On Wed, Jul 25, 2012 at 3:04 PM, Indunil Jayasooriya
wrote:
>
>
> Can your squid box to go to internet ? ( Pls check /etc/resolv.conf file )
>
> How many interfaces does your squid box have?
>
> 1 or 2 ?
>
> in /etc/sysctl.conf file , pls check net.ipv4.ip_forward para
added this below rule ( if squid listens on port 8080 )
>
> iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
>
>
>
--
Thank you
Indunil Jayasooriya
Error 4:Attempted to connect using the (TLS V1.0 | SSL V3.0)
protocol(s). The server rejected the connection
--
Thank you
Indunil Jayasooriya
bsite without squid.
and also, ho can we access it with squid 2.7 stable 9 on OpenBSD 4.8
64 bit. it also has negative_ttl 5 minutes
but, it is commented in this way.
#negative_ttl 5 minutes
--
Thank you
Indunil Jayasooriya
request.
could you pls help me to solve this issue ?
--
Thank you
Indunil Jayasooriya
hi,
I need expert advice
we cant access
www.go2uti.com form our squid 2.6.STABLE6 on CentOS 5
this is the log .
TCP_NEGATIVE_HIT/403 659 GET
http://www.go2uti.com/ - NONE/- text/html
we can access it without squid. what could be the issue... ?
--
Thank you
Indunil Jayasooriya
http://www.mail-archive.com/squid-users@squid-cache.org/msg78501.html
--
Thank you
Indunil Jayasooriya
I would like to fix this so --enable-pf-transparent properly detects and
> handles the version of PF available. Are you able to find out how I could do
> that please?
Will I have to do something from my end ?
--
Thank you
Indunil Jayasooriya
On Tue, Apr 19, 2011 at 1:05 PM, Indunil Jayasooriya
wrote:
>
>>> Now, we have to use
>>>
>>> divert-to instead of rdr-to in pf.conf
>>>
>>>
>>> Pls read below URL where you get the real thing in regard to it. It
>>> was repl
512 Apr 7 21:03 ..
drwxr-xr-x 46 root wheel 2560 Apr 11 17:29 errors
drwxr-xr-x 3 root wheel512 Apr 11 17:29 icons
-rw-r--r-- 1 root wheel 30845 Apr 11 17:29 mib.txt
--
Thank you
Indunil Jayasooriya
e wrong?
--
Thank you
Indunil Jayasooriya
divert-to instead of rdr-to
updated. Pls see below.
pass in log on $int_if proto tcp from $lan_net to any port 80 \
divert-to 127.0.0.1 port 3129
but, still now luck. any comments ?
--
Thank you
Indunil Jayasooriya
was replied by OpenBSD developer Reyk Floeter.
http://www.mail-archive.com/misc@openbsd.org/msg101469.html
I am home now, I am going to office on monday. then, I will do
accordingly and update you.
--
Thank you
Indunil Jayasooriya
requires netinet/in.h before arpa/inet.h */
#if HAVE_NETINET_IN_H
#include
#endif
#if HAVE_ARPA_INET_H
#include
#endif
#endif /* _SQUID_OPENBSD_ */
#endif /* SQUID_OS_OPENBSD_H */
That's all for that patch. I think U r ok.
anyway. for the /dev/pf thing, I will come back with an update
--
Thank you
Indunil Jayasooriya
11/04/08 20:30:05 kid1| storeLateRelease: released 0 objects
That's all I can tell you. sorry for the long mail. I think step by
step info may be very helpful.
anyway, Pls let me know how to patch. I love it, then, for next
releases on OpenBSD, I can try.
hope 2 hear from you.
--
Thank you
Indunil Jayasooriya
>
> The problem is that netinet/in.h must be included before arpa/inet.h in
> include/util.h (at least for 3.1.11). Just add
> #include before the #include line in this
> file. At least that fixed the same problem with Squid 3.1.11 on OpenBSD 4.9.
Thanks for your help. Sorry for the delay in rep
of quick for { lo $int_if $ext_if }
#These 2 are the rules for transparency with PF
pass in log on $int_if proto tcp from $lan_net to any port 80 \
rdr-to 127.0.0.1 port 3128
pass out log on $ext_if inet proto tcp from $ext_if to any \
port 80
--
Thank you
Indunil Jayasooriya
warning: 'struct in_addr' declared inside
parameter list
/usr/include/arpa/inet.h:74: warning: its scope is only this
definition or declaration, which is probably not what you want
/usr/include/arpa/inet.h:75: warning: 'struct in_addr' declared inside
parameter list
*** Error code 1
Stop in /root/software/squid-3.2.0.6/lib (line 589 of Makefile).
*** Error code 1
Stop in /root/software/squid-3.2.0.6/lib (line 708 of Makefile).
*** Error code 1
Stop in /root/software/squid-3.2.0.6 (line 433 of Makefile).
--
Thank you
Indunil Jayasooriya
in log on $int_if proto tcp from $internal_net to any port
80 rdr -> $proxy port 8080
--
Thank you
Indunil Jayasooriya
src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
http_access allow localnet
--
Thank you
Indunil Jayasooriya
2) No such file or directory
> 2011/03/29 11:14:44| IpIntercept.cc(250) IpfInterception: NAT open failed:
> (2) No such file or directory
> _
>
> So when only pf is used, must I compile squid with IPFILTER and IPFW ?
>
> Thanks
>
> /Leslie
>
--
Thank you
Indunil Jayasooriya
www.debian.org
> Server: exchange.piramide.local
> Address: 172.16.16.254
>
> Nome: www.debian.org
> Addresses: 86.59.118.148, 82.195.75.97
>
> F.
>
in squid.con file , Pls search dns_nameservers directive and add like this.
dns_nameservers 172.16.16.254
--
Thank you
Indunil Jayasooriya
>
>>
>> In both cases, when I use my browser in my LAN (whichever PC I use), I
>> get:
>>
>> (101) Network is unreachable
>
> Have you added DNS in your PCs ? try to add and see
>
>
>>
>
>
> --
--
Thank you
Indunil Jayasooriya
should expire in a period (let's say 5
months). before that, it should be informed to users.
Could you pls let me know the software we need to achieve the above
said requirements?
What about the Squid Users Manager pkg?
--
Thank you
Indunil Jayasooriya
>>
>> I try with Cuteftp , filezilla , these worked very well. Only IE and
>> Firefox
How did you access?
Pls try below method
ftp://user:p...@www.domain.com
Amos, i want to access www.icuh2009.org. Am using Filezilla. Not sure
what you mean by the connect method!
Pls try below via firefox or IE
ftp://user:p...@www.icuh2009.org/
--
Thank you
Indunil Jayasooriya
k the best method is to block all types of
>> audio/video streaming rather then blocking websites(that are increasing
>> day-by-day)
>>
>> Regards
>> -ms
>
>
--
Thank you
Indunil Jayasooriya
What is the O/S you use?
--
Thank you
Indunil Jayasooriya
100.0/24 is my LAN RANGE.
According to the above script, My FULL bandwidth was 256 kbit. I
allocated 64 kbit for downloading. it is actually NOTHING to do with
squid for me. ALL went fine with iproute2 pkg.
> I am also seeking a TC expert to help several users already needing to use
> it with TPROXYv4 and/or WCCP setups.
I am NOT a tc expert. just a guy with an interest.
--
Thank you
Indunil Jayasooriya
I'm using HAVP as a cache peer and it is working quite nicely:
oh, yeah, I also tested several times. it worked very well.
--
Thank you
Indunil Jayasooriya
52
> Aborted
>
>
> I don't Know what can I do
in squid.conf file , pls type
visible_hostname yourhostname
then, type below command
squid -k reconfigure
That's it
--
Thank you
Indunil Jayasooriya
sites.
What about ACLs like below ?
acl ftp proto FTP
acl noftpips src 192.168.1.2 192.168.1.4 192.168.1.10
http_access allow ! noftpips
Your ideas ?
--
Thank you
Indunil Jayasooriya
it's MRTG-like. The best tools I know for squid
> reports are sarg (which is rather popular) and lightsquid (it makes
> reports a lot faster but I don't know if it's popular outside Russia).
>
> Regards,
> LPIC-1, EMCPA
> Nikita Andreev
>
>
--
Thank you
Indunil Jayasooriya
.34:192.1.54.43:192.1.54.65"
--
Thank you
Indunil Jayasooriya
exclude ftp access to some ip addresses?
Pls grant your advice.
--
Thank you
Indunil Jayasooriya
works fine. This is a streaming video site.
But, remember, There is NO firewall running. All ports are open.
ANY ADVICE
--
Thank you
Indunil Jayasooriya
.
Anyway, This is squid version , Pls see below
Squid Cache: Version 2.6.STABLE6
Your Idead expected
--
Thank you
Indunil Jayasooriya
Hi,
Pls fill below varable with yours.
$LAN= Lan ip range. example- 192.168.0.0/24
$INTERFAZ_INT= Interface connects to the Internet
$INTERFAZ_LAN= Interface conncects to Lan
$LAN_IP of the squid box = Lan ip. example- 192.168.0.1
I use below rules for tranceparent interception on Linux.
#Enab
ansparent interception.
I think below may help you
http://wiki.squid-cache.org/Features/SslBump?highlight=%28C%7B1%7DategoryWish%29%7C%28C%7B1%7DategoryFeature%29%7C%28completed%29%7C%28Version...%3A.%2A3.1%29%7C%28Status...%3A%29%7C%28ETA...%3A%29
Happy Squiding
--
Thank you
Indunil Jayasooriya
EAD includes a feature called sslbump
Pls visit below Urls
http://markmail.org/message/5d7rtqbhwwcivkkx?q=transparent+https&page=1&refer=vhkzezxg7n643ik2
http://markmail.org/message/mkgy5jjr6wdthi5k?q=transparent+https&page=1&refer=vhkzezxg7n643ik2
--
Thank you
Indunil Jayasooriya
>> Also i saw that this is a commercial product. Do you know any free
>> software like this ?
What about this?
Pls try
http://www.shallalist.de/
--
Thank you
Indunil Jayasooriya
interception. I removed it. Now,
> It works.
--
Thank you
Indunil Jayasooriya
idea?
--
Thank you
Indunil Jayasooriya
required
http_access allow nike dstallowed4nike ncsa_users
http_access deny nike
#these have FULL ACCESS without password
acl mynet src 172.23.0.0/255.255.0.0
http_access allow mynet
Is it because of the above ACls.
Any advice is expected.
--
Thank you
Indunil Jayasooriya
/squid-users/200708/0069.html
Hope , it may help
--
Thank you
Indunil Jayasooriya
>> no, it´s now possible without dns ... browser need to resolve address
>> to ip to start connections
Thanks for your quick responce. How Can I achieve it.
All clinets use IE and firefox.
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
ear from you.
--
Thank you
Indunil Jayasooriya
s. It will NOT work.
Is it normal?
Without DNS sentires in Clients Pcs. Is it possible to work?
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
DSL line.
> What kind of routing am i making this protocols (iptables and squid)?
Do you want to route port 80 (web) traffic via one ADSL line?
the rest of traffcie via the other?
if so, iptables and ip route2 can do it.
then, you nerd policy routing.
--
Thank you
Indunil Jayasooriya
ttp_access allow mynet
restart squid
Happy Squiding
--
Thank you
Indunil Jayasooriya
use the whitelist
> http_access pc101 whitelist
Pls add the word allow as follows
http_access allow pc101 whitelist
Happy squiding
--
Thank you
Indunil Jayasooriya
he squid log.
I still do not know. I think it is good to send another mail with the
subject of "restrict access log to a short period (say 1 hour)"
Then, squid developers might be able to answer you.
go ahead to bring this to an end
Happy Squiding.
--
Thank you
Indunil Jayasooriya
ifit from them.
http://sarg.sourceforge.net/enhancements.php
http://sarg.sourceforge.net/zhaolei.txt
Happy Squiding
--
Thank you
Indunil Jayasooriya
page refers
> to documentation in the "GNU info format". Where could I find this
Difficult to say.
--
Thank you
Indunil Jayasooriya
iptables rule
#Redirecting traffic destined to port 80 to port 3128
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT
--to-port 3128
for more, pls visit below URL
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy
Happy Squiding
--
Thank you
Indunil Jayasooriya
Does anyone know where to get them?
>
> Or maybe there's another package that's preferred to make use of RRD for
> Squid?
>
>
>
>
>
>
--
Thank you
Indunil Jayasooriya
gt; 4) If I specify the "-t HH-HH" option to restrict the report to a time range
> - it doesn't seem to behave as I would expect. I get far less traffic
> reported than I would expect over the period. I can't find any way to check
> that it is reporting all the relevant trafic.
>
> Thanks
>
> Richard.
>
>
--
Thank you
Indunil Jayasooriya
> one with this info broken down by Client.
> Is it there somewhere in one of the report - or do I need some additional
> reporting tool?
>
> Thanks for the help.
>
> Richard.
>
>
>
>
--
Thank you
Indunil Jayasooriya
> Need some help on how to improve the performance of squid proxy.
>
> My problem is when I access any site directly it is faster but when used
> proxy its slow.
Pls try below command and ses its output
squidclient mgr:info
--
Thank you
Indunil Jayasooriya
cp -i eth0 --dport 80 -j REDIRECT
--to-port 3128
Hope to hear from you.
Happy squiding
--
Thank you
Indunil Jayasooriya
py Squiding
--
Thank you
Indunil Jayasooriya
k set up with ips, if possible?
I think it is like this.
clients ---> 2ndsquidproxy ---> 1stsquidproxy(its ip is 10.10.10.1)
--> Your firewall
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
quidbox it shows
> a page
>
> ---
>* Access Denied.
>
> Access control configuration prevents your request from being allowed
> at this time. Please contact your service provider if you feel this is
> incorrect.
have you added ACL in squid.conf
something like th
y ethernet does squid box have?
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
.1 parent 3128 0 no-query default
acl lan src 192.168.1.0/24
http_access allow lan
never_direct allow all
--
Thank you
Indunil Jayasooriya
when aplying policy.
> thanks,
pls try belpw.
cache_peer 10.10.10.1 parent 3128 0 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all
--
Thank you
Indunil Jayasooriya
ls add users as follows
[EMAIL PROTECTED] ~]# htpasswd /etc/squid/squid_passwd user1
New password:
Re-type new password:
Adding password for user user1
finally, Pls restart squid server.
That's it
Happy squiding
--
Thank you
Indunil Jayasooriya
oto dstdomain .cnn.com
http_access allow prj1 domains4toto
http_reply_access allow prj1 domains4toto
http_access deny prj1
Just try it out.
--
Thank you
Indunil Jayasooriya
ntranet DNS server (from that other
> domain) in front of my own DNS server in resolv.conf, it now works
> through squid.
>
> Thank you again for all your help, and I apologize if I wasted your time.
>
> On Mon, Jun 2, 2008 at 4:18 PM, Indunil Jayasooriya <[EMAIL PROTECTED]
many ethernet
does this squid server have?
I think this is something that belongs to routing...
--
Thank you
Indunil Jayasooriya
411 ms12 ms13 ms 10.43.113.57
> 5 8 ms13 ms12 ms 10.43.112.2
> 613 ms13 ms13 ms 10.43.8.20
>
> Trace complete.
>
> C:\Documents and Settings\edd>
>
>
>
>
> On Mon, Jun 2, 2008 at 3:25 PM, Indunil Jayasooriya <[EMAIL PR
is via squid proxy. Then, It does not work.
What is this PATH?
I want to see reverse path filtering.
hope to hear form you.
-
Thank you
Indunil Jayasooriya
also I need the output of below 2 apache logs of www.example.com
at the same time?
tail -f /var/log/httpd/access_log
tail -f /var/log/httpd/error_log
I think it is the easiest way to see what is going on there?
--
Thank you
Indunil Jayasooriya
browse www.example.com via squid.
--
Thank you
Indunil Jayasooriya
> When I take off transparent mode, the result is the same, it does not
> access (time out)
without squid, When you access www.example.com, does it redirect to
www2.example.com:8098/login.aspx ?
If yes, Webserver www.example.com is OK.
Hope to hear from you.
Thank you
Indunil Jayasooriya
t running apache?
I think you will have to redirect to www2.example.com:8098/login.aspx there.
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
m
--dport 80 -j REDIRECT --to-port 8098
--
Thank you
Indunil Jayasooriya
Hi,
> Is there a good guide detailing how to set this digest up with openLdap?
http://yajith.blogspot.com/2007/12/squid-ldap-and-active-directory.html
--
Thank you
Indunil Jayasooriya
I am runnig squid servers on firewalls and on DMZ. no issue at all.
--
Thank you
Indunil Jayasooriya
enger is still signing in...
>> >
>> > Does any body have another solution?
>> >
>> >
>> > Regards
>> >
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG.
>> Version: 7.5.524 / Virus Database: 269.23.21/1458 - Release Date:
>> 5/21/2008 7:21 AM
>>
>
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.524 / Virus Database: 269.23.21/1458 - Release Date: 5/21/2008
> 7:21 AM
>
>
--
Thank you
Indunil Jayasooriya
NAT --to-source 1.2.3.4
Have you aplied DROP polices. then, You need another rule like this.
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
Pls try these.
GOOD LUCK
>
> Is there anything am missing on here
>
--
Thank you
Indunil Jayasooriya
addressed i would greatly appreciate the info.
What is the O/S u r using?
how have you installed squid? source or binary?
u r running squid 2.5.6. I think if you can update it to something
higher, there's a chance to get it worked.
GOOD LUCK
>
>
> Thnans much.
>
> >>>
> what version of squid are you using?
>
> i see 2.6 does not have this problem but 2.5.6 does.
>
> so i was wondering what patch level i need to be at in order to address the
> issue or do i need the 2.6 version.
squid 2.5 is quite OLD. Pls use squid 2.6 instead.
--
> website trying to access: http://www.fiakc.com
I get the dialog box from here.
--
Thank you
Indunil Jayasooriya
IL PROTECTED] ~]# /etc/cron.monthly/sarg
Now, Browse as follows.
http://192.168.101.25/sarg
That's it.
GOOD LUCK
>
>
>
> On Thu, 08 May 2008 Indunil Jayasooriya wrote :
>
>
> >Pls use sarg. It is good.
> >
> >
> >Anyway, Redhat 9 is quite
for
> reverse).
>
> Please how can I do this ?
>
>
>
> Sorry for my bad English.
>
--
Thank you
Indunil Jayasooriya
ility to create a detailed, flexible
> report about all users' usage of the server.
> I'm sure it's a very common task for Squid
> admins. Why there is no tool in the
> distribution kit, I don't understand.
> So, what will you advise me?
>
>
--
Thank you
Indunil Jayasooriya
h your IDEAS.
--
Thank you
Indunil Jayasooriya
--
From: Indunil Jayasooriya <[EMAIL PROTECTED]>
Date: Mon, May 5, 2008 at 11:50 AM
Subject: Re: [squid-users] squid reverse proxy isssue
To: Paul Bertain <[EMAIL PROTECTED]>
Cc: squid-users
> Can your Squid box resolve your "http_port" line? Whatever you have as the
&g
times
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
is is on RedHat EL 5 with default RPM squid-2.6.STABLE6-3.el5
Any advice to get it working.
--
Thank you
Indunil Jayasooriya
> Messenger uses port 443 too to file transfers. My principal target is to
> block file transfer. Any Idea?
Is it a linux box? Then, I think iptables might be able to do it.
other wise, pls try l7-filter. pls see below.
http://l7-filter.sourceforge.net/
--
Thank you
Indunil Jayasooriya
below URL may help.
http://blogs.techrepublic.com.com/networking/?p=308
On Wed, Apr 30, 2008 at 1:32 AM, Wilson A. Galafassi Jr.
<[EMAIL PROTECTED]> wrote:
> Hello.
> It´s possible to block msn under squid? Especially file transfer?
>
> Thanks,
> Wilson
>
>
ls click below URL for more
http://www.benzedrine.cx/transquid.html
--
Thank you
Indunil Jayasooriya
--
Thank you
Indunil Jayasooriya
Looks good.
If you have multiplewebsites hosted you may need both "accel vhost"
options on the http_port.
NOTED , Thanks
--
Thank you
Indunil Jayasooriya
On Thu, Apr 10, 2008 at 7:48 PM, Amos Jeffries <[EMAIL PROTECTED]> wrote:
>
> Indunil Jayasooriya wrote:
>
> > Hi all,
> >
> > I have 2 web servers . One is Primary and the other is Secondary.
> >
> > Pls asssume
> > ip of primary is 1.2.3
cache_peer ip.of.secondarywebserver parent 80 0 no-query originserver
acl our_sites dstdomain your.main.website
http_access allow our_sites
--
Thank you
Indunil Jayasooriya
ommains dstdomain /path/file.txt
acl banneddommains dstdomain "/path/file.txt"
http_access deny banneddommains
>
> or how?
>
> TIA
>
> LD
>
--
Thank you
Indunil Jayasooriya
bo.info
http_access deny blockedsite
--
Thank you
Indunil Jayasooriya
squid box.
Now, clients gateway is the ip of the firewall/NAT box. and also check
Dns in clients.
here's another useful urls
http://www.mail-archive.com/squid-users@squid-cache.org/msg53662.html
http://tldp.org/HOWTO/TransparentProxy-6.html
Good luck
--
Thank you
Indunil Jayasooriya
1 - 100 of 159 matches
Mail list logo