Help - Search - Members - Calendar
Full Version: Rh8 & Squid 2.4 Stable 7
Linuxhelp > Support > Technical Support
I'm a newbie for Linux. I have been able to load nessus and ethereal without a problem but for some reason I'm running into a brick wall when it comes to squid. If someone could be so kind and point me in the right direction I would be much obliged.....This is the error message I received:

[root@RHW squid]# squid -NCd1
2004/03/17 10:26:51| parseConfigFile: line 1261 unrecognized: 'auth_param basic
children 5'
2004/03/17 10:26:51| parseConfigFile: line 1262 unrecognized: 'auth_param basic
realm Squid proxy-caching web server'
2004/03/17 10:26:51| parseConfigFile: line 1263 unrecognized: 'auth_param basic
credentialsttl 2 hours'
2004/03/17 10:26:51| parseConfigFile: line 1866 unrecognized: 'http_reply_access allow all'
WARNING: Cannot write log file: /usr/local/squid/logs/cache.log
/usr/local/squid/logs/cache.log: Permission denied
messages will be sent to 'stderr'.
2004/03/17 10:26:51| WARNING: Closing open FD 2
2004/03/17 10:26:51| Starting Squid Cache version 2.4.STABLE7 for i686-pc-linux-gnu...
2004/03/17 10:26:51| Process ID 24857
2004/03/17 10:26:51| With 1024 file descriptors available
2004/03/17 10:26:51| Performing DNS Tests...
2004/03/17 10:26:51| Successful DNS name lookup tests...
2004/03/17 10:26:51| DNS Socket created on FD 3
2004/03/17 10:26:51| Adding nameserver x.x.x.x from /etc/resolv.conf
2004/03/17 10:26:51| Adding nameserver x.x.x.x from /etc/resolv.conf
FATAL: Cannot open '/usr/local/squid/logs/access.log' for writing.
The parent directory must be writeable by the
user 'nobody', which is the cache_effective_user
set in squid.conf.
Squid Cache (Version 2.4.STABLE7): Terminated abnormally.
CPU Usage: 0.010 seconds = 0.010 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 307
[root@RHW squid]#

Thanks for your help.....

try my squid.conf file
http_port 3228
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

cache_mem 32 MB
fqdncache_size 1024

cache_dir ufs /proxy1/ 8000 16 256
cache_dir ufs /proxy2/ 8000 16 256

cache_effective_user nobody
cache_effective_group nobody

acl all src
acl manager proto cache_object
acl FTP proto FTP
acl localhost src
acl SSL_ports port 443 563
acl Safe_ports port 80 8080 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl xxx1 src
acl xxx2 src
acl xxx3 src

http_access allow xxx1 xxx2 xxx3
always_direct allow FTP
http_access allow xxx1
http_access allow xxx2
http_access allow xxx3
http_access deny all
make sure that the owner of the squid proxy directory is nobody / nobody , and also make sure
that under /var/log/squid the owner is nobody / nobody

the above mentioned conf file is a transparent proxy ,thus you don't need to enter manualy the port in the browsers...
!goto the squid site , and read the manual, you'll need to add a line so that Internet Explorer will be forced to refresh , so that It will get the fresh content always...

and also make sure that the following line is in you're iptables
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3228

but here is my complete iptables file for my proxy server
eth0,1,2 internal [192.168.0.x ; 192.168.1.x ; 192.168.2.x] eth3 is connected to the firewalls internal ethernet card

you can safely skip the drop-and-log-it , drop rules , if you use you're proxy server behind a firewall...

iptables -A FORWARD -i eth0 -o eth3 -j ACCEPT
iptables -N drop-and-log-it
iptables -A drop-and-log-it -j LOG --log-prefix iptables --log-level info
iptables -A drop-and-log-it -j DROP
iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth3 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 0/0 -d 0/0 -j DROP
iptables -A INPUT -i eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth2 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -j DROP
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3228
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3228
iptables -A PREROUTING -t nat -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3228
iptables -A POSTROUTING -t nat -s -o eth3 -j SNAT --to-source
iptables -A POSTROUTING -t nat -s -o eth3 -j SNAT --to-source
iptables -A POSTROUTING -t nat -s -o eth3 -j SNAT --to-source

also consider downloading SQUID 2.5 from the squid website since it's stable , and I had no problems with it ...

Robert B
Thank you Robert83!!! Your configuration along with some of my own configs worked like a champ. I really appreciate your post. Now I'm able to run ethereal along side squid. Kinda cool..... Thanks again....

Peace Out....
I'm glad you managed to get it up running the way you wanted it to run smile.gif

Robert B

ps.: If I may ask ,can you please post back you're full squid.conf here , so that I can see it, maybe I'll learn something from you're aditional settings...

I have no prob. posting the full squid.conf. I might have some security holes that you see that I don't. Is there an easier way to post the config. other then copy/paste the entire config?


copy paste should do, if you have the time, please post it here.

Robert B
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.