RE: [squid-users] website not showing up on http transparent squid

From: Jacob D. Myers <[email protected]>
Date: Thu, 16 Aug 2007 15:26:58 -0500

Hello,

It doesn't I wish it would, maybe that would help us. Do you think it would be a better idea to just use Iptables to forward that URL, if so do you know how to write that rule in my script?

Thank you,
Jacob D Myers
-----Original Message-----
From: Tek Bahadur Limbu [mailto:teklimbu@wlink.com.np]
Sent: Wednesday, August 15, 2007 3:26 AM
To: Jacob D. Myers
Cc: Henrik Nordstrom; squid-users@squid-cache.org
Subject: Re: [squid-users] website not showing up on http transparent squid

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jacob,

On Tue, 14 Aug 2007 10:10:29 -0500
"Jacob D. Myers" <jmyers@czconsulting.com> wrote:

> Hi Tek and Henrik! Thank you for all your help.
>
> I run a boot script to set up the transparent bridging upon bootup.
> I'll insert it at the end.
> I would upgrade to stable14 but I installed with apt-get on my ubuntu server 7.04 and that is the latest package from the standard repositories. I did do a full compile from the stable 14 tarball originally but ubuntu and webmin wouldn't recognize that squid was there. I tried to do the compile so I could use the --enable-storeio=null and --enable-linux-netfilter options during the ./configure but like I said after the install webmin and the command line would not recognize that squid was installed.
>
> Here is my boot script.
>
> ifconfig eth0 0.0.0.0 promisc up
> ifconfig eth1 0.0.0.0 promisc up
>
> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 eth1
>
> ifconfig br0 10.0.10.191 netmask 255.255.255.0 up
> route add default gw 10.0.10.1 dev br0
>
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128
>
> I got it from a guide online for setting up a transparent squid proxy with two NIC's. BTW I am running two 3com 905c's for the NIC's.

I don't have that much experience of Webmin. I heard that it makes administration easy using graphical tools.

So you are running Squid transparently in bridge mode. Can you access that website if you manually put the proxy server in your Firefox or IE browser?

Thanking you...

>
> Thank you,
> Jacob D Myers
>
>
> -----Original Message-----
> From: Tek Bahadur Limbu [mailto:teklimbu@wlink.com.np]
> Sent: Tuesday, August 14, 2007 2:45 AM
> To: Jacob D. Myers
> Cc: Henrik Nordstrom; squid-users@squid-cache.org
> Subject: Re: [squid-users] website not showing up on http transparent squid
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Jacob,
>
> On Mon, 13 Aug 2007 14:13:49 -0500
> "Jacob D. Myers" <jmyers@czconsulting.com> wrote:
>
> >
> > (From IE and Firefox there is simply a blank screen and a status of Done when requesting this site)
> > (Here is my squid.conf:)
> >
> > http_port 3128 transparent
> > hierarchy_stoplist cgi-bin ?
> > acl QUERY urlpath_regex cgi-bin \?
> > cache deny QUERY
> > acl apache rep_header Server ^Apache
> > broken_vary_encoding allow apache
> > cache_mem 128 MB
> > cache_dir null /null
> > access_log /var/log/squid/access.log squid
> > hosts_file /etc/hosts
> > refresh_pattern ^ftp: 1440 20% 10080
> > refresh_pattern ^gopher: 1440 0% 1440
> > refresh_pattern . 0 20% 4320
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl to_localhost dst 127.0.0.0/8
> > acl unauthsites dstdomain "/etc/squid/unauthorized-sites"
> > acl workstations src 10.0.10.0/255.255.255.0
> > acl CONNECT method CONNECT
> > acl our_network src 10.0.10.0/255.255.255.0
> > no_cache deny all
> > http_access allow manager localhost
> > http_access deny manager
> > http_access deny workstations unauthsites
> > http_access allow our_network
> > http_access allow localhost
> > http_access deny all
> > http_reply_access allow all
> > always_direct allow all
> > icp_access allow all
> > cache_effective_group proxy
> > visible_hostname ubprox
> > coredump_dir /var/spool/squid
>
> Your config seems fine.
>
> >
> > (All I get in access.log is:)
> >
> > 1187028327.093 229 10.0.10.62 TCP_MISS/200 4225 GET http://www.fnams.com/ - DIRECT/206.54.145.38 text/html
>
> Your access.log shows your squid box fetching the request on behalf of your client.
>
> >
> > (This is what telnet to port 80 on my squid box gets:)
> >
> > HTTP/1.1 400 Bad Request ( The data is invalid. )
> > Connection: close
> > Pragma: no-cache
> > Cache-Control: no-cache
> > Content-Type: text/html
> > Content-Length: 1714
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> > <HTML dir=ltr><HEAD><TITLE>The page cannot be displayed</TITLE>
> > <STYLE>A:link {
> > FONT: 8pt/11pt verdana; COLOR: #ff0000
> > }
> > A:visited {
> > FONT: 8pt/11pt verdana; COLOR: #4e4e4e
> > }
> > </STYLE>
> >
> > <META content=NOINDEX name=ROBOTS>
> > <META http-equiv=Content-Type content="text-html; charset=Windows-1252">
> >
> > <META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>
> > <BODY bgColor=#ffffff>
> > <TABLE cellSpacing=5 cellPadding=3 width=410>
> > <TBODY>
> > <TR>
> > <TD vAlign=center align=left width=360>
> > <H1 style="FONT: 13pt/15pt verdana; COLOR: #000000"><!--Problem-->The page
> > cannot be displayed</H1></TD></TR>
> > <TR>
> > <TD width=400 colSpan=2><FONT
> > style="FONT: 8pt/11pt verdana; COLOR: #000000">There is a problem with the
> > page you are trying to reach and it cannot be displayed.</FONT></TD></TR>
> > <TR>
> > <TD width=400 colSpan=2><FONT
> > style="FONT: 8pt/11pt verdana; COLOR: #000000">
> > <HR color=#c0c0c0 noShade>
> >
> > <P>Please try the following:</P>
> > <UL>
> > <LI>Click the Refresh button,
> > or try again later.<BR>
> > <LI>Open the Web site
> > home page, and then look for links to the information you want.
> > <LI>If you believe you should be able to view this directory or page,
> > please contact the Web site administrator by using the e-mail address or
> > phone number listed on the Web site
> > home page. </LI></UL>
> > <H2 style="FONT: 8pt/11pt verdana; COLOR: #000000">400 Bad Request - The data is invalid. (13)<BR>Internet Security and Acceleration Server</H2>
> > </FONT></TD></TR></TBODY></TABLE></BODY></HTML>
> > Connection closed by foreign host.
>
> This shows your Squid box can fetch the URL from itself. Seems like they are running some kind of ISA server but I don't think it is the cause of your problem.
>
> By the way, did you try running tcpdump?
>
> >
> > (From the windows client I get this from telnet port 80:)
> >
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.or
> > g/TR/html4/loose.dtd">
> > <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/
> > html; charset=iso-8859-1">
> > <TITLE>ERROR: The requested URL could not be retrieved
> > </TITLE>
> > <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:ver
> > dana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
> > </HEAD><BODY>
> > <H1>ERROR</H1
> > >
> > <H2>The requested URL could not be retrieved</H2>
> > <HR noshade size="1px">
> > <P>
> > Whil
> > e trying to process the request:
> > <PRE>
> >
> >
> > </PRE>
> > <P>
> > The following error was encountere
> > d:
> > <UL>
> > <LI>
> > <STRONG>
> > Invalid Request
> > </STRONG>
> > </UL>
> >
> > <P>
> > Some aspect of the HTTP Reques
> > t is invalid. Possible problems:
> > <UL>
> > <LI>Missing or unknown request method
> > <LI>Mi
> > ssing URL
> > <LI>Missing HTTP Identifier (HTTP/1.0)
> > <LI>Request is too large
> > <LI>Conte
> > nt-Length missing for POST or PUT requests
> > <LI>Illegal character in hostname; und
> > erscores are not allowed
> > </UL>
> > <P>Your cache administrator is <A HREF="mailto:webm
> > aster">webmaster</A>.
> >
> > <BR clear="all">
> > <HR noshade size="1px">
> > <ADDRESS>
> > Generated
> > Mon, 13 Aug 2007 18:10:42 GMT by ubprox (squid/2.6.STABLE5)
> > </ADDRESS>
> > </BODY></HT
> > ML>
> >
> >
> > Connection to host lost.
>
> But it's strange why your clients can't fetch the URL transparently. Also you say that Opera can fetch it while Firefox and IE can't!
>
> How does your IPTABLES redirection rules look like?
>
> I can't remember the exact syntax but you can put a rule above your transproxy redirection rule to allow your clients to fetch the URL directly instead of going through the proxy
>
> Or maybe upgrading to Squid-2.6.14 might work!
>
> Thanking you...
>
> >
> >
> > Thank you,
> > Jacob D Myers
> >
> >
> >
> > -----Original Message-----
> > From: Tek Bahadur Limbu [mailto:teklimbu@wlink.com.np]
> > Sent: Monday, August 13, 2007 1:37 PM
> > To: Jacob D. Myers
> > Cc: Henrik Nordstrom; squid-users@squid-cache.org
> > Subject: Re: [squid-users] website not showing up on http transparent squid
> >
> > Jacob D. Myers wrote:
> > > Interesting, I wonder if that is because I have it running transparently.
> >
> > Hi Jacob,
> >
> > I can access www.fnams.com with my transparent proxy setup.
> > Can you telnet to www.fnams.com on port 80 from your Squid proxy in the
> > first place if not from the user's end?
> >
> > What is the exact error that Squid reports when trying to access it
> > transparently from the user's end?
> >
> > I bet your best tool would be running tcpdump and check if some kind of
> > firewall is actually coming in your way.
> >
> > Also what does your cache.log and access.log say?
> >
> >
> > Thanking you...
> >
> >
> > >
> > > Thank you,
> > > Jacob D. Myers
> > >
> > >
> > > -----Original Message-----
> > > From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
> > > Sent: Monday, August 13, 2007 11:37 AM
> > > To: Jacob D. Myers
> > > Cc: squid-users@squid-cache.org
> > > Subject: Re: [squid-users] website not showing up on http transparent squid
> > >
> > > On m�n, 2007-08-13 at 09:18 -0500, Jacob D. Myers wrote:
> > >> Hello, this is my first time posting.
> > >> I have a client that is trying to request www.fnams.com.
> > >> There are no errors in the log files, and squid is not reporting any
> > >> problems but the site simply will not display in IE6 or Firefox 2.
> > >
> > > Works for me using Firefox 2.0.0.5 with Squid configured as a proxy.
> > >
> > > Regards
> > > Henrik
> > >
> > >
> > >
> >
> >
> > --
> >
> > With best regards and good wishes,
> >
> > Yours sincerely,
> >
> > Tek Bahadur Limbu
> >
> > (TAG/TDG Group)
> > Jwl Systems Department
> >
> > Worldlink Communications Pvt. Ltd.
> >
> > Jawalakhel, Nepal
> >
> > http://www.wlink.com.np
> >
>
>
> - --
>
> With best regards and good wishes,
>
> Yours sincerely,
>
> Tek Bahadur Limbu
>
> (TAG/TDG Group)
> Jwl Systems Department
>
> Worldlink Communications Pvt. Ltd.
>
> Jawalakhel, Nepal
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (FreeBSD)
>
> iD8DBQFGwV12fpE0pz+xqQQRAtl6AJ0fS6Xzajs+Vw8RVIeLevrjPb4YIgCgkfdp
> RL0Du2H0R7v0REV/uHkut+c=
> =Rd91
> -----END PGP SIGNATURE-----
>

- --

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFGwritfpE0pz+xqQQRAiv3AJ9Yi7ImaTy6gIGHSFwGQz3BGEsE/QCgnxAE
wBXvyaCIBs9S5GMgjZQ44yY=
=yqpM
-----END PGP SIGNATURE-----
Received on Thu Aug 16 2007 - 14:29:09 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT