Help - Search - Members - Calendar
Full Version: Rh8 & Squid 2.4 Stable 7
Linuxhelp > Support > Technical Support
HickoryShade
I'm a newbie for Linux. I have been able to load nessus and ethereal without a problem but for some reason I'm running into a brick wall when it comes to squid. If someone could be so kind and point me in the right direction I would be much obliged.....This is the error message I received:

[root@RHW squid]# squid -NCd1
2004/03/17 10:26:51| parseConfigFile: line 1261 unrecognized: 'auth_param basic
children 5'
2004/03/17 10:26:51| parseConfigFile: line 1262 unrecognized: 'auth_param basic
realm Squid proxy-caching web server'
2004/03/17 10:26:51| parseConfigFile: line 1263 unrecognized: 'auth_param basic
credentialsttl 2 hours'
2004/03/17 10:26:51| parseConfigFile: line 1866 unrecognized: 'http_reply_access allow all'
WARNING: Cannot write log file: /usr/local/squid/logs/cache.log
/usr/local/squid/logs/cache.log: Permission denied
messages will be sent to 'stderr'.
2004/03/17 10:26:51| WARNING: Closing open FD 2
2004/03/17 10:26:51| Starting Squid Cache version 2.4.STABLE7 for i686-pc-linux-gnu...
2004/03/17 10:26:51| Process ID 24857
2004/03/17 10:26:51| With 1024 file descriptors available
2004/03/17 10:26:51| Performing DNS Tests...
2004/03/17 10:26:51| Successful DNS name lookup tests...
2004/03/17 10:26:51| DNS Socket created on FD 3
2004/03/17 10:26:51| Adding nameserver x.x.x.x from /etc/resolv.conf
2004/03/17 10:26:51| Adding nameserver x.x.x.x from /etc/resolv.conf
FATAL: Cannot open '/usr/local/squid/logs/access.log' for writing.
The parent directory must be writeable by the
user 'nobody', which is the cache_effective_user
set in squid.conf.
Squid Cache (Version 2.4.STABLE7): Terminated abnormally.
CPU Usage: 0.010 seconds = 0.010 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 307
Aborted
[root@RHW squid]#

Thanks for your help.....
Peace....
Robert83
Hi

try my squid.conf file
------------------------------------------------------
http_port 3228
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

cache_mem 32 MB
fqdncache_size 1024

cache_dir ufs /proxy1/ 8000 16 256
cache_dir ufs /proxy2/ 8000 16 256

cache_mgr brobiwbe@xxxxxxx.co.yu
cache_effective_user nobody
cache_effective_group nobody

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl FTP proto FTP
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 563
acl Safe_ports port 80 8080 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl xxx1 src 192.168.0.0/255.255.255.0
acl xxx2 src 192.168.1.0/255.255.255.0
acl xxx3 src 192.168.2.0/255.255.255.0

http_access allow xxx1 xxx2 xxx3
always_direct allow FTP
http_access allow xxx1
http_access allow xxx2
http_access allow xxx3
http_access deny all
-----------------------------------------------------------------
make sure that the owner of the squid proxy directory is nobody / nobody , and also make sure
that under /var/log/squid the owner is nobody / nobody

the above mentioned conf file is a transparent proxy ,thus you don't need to enter manualy the port in the browsers...
!goto the squid site , and read the manual, http://squid.visolve.com/squid/index.htm you'll need to add a line so that Internet Explorer will be forced to refresh , so that It will get the fresh content always...

and also make sure that the following line is in you're iptables
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3228

...
but here is my complete iptables file for my proxy server
eth0,1,2 internal [192.168.0.x ; 192.168.1.x ; 192.168.2.x] eth3 is connected to the firewalls internal ethernet card 192.168.10.2

you can safely skip the drop-and-log-it , drop rules , if you use you're proxy server behind a firewall...

iptables -A FORWARD -i eth0 -o eth3 -j ACCEPT
iptables -N drop-and-log-it
iptables -A drop-and-log-it -j LOG --log-prefix iptables --log-level info
iptables -A drop-and-log-it -j DROP
iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth3 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth3 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 0/0 -d 0/0 -j DROP
iptables -A INPUT -i eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth2 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -j DROP
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3228
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3228
iptables -A PREROUTING -t nat -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3228
iptables -A POSTROUTING -t nat -s 192.168.0.0/255.255.255.0 -o eth3 -j SNAT --to-source 192.168.10.2
iptables -A POSTROUTING -t nat -s 192.168.1.0/255.255.255.0 -o eth3 -j SNAT --to-source 192.168.10.2
iptables -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o eth3 -j SNAT --to-source 192.168.10.2

also consider downloading SQUID 2.5 from the squid website since it's stable , and I had no problems with it ...


Sincerely
Robert B
HickoryShade
Thank you Robert83!!! Your configuration along with some of my own configs worked like a champ. I really appreciate your post. Now I'm able to run ethereal along side squid. Kinda cool..... Thanks again....

Peace Out....
Robert83
I'm glad you managed to get it up running the way you wanted it to run smile.gif

Sincerely
Robert B


ps.: If I may ask ,can you please post back you're full squid.conf here , so that I can see it, maybe I'll learn something from you're aditional settings...
HickoryShade
Robert,

I have no prob. posting the full squid.conf. I might have some security holes that you see that I don't. Is there an easier way to post the config. other then copy/paste the entire config?

HickoryShade
Robert83
Hi,

copy paste should do, if you have the time, please post it here.

Sincerely
Robert B
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.