Hi All, I am setting up a transparent squid proxy. I am having a problem where it doesn't want to accept my username & password and just ends up failing. BUT if i point the same PC's browser at the proxy server (192.168.0.1:8080) it prompts for the user & accepts the same user i typed in the first time. The "allowed" domains work fine. I have had a hunt around the web but haven't got anywhere so hopefully someone can see what i have missed.
Not quite sure what the issue is so here is my config & the howto i followed. Howto: http://www.linuxhomenetworking.com/linux-adv/squid.htm Squid.conf (main parts i've changed) auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd ##### RULES ###### # Our Network acl our_networks src 192.168.0.0/24 http_access deny !our_networks # Allowed websites that don't need Authenication acl allowed_domains dstdomain "/etc/squid/allowed" http_access allow allowed_domains # Users MUST Authenicate acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users # And finally deny all other access to this proxy http_access deny all #### Firewall ##### eth0 = Net Interface eth1 = LAN Interface $IPT = iptables # Transparent Proxy $IPT -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080 $IPT -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth1 -p tcp --dport 8080 $IPT -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --dport 80 $IPT -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport 80 $IPT -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth1 -p tcp --sport 80 Access.log file entries: No Prompt - All rules: 1133756421.660 28 192.168.0.250 TCP_DENIED/403 1413 GET http://www.google.com.au/ - NONE/- text/html Prompt but doesn't accept user - All rules but deny all: 1133756520.890 6 192.168.0.250 TCP_DENIED/401 1714 GET http://www.google.com.au/ - NONE/- text/html 1133756540.601 319 192.168.0.250 TCP_DENIED/401 1714 GET http://www.google.com.au/ - NONE/- text/html Browser pointing directly to proxy - All rules (works correctly, prompts for user & accepts it): 1133756626.619 5 192.168.0.250 TCP_DENIED/403 1413 GET http://www.google.com.au/ - NONE/- text/html 1133756647.717 3 192.168.0.250 TCP_DENIED/407 1739 GET http://www.google.com.au/ - NONE/- text/html 1133756652.403 651 192.168.0.250 TCP_MISS/200 12632 GET http://www.google.com.au/ www DIRECT/66.102.7.104 text/html Thanks ---------- Mark Chatterton _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
