwarding is enabled.In Redhat and fedora its mostly by default. You only have to make a separate entry in resolv.conf.
nameserver 127.0.0.1
Now you may compare your setup with above and if its identical to it then should work and later you can configure or enable squid too.
Thanks a lot, Yes all configuration is identical accept one thing which is as you define above "on clients when I am using gateway= Ip of eth0 of Linux machine" then it disable my all internet traffic.
note name server which I am using, given by my ISP and nslookup from my clients to any website is successful. Which means DNS is okay.
Regards,
ffidx
-
Well, thats the mistake there.
It should be IP of eth1 of linux machine.
-
If it is o.k then my configuration is identical with yours configuration.
But problem is still there in yahoo it never connected with no proxy..
Is it BUG?
-
No.. its not a bug, may be a very small mistake is there or missing which we are not able to notice.
-
Yes might be there some problem but sir as you know that i am not expert so I am unable to sort out actual problem, if you have any idea then please help me.
I am waiting for your response.
-
You may try to run any live distro of linux like slax or something and then try on that.
-
My dear friend i would again like to add that in any case though the configuration is hidden from the user end still the connection which is being esteblished is thrugh the server itself while yahoo says that it needs direct access to the client by thrugh any proxy ................
even in transperent proxy mode the main connection is being esteblished by the server not by the client workstation and this is the only reason that you are not able to use yahoo voice chat.