81 port

Taking care of your Linux box.

81 port

Postby janali » Wed Nov 05, 2008 1:12 pm

Dear,

When I tried to open site with squid proxy http:converter.rozee.com.pk:81 the message appear the page could not be open and with out proxy its working fine, I also make a ACL net port 81 but still problem, how I solve this problem?
janali
Naik
 
Posts: 58
Joined: Tue Jul 17, 2007 1:34 pm

Postby lambda » Wed Nov 05, 2008 1:27 pm

have you tried adding a Safe_ports acl for port 81?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby janali » Wed Nov 05, 2008 2:29 pm

yes but same result.
and also creat new acl acl net port 81, no success.
janali
Naik
 
Posts: 58
Joined: Tue Jul 17, 2007 1:34 pm

Postby lambda » Wed Nov 05, 2008 3:52 pm

what is the exact error?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby janali » Wed Nov 05, 2008 4:04 pm

The requested URL could not be retrieved.
Access denied
Access control configuration prevents your request for being allowed at this time...

but when ever I tried with out proxy site is working fine.
janali
Naik
 
Posts: 58
Joined: Tue Jul 17, 2007 1:34 pm

Postby lambda » Wed Nov 05, 2008 4:21 pm

with a Safe_ports acl for port 81 (and no other conflicting acl), you cannot get that error. did you run "squid -k reconfigure" or restart squid after adding the line?

take the time to learn how to use squid. do you want to be fired for not understanding the tools your job depends on?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby janali » Wed Nov 05, 2008 4:30 pm

Yes I run "squid -k reconfigure" or restart squid after adding the line.
janali
Naik
 
Posts: 58
Joined: Tue Jul 17, 2007 1:34 pm

Postby azfar » Wed Nov 05, 2008 10:03 pm

post your squid.conf here and tell us from which ip your are accessing it.
Azfar Hashmi
Email : azfarhashmi@hotmail.com
azfar
Captain
 
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
WLM: azfarhashmi@hotmail.com
Yahoo Messenger: azfarhusain@yahoo.com
Location: Karachi

Postby janali » Thu Nov 06, 2008 11:28 am

acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl special_url url_regex http://65.25.142.285
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl GPO-Internal src 10.10.1.0/255.255.255.0
acl BMC src 284.167.121.0/255.255.255.0
acl siteacl dstdomain .grailresearch.com .zip
acl net port 81
acl Banned_sites url_regex -i nude sex sexy xxx mp3 zip
janali
Naik
 
Posts: 58
Joined: Tue Jul 17, 2007 1:34 pm

Postby lambda » Thu Nov 06, 2008 11:50 am

what are your http_access lines?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby janali » Thu Nov 06, 2008 12:12 pm

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow special_url
http_access deny special_url
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow siteacl
http_access allow net
http_access deny Banned_sites
#
#http_access deny to_localhost
#
http_access allow password

# And finally deny all other access to this proxy
http_access deny all
janali
Naik
 
Posts: 58
Joined: Tue Jul 17, 2007 1:34 pm

Postby kbukhari » Sat Nov 08, 2008 11:32 am

you are using manual proxy or transparent ?

also check if you block 81 port in OUTPUT chain on you squid box..
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Postby janali » Mon Nov 10, 2008 2:54 pm

I am using manual proxy.

how to check block 81 port in OUTPUT chain on squid box?
janali
Naik
 
Posts: 58
Joined: Tue Jul 17, 2007 1:34 pm

Postby kbukhari » Mon Nov 10, 2008 4:16 pm

janali wrote:I am using manual proxy.

how to check block 81 port in OUTPUT chain on squid box?


iptables -nvL
--

Syed Kashif Ali Bukhari

+92-345-8444420

http://sysadminsline.com

http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Postby janali » Tue Nov 11, 2008 10:15 am

[root@abc ~]# iptables -nvL
Chain INPUT (policy ACCEPT 20 packets, 2549 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 26 packets, 15545 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 18 packets, 5946 bytes)
pkts bytes target prot opt in out source destination
janali
Naik
 
Posts: 58
Joined: Tue Jul 17, 2007 1:34 pm


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 2 guests

cron