Squid Setup.....

Hi,
I am trying to setup squid for testing but its not working properly.
1. I get my internet from my corporate proxy server.
2. I don't have any access on that server other then web browsing.
3. We have VLAN setup.
4. The proxy server lies in a VLAN other then user VLAN.
5. I have setup a Fedora box with 2 NICs.
6. I have given 1st NIC IP address of the user VLAN and the 2nd of the
server VLAN.
7. We have ACLs based on IP.
8. So I have got internet access for my Fedora box's 2nd NIC's IP.
9. I installed and starded squid.
10. I configured squid.conf for port 3128
11. Created an ACL for a client IP.
12. And gave Access to that.
13. Configured that client's browser for proxy.

But still the client is not able to fetch any page.
Even, I think, its not contacting squid.


Pls help........


Thanks & Regards,
Jaydeep.

jay_kbvt <(E-Mail Removed)> wrote:
> I am trying to setup squid for testing but its not working properly.

> But still the client is not able to fetch any page.
> Even, I think, its not contacting squid.

You need to partition the problem. The obvious point (to my mind) is to
split at squid, i.e.
1 Can the client talk to squid
2 Can squid fetch pages from elsewhere

If you can't get (1) to work there's not a lot of point worrying about
(2).

So, on the squid server box, you can try the following to see whether
anything's working that far:

* telnet localhost 3128

This with either connect (in which case squid is listening) or fail
(in which case squid isn't listening). If squid isn't listening you
need to work out why not before you go any futher. You may also want
to repeat the test with "localhost" replaced by the IP address of
the server that the client is configured to use as its squid proxy.

* tail -f /var/log/squid/access.log

Then try getting a web page from your client, via squid. You should
see one line per web "item" that the client tries to fetch. At the
very least you should see a single line for the text of the web
page.

Once you've got this bit working you can come back to us again for some
further ideas.

Chris

Hi,
Thanks for reply.

I have changed the port from 3128 to 8080 in squid.conf.
When I telnet, I got this

[root@localhost ~]# telnet 10.0.33.184 8080
Trying 10.0.33.184...
Connected to 10.0.33.184 (10.0.33.184).
Escape character is '^]'.

and when I tail, I got this

[root@localhost ~]# tail -f /var/log/squid/access.log
1152266828.472 69 10.0.33.184 TCP_DENIED/403 1381 GET
http://www.google.com/favicon.ico - NONE/- text/html
1152267559.423 1 10.0.33.184 TCP_DENIED/403 1391 GET
http://squid.visolve.com/squid/faq.htm - NONE/- text/html
1152267559.619 161 10.0.33.184 TCP_DENIED/403 1387 GET
http://squid.visolve.com/favicon.ico - NONE/- text/html
1152267588.941 179 10.0.33.184 TCP_DENIED/403 1391 GET
http://squid.visolve.com/squid/faq.htm - NONE/- text/html
1152267589.004 63 10.0.33.184 TCP_DENIED/403 1387 GET
http://squid.visolve.com/favicon.ico - NONE/- text/html
1152268885.028 0 10.0.33.184 TCP_DENIED/403 1359 GET
http://www.google.com/ - NONE/- text/html
1152268885.200 155 10.0.33.184 TCP_DENIED/403 1381 GET
http://www.google.com/favicon.ico - NONE/- text/html
1152280297.968 242 127.0.0.1 TCP_DENIED/400 1579 NONE
error:unsupported-request-method - NONE/- text/html
1152280347.418 230 10.0.33.184 TCP_DENIED/400 1541 NONE
error:unsupported-request-method - NONE/- text/html
1152281819.054 231 10.0.33.184 TCP_DENIED/400 1549 NONE
error:unsupported-request-method - NONE/- text/html

I also tried to telnet from my clients but no luck....

Pls help.

Thanks & Regards,
Jaydeep.

jay_kbvt <(E-Mail Removed)> wrote:
> I have changed the port from 3128 to 8080 in squid.conf.

Any particular reason?


> When I telnet, I got this
> [root@localhost ~]# telnet 10.0.33.184 8080
> Trying 10.0.33.184...
> Connected to 10.0.33.184 (10.0.33.184).
> Escape character is '^]'.

OK, so squid (or something) is listening


> and when I tail, I got this
> [root@localhost ~]# tail -f /var/log/squid/access.log
> 1152266828.472 69 10.0.33.184 TCP_DENIED/403 1381 GET
> http://www.google.com/favicon.ico - NONE/- text/html

This suggests to me that you've not got your access rules within
squid sorted out correctly. Look for lines referring to "acl" and also
"http_access".


> I also tried to telnet from my clients but no luck....

No luck... what? The connection failed? It was accepted but then closed?
You got an error? A "forbidden" error? Please be precise.

It might suggest you haven't got your ACLs between your clients and your
squid server sorted out. Until your clients can talk to squid there's
no real point worrying about anything else.

Chris