Hello all, I am running squid2.5.stable4 on a server (kernel 2.4.7.20. masquerade with iptables). As soon as one of my workstation try a web request i read that in my cache.log file:
2003/12/24 13:19:24| comm_udp_sendto: FD 4, 212.27.32.176, port 53: (1) Operation not permitted 2003/12/24 13:19:24| idnsSendQuery: FD 4: sendto: (1) Operation not permitted and obvioulsy it does not work:-(( let me tell you that i have no Local DNS running and that 212.27.32.175 is one of my ISP's DNS. If i stop running squid everything is ok. i think my firewall-masq rules are not right but i can't find what is wrong (i join my squid.conf and ipatbles rules) Someone has a idea to help me? thank's Cordialement, _____________________________________________________________________ Vincent GAUVIN - Formateur TICE Circonscription de REIMS VI 13 rue Chanzy BP 2028 51070 REIMS C�dex (France) Tel : (33) 03.26.02.19.14 mailto : [EMAIL PROTECTED] http://ienreims6.dyndns.org/ Le site des TICE dans la Marne http://tic-et-tice.dyndns.org _____________________________________________________________________ "iptables -L" Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp spt:ssh "squid.conf" #port sur lequel le proxy �(c)coute les clients Web http_port 8080 cache_effective_user squid cache_effective_group squid #ne pas utiliser le cache pour ? et .cgi hierarchy_stoplist cgi-bin ? .cgi #m�(c)moire RAM allou�(c)e au proxy cache_mem 8 MB #taille maximale des fichiers qui seront enregistr�(c)s dans le cache maximum_object_size 4096 KB #r�(c)pertoire dans lequel seront stock�(c)s les fichiers enregistr�(c)s. #dans cet exemple, la taille maximale de ce r�(c)pertoire sera de 200Mo # il y aura 16 sous divisions dans /var/spool/squid #- et il y aura 256 divisions dans ces 16 sous divisions cache_dir ufs /var/spool/squid 200 16 256 #fichiers de log n�(c)cessaires pour contrôler le fonctionnement du cache cache_access_log /usr/local/squid/var/logs/access.log cache_log /usr/local/squid/var/logs/cache.log cache_store_log /usr/local/squid/var/logs/store.log cache_swap_log /usr/local/squid/var/logs/swap.log #localisation de la table MIME de squid mime_table /usr/local/squid/etc/mime.conf #informations relatives au processus pid_filename /var/run/squid.pid debug_options ALL,1 #listes d'accès acl allowed_hosts src 192.168.0.0/255.255.0.0 # acl localhost src 127.0.0.1/255.255.255.255 acl manager proto cache_object # acl all src 0.0.0.0/0.0.0.0 acl SSL_ports port 443 563 acl safe_ports port 80 21 443 563 70 210 1025-65535 acl CONNECT method CONNECT acl serveurlocal dst 127.0.0.1/255.255.255.255 #autorisation/interdiction des listes d�(c)finies http_access allow manager http_access allow manager allowed_hosts http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow allowed_hosts http_access allow serveurlocal #email du manager du cache cache_mgr [EMAIL PROTECTED] visible_hostname cache #rotation des fichiers log logfile_rotate 5 httpd_accel_host virtual httpd_accel_port 8080 httpd_accel_with_proxy on httpd_accel_uses_host_header on httpd_accel_single_host off log_fqdn on #pour exclure du cache l'intranet (local) acl web-local dstdomain localhost always_direct allow web-local
