Re: [squid-users] Access to local news server

From: David Maina <[email protected]>
Date: Wed, 7 Dec 2005 12:15:21 +0300 (EAT)

Tim Edwards said:
> Hi,
>
> I have 2 squid machines running as cache-peers, with one (the 'iproxy')
> forwarding requests to the other (the 'oproxy'). I'm trying to setup a
> news server on the oproxy that can be accessed by users inside the LAN
> using desproxy (http://desproxy.sourceforge.net/) to tunnel it through the
> iproxy. However when I run desproxy and try to connect to the news server
> I get this:
>
> Connection request from 192.168.1.186, port 41450 Connecting to http proxy

It seems your news server port is 41450.Add that port to your ACL on Safe_ports directives
> (iproxy:3128) Server: squid/2.5.STABLE3 Mime-Version: 1.0 Date: Wed, 07 Dec
> 2005 05:57:09 GMT Content-Type: text/html Content-Length: 1089 Expires: Wed,
> 07 Dec 2005 05:57:09 GMT X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS
> from oproxy.registriesltd.com.au Proxy-Connection: close
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd"> <HTML><HEAD><META
> HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
> <TITLE>ERROR: The requested URL could not be retrieved</TITLE> <STYLE
> type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,san
> s-serif}PRE{font-family:sans-serif}--></STYLE> </HEAD><BODY> <H1>ERROR</H1>
> <H2>The requested URL could not be retrieved</H2> <HR noshade size="1px">
> <P> While trying to retrieve the URL: oproxy:119
> <P> The following error was encountered: <UL> <LI> <STRONG> Access Denied.
> </STRONG> <P> Access control configuration prevents your request from being
> allowed at this time. Please contact your service provider if you feel
> this is incorrect. </UL> <P>Your cache administrator is <A
> HREF="mailto:webmaster@registriesltd.com.au">webmaster@registriesltd.com.
> au</A>.
>
>
> <BR clear="all"> <HR noshade size="1px"> <ADDRESS> Generated Wed, 07 Dec
> 2005 05:57:09 GMT by oproxy.registriesltd.com.au (squid/2.5.STABLE3)
> </ADDRESS> </BODY></HTML> connect_host_to_proxy: ERROR Connection #0: end of
> connection
>
> It seems that the squid on oproxy is denying access to the news server
> that runs on that machine. Here's my squid.conf from oproxy:
>
> ftp_user webmaster@registriesltd.com.au cache_mgr
> webmaster@registriesltd.com.au cache_mem 128 MB maximum_object_size 20480
> KB maximum_object_size_in_memory 64 KB cache_dir ufs /var/spool/squid 2048
> 32 512 # Allow CONNECT to SSL (and a few special) ports acl SSL_ports port
> 22 443 563 873 5050 5190 5222 5223 http_access allow CONNECT SSL_ports #
> Allow CONNECT to NNTP acl NNTP_port port 119 dst 10.20.10.2 http_access
> allow CONNECT nntp_port # Other common ACLs #http_access deny to_localhost
> acl iproxy src 10.20.10.0/24 acl iproxy2 src 10.70.10.0/24 http_access
> allow iproxy http_access allow iproxy2
>
> # Server settings visible_hostname oproxy.registriesltd.com.au http_port
> 10.20.10.2:3128
>
> # Default DENY http_access allow localhost http_access deny all
>
> -- Tim Edwards Systems Administrator REGISTRIES LTD ABN 14 003 209 836 Phone:
> 92909610
>
> IMPORTANT INFORMATION This email may contain privileged or confidential
> information. If you are not the intended recipient, or a person
> responsible for delivering this email to the intended recipient, you
> should not disseminate, review, disclose, distribute or copy the contents
> of this email or any attachments. In this case, please immediately notify
> the sender by reply email, then delete this message and any attachments
> from your system.
>
> Unencrypted emails transmitted over public networks are not private
> communications, and therefore content integrity and confidentiality cannot
> be guaranteed. Emails may also be lost, destroyed, or arrive late. It is
> understood that opinions, conclusions and other information in this
> message that do not relate to the official business of Registries Limited,
> are neither given nor endorsed.
>

----------------------------------------------------------------------
David Maina.
Systems Administrator.
PdE-Kenya.
P. O. Box 1239 - 20100.
Nakuru, Kenya.
Telephone:+254-51-850298/850333.
Cell:+254-721-950073.
----------------------------------------------------------------------
"By golly, I'm beginning to think Linux really *is* the best thing since sliced bread."
Received on Wed Dec 07 2005 - 02:15:53 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:02 MST