[COLUG] ipkungfu/squid problems

Brian Miller bnmille at gmail.com
Mon Mar 3 21:45:38 EST 2008 

On Mon, 2008-03-03 at 20:05 -0500, Robert Grimm wrote:
> Posted at http://ubuntuforums.org/showthread.php?p=4448864
> 
> I can't get squid working after moving the server I'm working on.  
> Everything worked fine when eth0 was 10.0.1.200. eth0 is the external  
> interface. eth1 is the internal interface. Both are now on the  
> 192.168.1.0/24 network. eth0 is 192.168.1.3. eth1 is 192.168.1.200.  
> The 10.0.1.0 network is my home network. The server is now in a  
> client's server room.
> 
> Here is the squid.conf:
> Code:
> 
> http_port 192.168.1.200:3128 transparent
> icp_port 3130
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> emulate_httpd_log on
> refresh_pattern ^ftp:		1440	20%	10080
> refresh_pattern ^gopher:	1440	0%	1440
> refresh_pattern .		0	20%	4320
> acl all src 192.168.1.0/24
> acl limited src "/etc/squid3/limited"
> acl good dstdomain "/etc/squid3/good.hosts"
> acl bad dstdomain "/etc/squid3/bad.hosts"
> acl badip dst "/etc/squid3/bad.ip"
> acl goodip dst "/etc/squid3/good.ip"
> acl idiot src "/etc/squid3/idiot"
> acl god src "/etc/squid3/god"
> acl craigslist dstdomain "/etc/squid3/craigslist"
> acl nickl src 192.168.1.182
> http_access allow god
> http_access allow craigslist nickl
> http_access deny idiot
> http_access allow good
> http_access allow goodip
> http_access allow good
> http_access allow limited good
> http_access deny limited
> http_access deny bad
> http_access allow all
> http_access deny all
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> coredump_dir /var/spool/squid3
> 
> I'm using ipkungfu to start the firewall. In the redirect.conf, it says
> Code:
> 
> tcp:80:3128:internal
> 
> Here is the ipkungfu.conf:
> Code:
> 
> EXT_NET="eth0"
> INT_NET="eth1"
> LOCAL_NET="192.168.1.0/255.255.255.0"
> GATEWAY=1
> FORBIDDEN_PORTS="135 137 139"
> SUSPECT="DROP"
> KNOWN_BAD="DROP"
> PORT_SCAN="DROP"
> GET_IP="192.168.1.3"
> DISALLOW_PRIVATE=0
> WAIT_SECONDS=5
> 
> Why would it suddenly quit working when changing the address of eth0?  
> What can I do to fix it?
> --
> Robert Grimm
> (614) 212-4625
> http://www.datablitz.net
> 
What does "netstat -r" show?  It seems to me the issue is that both eth0
and eth1 are on the same subnet.  How does squid know what interface to
send the requests to the http server out on?

I don't know how the rest of your network is set up, but I think you
should get eth0 to a different subnet.  If you can't do that (for
whatever reason), then you'll likely need to just disable eth0, although
that would likely require you to also configure your web browsers to use
a proxy server (rather than trying to use a transparent proxy).

More information about the colug432 mailing list