Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Rh8 & Squid 2.4 Stable 7, Need a fresh pair of eyes......
HickoryShade
post Mar 17 2004, 12:01 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 3
Joined: 17-March 04
Member No.: 2,601



I'm a newbie for Linux. I have been able to load nessus and ethereal without a problem but for some reason I'm running into a brick wall when it comes to squid. If someone could be so kind and point me in the right direction I would be much obliged.....This is the error message I received:

[root@RHW squid]# squid -NCd1
2004/03/17 10:26:51| parseConfigFile: line 1261 unrecognized: 'auth_param basic
children 5'
2004/03/17 10:26:51| parseConfigFile: line 1262 unrecognized: 'auth_param basic
realm Squid proxy-caching web server'
2004/03/17 10:26:51| parseConfigFile: line 1263 unrecognized: 'auth_param basic
credentialsttl 2 hours'
2004/03/17 10:26:51| parseConfigFile: line 1866 unrecognized: 'http_reply_access allow all'
WARNING: Cannot write log file: /usr/local/squid/logs/cache.log
/usr/local/squid/logs/cache.log: Permission denied
messages will be sent to 'stderr'.
2004/03/17 10:26:51| WARNING: Closing open FD 2
2004/03/17 10:26:51| Starting Squid Cache version 2.4.STABLE7 for i686-pc-linux-gnu...
2004/03/17 10:26:51| Process ID 24857
2004/03/17 10:26:51| With 1024 file descriptors available
2004/03/17 10:26:51| Performing DNS Tests...
2004/03/17 10:26:51| Successful DNS name lookup tests...
2004/03/17 10:26:51| DNS Socket created on FD 3
2004/03/17 10:26:51| Adding nameserver x.x.x.x from /etc/resolv.conf
2004/03/17 10:26:51| Adding nameserver x.x.x.x from /etc/resolv.conf
FATAL: Cannot open '/usr/local/squid/logs/access.log' for writing.
The parent directory must be writeable by the
user 'nobody', which is the cache_effective_user
set in squid.conf.
Squid Cache (Version 2.4.STABLE7): Terminated abnormally.
CPU Usage: 0.010 seconds = 0.010 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 307
Aborted
[root@RHW squid]#

Thanks for your help.....
Peace....
Go to the top of the page
 
+Quote Post
Robert83
post Mar 17 2004, 12:05 PM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi

try my squid.conf file
------------------------------------------------------
http_port 3228
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

cache_mem 32 MB
fqdncache_size 1024

cache_dir ufs /proxy1/ 8000 16 256
cache_dir ufs /proxy2/ 8000 16 256

cache_mgr brobiwbe@xxxxxxx.co.yu
cache_effective_user nobody
cache_effective_group nobody

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl FTP proto FTP
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 563
acl Safe_ports port 80 8080 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl xxx1 src 192.168.0.0/255.255.255.0
acl xxx2 src 192.168.1.0/255.255.255.0
acl xxx3 src 192.168.2.0/255.255.255.0

http_access allow xxx1 xxx2 xxx3
always_direct allow FTP
http_access allow xxx1
http_access allow xxx2
http_access allow xxx3
http_access deny all
-----------------------------------------------------------------
make sure that the owner of the squid proxy directory is nobody / nobody , and also make sure
that under /var/log/squid the owner is nobody / nobody

the above mentioned conf file is a transparent proxy ,thus you don't need to enter manualy the port in the browsers...
!goto the squid site , and read the manual, http://squid.visolve.com/squid/index.htm you'll need to add a line so that Internet Explorer will be forced to refresh , so that It will get the fresh content always...

and also make sure that the following line is in you're iptables
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3228

...
but here is my complete iptables file for my proxy server
eth0,1,2 internal [192.168.0.x ; 192.168.1.x ; 192.168.2.x] eth3 is connected to the firewalls internal ethernet card 192.168.10.2

you can safely skip the drop-and-log-it , drop rules , if you use you're proxy server behind a firewall...

iptables -A FORWARD -i eth0 -o eth3 -j ACCEPT
iptables -N drop-and-log-it
iptables -A drop-and-log-it -j LOG --log-prefix iptables --log-level info
iptables -A drop-and-log-it -j DROP
iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth3 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 0/0 -d 0/0 -j DROP
iptables -A INPUT -i eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth2 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -j DROP
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3228
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3228
iptables -A PREROUTING -t nat -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3228
iptables -A POSTROUTING -t nat -s 192.168.0.0/255.255.255.0 -o eth3 -j SNAT --to-source 192.168.10.2
iptables -A POSTROUTING -t nat -s 192.168.1.0/255.255.255.0 -o eth3 -j SNAT --to-source 192.168.10.2
iptables -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o eth3 -j SNAT --to-source 192.168.10.2

also consider downloading SQUID 2.5 from the squid website since it's stable , and I had no problems with it ...


Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
HickoryShade
post Mar 18 2004, 01:25 PM
Post #3


Whats this Lie-nix Thing?
*

Group: Members
Posts: 3
Joined: 17-March 04
Member No.: 2,601



Thank you Robert83!!! Your configuration along with some of my own configs worked like a champ. I really appreciate your post. Now I'm able to run ethereal along side squid. Kinda cool..... Thanks again....

Peace Out....
Go to the top of the page
 
+Quote Post
Robert83
post Mar 18 2004, 01:35 PM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



I'm glad you managed to get it up running the way you wanted it to run smile.gif

Sincerely
Robert B


ps.: If I may ask ,can you please post back you're full squid.conf here , so that I can see it, maybe I'll learn something from you're aditional settings...


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
HickoryShade
post Mar 19 2004, 08:20 AM
Post #5


Whats this Lie-nix Thing?
*

Group: Members
Posts: 3
Joined: 17-March 04
Member No.: 2,601



Robert,

I have no prob. posting the full squid.conf. I might have some security holes that you see that I don't. Is there an easier way to post the config. other then copy/paste the entire config?

HickoryShade
Go to the top of the page
 
+Quote Post
Robert83
post Mar 19 2004, 12:11 PM
Post #6


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

copy paste should do, if you have the time, please post it here.

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 20th October 2017 - 02:58 PM