Transparent SQUID proxy not working

General support questions
Post Reply
raitsarevo
Posts: 1
Joined: 2017/05/25 10:31:16

Transparent SQUID proxy not working

Post by raitsarevo » 2017/05/25 10:45:49

Hi,

I'm setting up a transparent squid proxy in centos 6.7 server.
all the installation and configuration are done and the squid service is working properly.
The problem is when i do a test in configuring the proxy in my client browser i'm not able to open any web site, it says that the proxy is not responding and checking in the proxy log file nothing happen.
Is there anybody who can help me in solving the problem.
Thank you in advance and please find below my squid configuration:

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
#http_port 3128
http_port 8080 transparent

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
#coredump_dir /var/spool/squid
coredump_dir /var/cache1
#AJOUT pour la TRANSPARENCE CISCO

# WCCP Router IP
wccp2_router 10.20.133.1

# forwarding 1=gre 2=l2
wccp2_forwarding_method 1

# GRE return method gre|l2

# Assignment method hash|mask
wccp2_assignment_method hash


# standard web cache, no auth
wccp2_service standard 0

# Fixage de l'adresse du DNS
dns_nameservers 8.8.4.4 8.8.8.8

#FIN des AJOUTS

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
cache_dir ufs /var/cache1 200000 16 256
cache_dir ufs /var/cache2 150000 16 256

#Change
cache_mem 20000 MB
#cache_swap_low 90
#cache_swap_high 95
maximum_object_size_in_memory 1024 KB
maximum_object_size 2048 KB
half_closed_clients off
memory_pools on
memory_pools_limit 2048 MB
#dns_nameservers 127.0.0.1
ipcache_size 4096
ipcache_low 90
ipcache_high 95
log_fqdn off
half_closed_clients off
cache_swap_high 100%
cache_swap_low 80%

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# ADMINISTRATIVE PARAMETERS
cache_mgr admin@greencom-eg.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy-malabo.greencom-eg.com

#access_log /var/log/squid/access.log squid
acl snmpcommunity snmp_community public
snmp_port 3401
snmp_access allow snmpcommunity localhost
snmp_access deny all


Regards,

Raitsarevo.
Top
KillroyWasHere
Posts: 6
Joined: 2017/05/26 13:24:43

Re: Transparent SQUID proxy not working

Post by KillroyWasHere » 2017/05/27 23:53:43

Do you have a host-based firewall configured on the proxy and is it setup to accept/forward traffic as needed?
Top
Post Reply

Return to “CentOS 6 - General Support”