Hotmail not opening behind Squid

Taking care of your Linux box.
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Hotmail not opening behind Squid

Postby mudasir » Wed Jan 23, 2008 8:30 pm

AOA,

I am using RHEL 4.0 as my Proxy, DHCP, DNS Server. Eveything is working fine all the websites are working, except HOTMAIL and YAHOO.

Yahoo is logging in but i am unable to open my mail or do anything with my mails.
Hotmail is not even logging in.

All the website working fine, except hotmail and yahoo

Can any one help out in this case, my squid.conf is below.

http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl router dst 192.168.1.1
http_access deny router
acl nocache url_regex -i "/firewall/squid/nocache"
no_cache deny nocache
acl ads url_regex -i "/firewall/squid/ads"
http_access deny ads
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /cache1 4500 16 256
cache_dir ufs /cache2 4500 16 256
cache_dir ufs /cache3 4000 16 256
refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern \.gif 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.GIF 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.tif 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.tiff 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.bmp 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.jpg 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.JPG 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.jpe 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.jpeg 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.JPEG 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.xbm 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.png 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.wrl 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.ico 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.pnm 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.pbm 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.pgm 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.ppm 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.rgb 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.ppm 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.rgb 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.xpm 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.xwd 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.pic 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.pict 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.mov 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.mpg 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.mpeg 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.mpe 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.avi 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.qt 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.qtm 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.viv 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.swf 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.wav 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.aif 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.aiff 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.au 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.ram 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.ra 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.rm 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.snd 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.mid 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.midi 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.mp2 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.mp3 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.mp2 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.sit 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.zip 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.hqx 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.exe 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.ZIP 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.EXE 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.arj 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.lzh 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.lha 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.cab 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.rar 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.tar 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.gz 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.Z 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.xls 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.ppt 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.txt 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.pdf 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.doc 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.rtf 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.text 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.latex 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.class 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.js 14400 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern \.shtml 14400 90% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern \.css 14400 90% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern \.htm 14400 90% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern \.html 14400 90% 4320 override-expire override-lastmod reload-into-ims
refresh_pattern \.asp 1 80% 2
refresh_pattern \.aspx 1 80% 2
refresh_pattern \.acgi 1 80% 2
refresh_pattern \.cgi 1 80% 2
refresh_pattern \.pl 1 80% 2
refresh_pattern \.shtml 1 80% 2
refresh_pattern \.php3 1 80% 2
refresh_pattern \.php 1 80% 2
refresh_pattern \? 1 80% 2
refresh_pattern ^ftp: 14440 80% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern ^gopher: 14400 0% 14400
refresh_pattern . 14400 95% 43200 override-expire override-lastmod reload-into-ims
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 172.16.0.0/16
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname proxy.crystal.net
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
dns_nameservers 172.16.10.1
cache_mem 64 MB
maximum_object_size 50 MB
cache_mgr Administrator


In my access.log i am getting something like this
TCP_MISS/000 0 GET


I searched google.com but i am unable to solve it, right now i have stopped my squid and my LINUX box is just working as a router, now everything is working fine.

Looking forward for some help.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby nomankhn » Thu Jan 24, 2008 9:51 am

Mudassir,

HI, I tested number of times squid with RHEL never see that thing that only hotmail.com will not open. OK you will do one thing edit squid.conf.default file and make some changes like

i am pasting here.


Regards,Noman Liaquat

-----------------------------------------------------------------------------------------------------------------------
http_port 8080
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


cache_mem 64 MB
cache_dir ufs /var/spool/squid 3000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
#auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm OpenTech proxy-caching server
auth_param basic credentialsttl 2 hours

#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl mynetwork src 192.168.1.0/24
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow mynetwork

cache_effective_user squid
cache_effective_group squid

visible_hostname tigger.moscow.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

-----------------------------------------------------------------------------------------------------------------------

nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby nomankhn » Thu Jan 24, 2008 9:53 am

Mudasir,

one more thing in your squid.conf turn off all setting of banner controlling or ads level acl and then try.

Regards,
Noman Liaquat

kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Postby kbukhari » Thu Jan 24, 2008 12:33 pm

Dear Mudasir

use this on squid.conf

Code: Select all

acl hotmail_domains dstdomain .hotmail.msn.com
acl ie6 browser MSIE[[:space:]]6
header_access Accept-Encoding deny ie6 hotmail_domains
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Thu Jan 24, 2008 3:02 pm

nomankhn wrote:visible_hostname tigger.moscow.com
what's this? why do you use "tigger.moscow.com"?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Thu Jan 24, 2008 5:34 pm

AOA,

Still no progress, i have tried both the solutions, but no progress. I have even installed new Squid from source, but still the same problem. When i disable REDIRECT in IPTABLES to squid everything is working fine. But as i start squid and REDIRECT all web traffic to squid, hotmail and yahoo stops working. :(

Now the squid.conf i am using is as follows
http_port 8080
icp_port 3130

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 64 MB

#acl mac-address arp "/users/squid"
#http_access deny !mac-address
#deny_info http://192.168.1.2:81/ !mac-address
#acl adsites url_regex "/usr/local/squid/links/ads"
#http_access deny adsites
#deny_info http://192.168.1.1/banner.html adsites

acl no-cache url_regex -i "/firewall/squid/nocache"
no_cache deny no-cache
acl localweb url_regex -i 192.168.1. 172.16.10.
no_cache deny localweb

maximum_object_size 50 MB
minimum_object_size 1 MB

cache_replacement_policy lru
memory_replacement_policy lru

cache_dir ufs /cache1 4500 16 256
cache_dir ufs /cache2 4500 16 256
cache_dir ufs /cache3 4000 16 256

cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
pid_filename /usr/local/squid/var/logs/squid.pid

dns_nameservers 203.99.163.240 203.99.163.243

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl hotmail_domains dst hotmail.com msn.com live.com
acl ie6 browser MSIE[[:space:]]6
header_access Accept-Encoding deny ie6 hotmail_domains

refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern ^ftp: 14440 80% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern ^gopher: 14400 0% 14400

negative_ttl 1 minutes
positive_dns_ttl 24 hours
negative_dns_ttl 1 minutes

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports
http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

#http_access allow mac-address
http_access allow all
#http_reply_access allow mac-address
http_reply_access allow all

#icp_access allow users
#icp_access allow mac-address
icp_access allow all


cache_mgr Administrator
visible_hostname proxy.crystal.net

cache_effective_user nobody
cache_effective_group nobody

reload_into_ims on

httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

acl localnet url_regex -i 172.16.10. 192.168.1.

delay_pools 1

delay_class 1 2
delay_access 1 allow localnet
delay_access 1 deny all
delay_parameters 1 -1/-1 -1/-1
Last edited by mudasir on Thu Jan 24, 2008 5:45 pm, edited 1 time in total.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Postby kbukhari » Thu Jan 24, 2008 5:39 pm

mudasir wrote:AOA,

Still no progress, i have tried both the solutions, but no progress. I have even installed new Squid from source, but still the same problem. When i disable REDIRECT in IPTABLES to squid everything is working fine. But as i start squid and REDIRECT all web traffic to squid, hotmail and yahoo stops working. :(

iptables lines for squid only
--

Syed Kashif Ali Bukhari

+92-345-8444420

http://sysadminsline.com

http://kashifbukhari.com

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Thu Jan 24, 2008 5:48 pm

AOA,

Dear kashif bhai,

IPTABLES lines are as follows,


iptables -t nat -A PREROUTING -i eth2 -s 172.16.0.0/16 -p tcp -m mark --mark 1 --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth2 -s 172.16.0.0/16 -p udp -m mark --mark 1 --dport 80 -j REDIRECT --to-port 8080


These my simple redirecting rules.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Sat Jan 26, 2008 3:51 am

squid only deals with port 80 traffic and as far as i know it only matter about tcp so there is no need for using udp rule. and concerning your problem i am currently using rhel4 as proxy server and never faced any kind of problem that you described.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com

babarhaq
Naik
Posts: 67
Joined: Tue May 20, 2003 10:07 am
Location: Islamabad
Contact:

Postby babarhaq » Sat Jan 26, 2008 10:14 am

mudasir

I think you are using proxy in transparent mode. Can you try specifying the proxy manually in the browser and checking the box which says "Use this proxy server for all protocols". If hotmail works in this scenario you will have to NAT port 443.

Hope it helps.

Regards,
Babar Haq
Copyleft Solutions
http://www.copyleft.com.pk

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Sat Jan 26, 2008 10:38 am

AOA,

I have tried all this, but no progress. Now I am thinking to install linux on another computer to see whether this problem is from my current Linux box or there is something wrong with my ISP link.

Thank you all very much for providing solutions to my problem.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Mon Jan 28, 2008 4:37 pm

Re installing is not a solution for all the times....
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Mon Jan 28, 2008 5:28 pm

AOA,

Dear x2oxen,

I am not reinstalling my Linux, i am Installing Linux on another computer, not reinstalling
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Mon Jan 28, 2008 7:21 pm

Ok you are just installing but re install :P
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Mon Jan 28, 2008 8:36 pm

AOA,

Dear Usman,

I think you got the point :lol:
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com


Return to “Administration”

Who is online

Users browsing this forum: No registered users and 2 guests