Hello Guys ,
I am having a problem with our internet cable network. we'r using Linux Redhat Fedora Core 3 as a gateway with Squid Proxy Server & IPtables firewall & other 2 servers , one is ISA Server for Browsing & the another one is for socks . the problem is that linux is forwarding all the SSL sites to our socks server that we don't want. we setup socks server to listen only for Instant Messengers .. can somebody tell me how could i resolve this issue.
Regards,
zAm (Lyarianz Internet Cable Network - Network Administrator)
Firewall Problem
Firewall Problem
Proud To Be Lyarianz !
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Farrukh Ahmed
Re: What Should I Need To Do ?
LinuxFreaK wrote:Dear zAm,
Salam,
FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=3772
Best Regards.
Hello,
Farrukh .... i read all the posts .. i think the better one for me is to re-compile squid with --enable-ssl because our Linux Administrator just copy paste the entire squid directory ... or maybe he uses the rpm package .... i think that --enable-ss option is not integrated with squid rpm package.we'r using "squid-2.5.STABLE11-1.FC3" .. so should i re-compile with --enable-ssl & then backup my current existing squid.conf in /etc/squid/ , i hope that won't create any problems ... i'm hesistating to do this because we'r running a large network ... & i don't want to disturb them .... but i really need to fix my problem ... when i use manual proxy in IE so the ssl works from the same browsing server but when using without proxy it tries to access from the socks server .... ? so what you would recommend me ? re-compiling squid with --enable-ssl ? Sorry for bugging you alot... Thanks for being so helpful
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear zAm,
Salam,
Then Install Linux on another machine and test it few clients
Best Regards.
Salam,
Then Install Linux on another machine and test it few clients

Best Regards.
Farrukh Ahmed
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
the Problem still exists
Hello,
Farrukh ...my problem turns another way ... i thought that could be the problem of re-compiling squid with --enable-ssl . but i think that wouldn't help me out ... because i can access https webpaeges while using proxy in IE , but why shouldn't it works without proxy .. all the websites (80) works fine without proxy then why doesn't these https, ssl sites ? i remove the port 443 from safe_port ACL from my squid.conf but it doesn't helped me yet ... what else do i need to change ? if you don't mind so may i send u my iptables file & squid configuration file to your inbox , to have a look over & check what's happening ? help me out , i'm really pissed off due to this bad sticky problem ...
Regards,
zAm (Lyarianz Internet Cable Network)
Farrukh ...my problem turns another way ... i thought that could be the problem of re-compiling squid with --enable-ssl . but i think that wouldn't help me out ... because i can access https webpaeges while using proxy in IE , but why shouldn't it works without proxy .. all the websites (80) works fine without proxy then why doesn't these https, ssl sites ? i remove the port 443 from safe_port ACL from my squid.conf but it doesn't helped me yet ... what else do i need to change ? if you don't mind so may i send u my iptables file & squid configuration file to your inbox , to have a look over & check what's happening ? help me out , i'm really pissed off due to this bad sticky problem ...
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re: the Problem still exists
Dear zAm,
Salam,
Not a proper way but might help you.
# iptables -t nat -A PREROUTING -s LANIP -p tcp --dport 443 -j REDIRECT --to-port SUQIDPORT
Best Regards.
Salam,
Not a proper way but might help you.
# iptables -t nat -A PREROUTING -s LANIP -p tcp --dport 443 -j REDIRECT --to-port SUQIDPORT
Best Regards.
Farrukh Ahmed
please look as my squid & iptables configuration files
Hello,
LinuxFreak......... now you must looking for me to kill me after knowing that my problem still exists :p hehe ... i am really pissed off now for this sticky problem ......
here's my squid & iptables configurations files ....
please check out these & suggest me what to do , which really works ......
thanks
Regards,
zAm (Lyarianz Internet Cable Network)
LinuxFreak......... now you must looking for me to kill me after knowing that my problem still exists :p hehe ... i am really pissed off now for this sticky problem ......
here's my squid & iptables configurations files ....
please check out these & suggest me what to do , which really works ......
thanks
Regards,
zAm (Lyarianz Internet Cable Network)
Last edited by zAm on Fri Dec 09, 2005 8:26 am, edited 1 time in total.
Proud To Be Lyarianz !
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear zAm,
Salam,
Edit your squid.conf and change following line.
TO
Best Regards.
Salam,
Edit your squid.conf and change following line.
Code: Select all
http_access allow CONNECT !SSL_ports
TO
Code: Select all
http_access allow CONNECT SSL_ports
Best Regards.
Farrukh Ahmed
the problem still exists
Hello,
LinuxFreak, well whatever you told me to change in squid.conf , doesn't make a sense because i could access httpS webpages while using Proxy in IE , as i could see ..... it's all about Transparent Proxying which is done with port 80 --to-port 8080 (squid box port) ... it's working fine but it's not working with another port like 443 which u told me before to ....
anyway's i edit the following line
"http_access allow CONNECT !SSL_ports"
TO
"http_access allow CONNECT SSL_ports"
but still the problem exists .... have u tried transparent proxying with port 443 ?? does it works to you ? anyway's thanks alot for helping me out .. i must find a good Linux Administrator for our network ........ hope i got one sooon ..... thanks once again for your kind replies ........ take care buddy ......... Allah Hafiz
Regards,
zAm (Lyarianz Internet Cable Network)
LinuxFreak, well whatever you told me to change in squid.conf , doesn't make a sense because i could access httpS webpages while using Proxy in IE , as i could see ..... it's all about Transparent Proxying which is done with port 80 --to-port 8080 (squid box port) ... it's working fine but it's not working with another port like 443 which u told me before to ....
anyway's i edit the following line
"http_access allow CONNECT !SSL_ports"
TO
"http_access allow CONNECT SSL_ports"
but still the problem exists .... have u tried transparent proxying with port 443 ?? does it works to you ? anyway's thanks alot for helping me out .. i must find a good Linux Administrator for our network ........ hope i got one sooon ..... thanks once again for your kind replies ........ take care buddy ......... Allah Hafiz
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
Who is online
Users browsing this forum: No registered users and 1 guest