[ILUG] Squid3 Configuration

Mick O'Toole mickotoole at gmail.com
Tue Jan 31 15:29:37 GMT 2012 

Afternoon folks,

I'm trying to set up a Squid proxy server on ubuntu.

I've got a server with two NIC's. Both have static IP addresses. eth0 is
connected to an eircom router with a static IP Address of 192.168.1.1 and
eth1 is connected to the company LAN with IP address 192.81.101.30.

I've installed Squid3 through aptitude and right now my current
/etc/squid3/squid.conf looks like this

http_port 192.81.101.30:3128 transparent
# http_port 3129 intercept
access_log /var/log/squid3/access.log
# cache_dir /var/spool/squid3 1440 16 256
acl my_lan src 192.81.101.0/24
http_access allow my_lan
http_access allow all
tcp_outgoing_address 192.168.1.1 my_lan
dns_nameservers 8.8.8.8

I know that this configuration file is insecure at the minute but I'm just
trying to get it working before I tweak it and lock it down. The problem is
trying to get it working.

When I point my browser to proxy 192.81.101.30:3128 I get the following on
the page
*
*

*Unable to determine IP address from host name www.google.com*


The DNS server returned:

Timeout

My /etc/resolv.conf file looks like this

nameserver 192.168.1.254
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 192.81.101.236
nameserver 192.81.101.237

When I check my /var/log/squid3/cache.conf file I see

2012/01/31 15:17:39| Open FD UNSTARTED     7 DNS Socket IPv6
2012/01/31 15:17:39| Open FD WRITING       8 DNS Socket IPv4
2012/01/31 15:17:39| Open FD READ/WRITE   15 Waiting for next request
2012/01/31 15:17:39| Squid Cache (Version 3.1.6): Exiting normally.
2012/01/31 15:17:40| Creating Swap Directories
2012/01/31 15:17:40| Starting Squid Cache version 3.1.6 for
i686-pc-linux-gnu...
2012/01/31 15:17:40| Process ID 2313
2012/01/31 15:17:40| With 65535 file descriptors available
2012/01/31 15:17:40| Initializing IP Cache...
2012/01/31 15:17:40| DNS Socket created at [::], FD 7
2012/01/31 15:17:40| DNS Socket created at 0.0.0.0, FD 8
2012/01/31 15:17:40| Adding nameserver 8.8.8.8 from squid.conf
2012/01/31 15:17:40| Unlinkd pipe opened on FD 13
2012/01/31 15:17:40| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2012/01/31 15:17:40| Store logging disabled
2012/01/31 15:17:40| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2012/01/31 15:17:40| Target number of buckets: 1008
2012/01/31 15:17:40| Using 8192 Store buckets
2012/01/31 15:17:40| Max Mem  size: 262144 KB
2012/01/31 15:17:40| Max Swap size: 0 KB
2012/01/31 15:17:40| Using Least Load store dir selection
2012/01/31 15:17:40| Current Directory is /
2012/01/31 15:17:40| Loaded Icons.
2012/01/31 15:17:40| Accepting  intercepted HTTP connections at
192.81.101.30:3128, FD 14.
2012/01/31 15:17:40| HTCP Disabled.
2012/01/31 15:17:40| Squid modules loaded: 0
2012/01/31 15:17:40| Adaptation support is off.
2012/01/31 15:17:40| Ready to serve requests.
2012/01/31 15:17:41| storeLateRelease: released 0 objects
2012/01/31 15:17:42| IpIntercept.cc(137) NetfilterInterception:  NF
getsockopt(SO_ORIGINAL_DST) failed on FD 11: (92) Protocol not available
2012/01/31 15:21:41| IpIntercept.cc(137) NetfilterInterception:  NF
getsockopt(SO_ORIGINAL_DST) failed on FD 15: (92) Protocol not available

... and my /var/log/squid3/access.log looks a little something like this

1328019581.249      0 192.81.101.40 TCP_MISS/500 4324 POST
http://lastpass.com/httptest.php - NONE/- text/html
1328019881.259      0 192.81.101.40 TCP_MISS/500 4324 POST
http://lastpass.com/httptest.php - NONE/- text/html
1328020181.269      0 192.81.101.40 TCP_MISS/500 4324 POST
http://lastpass.com/httptest.php - NONE/- text/html
1328020481.279      0 192.81.101.40 TCP_MISS/500 4324 POST
http://lastpass.com/httptest.php - NONE/- text/html
1328021325.148      0 192.81.101.40 TCP_MISS/500 3920 GET
http://192.168.1.254/ - NONE/- text/html
1328021325.220      0 192.81.101.40 TCP_MISS/500 3998 GET
http://www.squid-cache.org/Artwork/SN.png - NONE/- text/html
1328021328.176      0 192.81.101.40 TCP_MISS/500 4282 GET
http://www.makeuseof.com/pages/downloads - NONE/- text/html
1328021328.213      0 192.81.101.40 TCP_MISS/500 4019 GET
http://www.squid-cache.org/Artwork/SN.png - NONE/- text/html
1328021329.915      0 192.81.101.40 TCP_MISS/500 4145 GET
http://www.googlesnips.com/ - NONE/- text/html
1328021329.974      0 192.81.101.40 TCP_MISS/500 4004 GET
http://www.squid-cache.org/Artwork/SN.png - NONE/- text/html
1328021330.020      0 192.81.101.40 TCP_MISS/500 4178 GET
http://www.googlesnips.com/favicon.ico - NONE/- text/html
1328021381.317      0 192.81.101.40 TCP_MISS/500 4324 POST
http://lastpass.com/httptest.php - NONE/- text/html
1328021543.655      0 192.81.101.40 TCP_MISS/500 4248 GET
http://www.google.com/webfonts - NONE/- text/html
1328021543.724      0 192.81.101.40 TCP_MISS/500 4007 GET
http://www.squid-cache.org/Artwork/SN.png - NONE/- text/html


I've been trawling through forums and documentation but I'm getting
nowhere. I'm hoping that someone on here can see something that I've missed
... anything!!!

Thanks,

Mick

More information about the ILUG mailing list