Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => Linux Proxy Server Support => Topic started by: keever on October 19, 2005, 08:22:16 PM
-
I have sucessfully gotten SQUID to run, but I'm having a problem with the access lists. To be specific, the access lists are working correctly when I've tried it by having IE use the new proxy, but when I try to access the proxy server by using the Webmin http access, it returns a permission denied failure. There is nothing in the access list that is blocking port 10000 on the proxy, in fact I added 10000 as a safe port and allowed access to it. So the proxy won't let webmin be accessed based on a permission setting, not an access list statement. My question is what user on the linux box is used during a webmin session? I'm also a bit confused that I would get a permission denied error when I'm using the squid proxy, but not when accessing the webmin interface without having IE use the proxy. If there were a permission misconfiguration on the directories and files for webmin to begin with, why does the use of squid cause it to be a problem? Here is the connection failure message:
While trying to retrieve the URL: http://172.16.3.30:10000/
The following error was encountered:
Connection Failed
The system returned:
(13) Permission denied
The remote host or network may be down. Please try the request again.
-
I think there is some conflict webmin server and squid . Webmin run through a simple webserver come with itself so there might be conflict issues. Try including ip of same computer in allowed computer or make it separate acl like "
acl computeritself src <its ip>
http_access allow computeritself
Btw , its just guess but I don't think that it will solve the problem.
-
And also you can try as gaurave suggested ie .. just changing the permission of current squid places.
ok run all these commands on ur shell:-
#chmod -R 777 /usr/local/squid/*
#chmod -R 777 /usr/local/squid
#chmod -R 777 /var/log/squid/*
#chmod -R 777 /var/log/squid
After that create swap directories again using thic command
#squid -z
I think , After that it will work
-
I still cannot get webmin to work while using squid as a proxy:
This line should take care of the squid box itself:
acl localhost src 127.0.0.1/255.255.255.255
this line should let the localhost have http access:
http_access allow localhost
I went a step furthered and entered the ipaddress of the nic on the squidbox to the "localhost" acl, and I still get this when trying to access the squidbox thru webmin:
While trying to retrieve the URL: http://172.16.3.30:10000/
The following error was encountered:
Connection Failed
The system returned:
(13) Permission denied The remote host or network may be down. Please try the request again.
Regarding Permissions:
I used the rpm install, so my .conf directory is /etc/squid. Here are the perms for that directory:
[root@redprox]# ls -las /etc/squid
total 372
8 drwxrwxrwx 2 root root 4096 Nov 3 13:44 .
16 drwxr-xr-x 75 root root 12288 Oct 29 04:02 ..
8 -rwxrwxrwx 1 root squid 419 Oct 20 02:05 cachemgr.conf
4 lrwxrwxrwx 1 root root 22 Oct 21 04:30 icons -> /usr/share/squid/icons
32 -rwxrwxrwx 1 root root 26104 Oct 20 02:05 mib.txt
16 -rwxrwxrwx 1 root root 11651 Oct 20 02:05 mime.conf
16 -rwxrwxrwx 1 root root 11651 Oct 20 02:05 mime.conf.default
8 -rwxrwxrwx 1 root root 421 Oct 20 02:05 msntauth.conf
8 -rwxrwxrwx 1 root root 421 Oct 20 02:05 msntauth.conf.default
128 -rwxrwxrwx 1 root squid 120789 Nov 3 12:53 squid.conf
128 -rwxrwxrwx 1 root root 120270 Oct 20 02:05 squid.conf.default
So as you can see, I have 777 perms for the directory and all files within that directory. My question is should squid or root have ownership to the /etc/squid directory and all files in the subdirectory?
Additonally, my /var/log/squid perms are:
[root@redprox init.d]# ls -las /var/log/squid
total 37952
8 drwxrwxrwx 2 squid squid 4096 Oct 30 04:02 .
8 drwxr-xr-x 10 root root 4096 Nov 1 04:02 ..
16200 -rwxrwxrwx 1 squid squid 16561160 Nov 3 13:46 access.log
936 -rwxrwxrwx 1 squid squid 950012 Oct 30 04:02 access.log.1.gz
12 -rwxrwxrwx 1 squid squid 5310 Oct 26 04:02 access.log.2.gz
40 -rwxrwxrwx 1 squid squid 32864 Oct 20 04:02 access.log.3.gz
44 -rwxrwxrwx 1 squid squid 36875 Nov 3 13:42 cache.log
8 -rwxrwxrwx 1 squid squid 2528 Oct 30 04:02 cache.log.1.gz
8 -rwxrwxrwx 1 squid squid 2947 Oct 23 04:02 cache.log.2.gz
8 -rwxrwxrwx 1 squid squid 1262 Oct 19 04:02 cache.log.3.gz
8 -rwxrwxrwx 1 squid squid 1114 Oct 2 04:02 cache.log.4.gz
8 -rwxrwxrwx 1 squid squid 2432 Sep 25 04:02 cache.log.5.gz
12 -rwxrwxrwx 1 squid squid 7589 Oct 21 04:30 squid.out
18900 -rwxrwxrwx 1 squid squid 19320926 Nov 3 13:46 store.log
1660 -rwxrwxrwx 1 squid squid 1687704 Oct 30 04:02 store.log.1.gz
12 -rwxrwxrwx 1 squid squid 7125 Oct 26 04:02 store.log.2.gz
80 -rwxrwxrwx 1 squid squid 73364 Oct 20 04:02 store.log.3.gz
-
Well.. I think we have to do something with webmin, is there any config file for webmin which sets acls for the permission on webmins..
No webmin on my system currently, I will install soon and check out.
-
BTW.. I found on a forum having same problem and he says that he fixed the same problem by
was a netmask correction in the squid.conf file, and i didn't remove the default protection setting, which only allow local host to use the proxy
-
That would explain these error messages:
2005/11/04 07:21:35| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '172.16.3.1-172.16.3.254/255.255.255.0'
2005/11/04 07:21:35| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.218.1-192.168.218.254/255.255.255.0'
2005/11/04 07:21:35| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '192.10.30.1-192.10.30.254/255.255.255.0'
This is what I have in the .conf file for allowed networks:
acl Allow_Networks src 172.16.3.1-172.16.3.254/255.255.255.0 192.168.218.1-192.168.218.254/255.255.255.0 192.10.30.1-192.10.30.254/255.255.255.0
Now, what I find confusing is how the netmask "masks away" part of the specified ip range. I list a range between the valid host bits on a /24 ie: 1-254, and the netmask for a /24 would be 255.255.255.0, so how does the netmask "mask out" part of that range? Should I just put 172.16.3.0, implying the whole /24 network?
Oh, and btw, what forum did you get that scrumptious nugget from?
-
I'm still not able to access webmin when using a browser that uses squid as a proxy. I made the netmask changes suggested above to no avail. I also haven't been able to find a "config file for webmin which sets acls for the permission on webmins" either. There has to be other users that have experienced and solved this annoying permissions issue.
-
Well.. not able to look into your concern as very busy .