- Joined
- Jan 24, 2006
- Location
- South Dakota
So I have been playing around with squid all day and I haven't been able to get the internet caching, or squid in general work properly
I can surf the internet if I am not using a proxy setting in my browser and since the traffic was going through the squid box, I (falsely?) assumed that it was caching the traffic but I have not seen the folders grow at all.
I am sure its just something I have missed
here is the squid.conf file with the comments removed
and my iptables
and the dhcp.conf
There isnt really anything particular about the named stuff, just forwarders to internet dns from my ISP
If I add the host specifically to the squid.conf (http_access allow 192.168.56.99) and change FF settings I get "Firefox is configured to use a proxy that is refusing connections"
Running nmap shows that squid is listening on 3128 just as it is set in the proxy settings.
Anyone help?
I can surf the internet if I am not using a proxy setting in my browser and since the traffic was going through the squid box, I (falsely?) assumed that it was caching the traffic but I have not seen the folders grow at all.
I am sure its just something I have missed
here is the squid.conf file with the comments removed
Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 192.168.56.0/24
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_mem 200 MB
cache_dir ufs /squid 48000 16 256
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
acl internal_network src 192.168.56.0/24
http_access allow internal_network
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
maximum_object_size 300 MB
cache_replacement_policy head LFUDA
refresh_all_ims on
and my iptables
Code:
#!/bin/sh
#
echo -e "\n\nLoading simple rc.firewall-iptables version $FWVER..\n"
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
#Setting the EXTERNAL and INTERNAL interfaces for the network
#
# Each IP Masquerade network needs to have at least one
# external and one internal network. The external network
# is where the natting will occur and the internal network
# should preferably be addressed with a RFC1918 private address
# scheme.
EXTIF="eth1"
INTIF="eth2"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
EXTIP="your external IP address"
echo " External IP: $EXTIP"
echo -en " loading modules: "
# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a
echo "----------------------------------------------------------------------"
#Load the main body of the IPTABLES module - "iptable"
# - Loaded automatically when the "iptables" command is invoked
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "ip_tables, "
$MODPROBE ip_tables
#Load the general IPTABLES NAT code - "iptable_nat"
# - Loaded automatically when MASQ functionality is turned on
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
echo -en "iptable_nat, "
$MODPROBE iptable_nat
echo "----------------------------------------------------------------------"
echo -e " Done loading modules.\n"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option. This enables dynamic-address hacking
# which makes the life with Diald and similar programs much easier.
#
#echo " Enabling DynamicAddr.."
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP (REJECT is not a valid policy)
#
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nrc.firewall-iptables v$FWVER done.\n"
and the dhcp.conf
Code:
subnet 192.168.56.0 netmask 255.255.255.0 {
range 192.168.56.10 192.168.56.250;
default-lease-time 518400;
max-lease-time 618400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.99.255;
option routers 192.168.56.102;
option domain-name-servers 192.168.56.102;
option domain-name "stratus-sphere.com";
option time-offset -18000;
option ntp-servers 192.168.56.102;
host livecd {
hardware ethernet 08:00:27:74:65:78;
fixed-address 192.168.56.99;
}
}
There isnt really anything particular about the named stuff, just forwarders to internet dns from my ISP
If I add the host specifically to the squid.conf (http_access allow 192.168.56.99) and change FF settings I get "Firefox is configured to use a proxy that is refusing connections"
Running nmap shows that squid is listening on 3128 just as it is set in the proxy settings.
Anyone help?