Yahoo Problem

Protecting your Linux box
Post Reply
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Yahoo Problem

Post by A_Karim »

Assalam-o-Alikum
I have problem connecting Yahoo Messenger with No Proxies using Squid as Proxy Server . MSN working fine.I am using Cable Net.

Scenario
Transparent Proxy - 192.168.1.1
My Squid Proxy -
eth1 = 192.168.1.2
eth0 = 10.0.0.1
My Cable wala running transparent proxy with MAC address filtering and by using his setting me and my users running applications fine.
But i want my users using my squid server as proxy by setting 10.0.0.1 as proxy and it works fine for rest of application only yahoo messenger does not working with No Proxies. There is no IPTABLES rules

[Squid.Conf]
http_port 8080
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 100 16 256
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 5050 # yahoo messenger TCP
acl Safe_ports port 5100 # yahoo messenger webcam TCP
acl Safe_ports port 5000 # yahoo messenger voice TCP/UDP
acl Safe_ports port 5001 # yahoo messenger voice TCP
acl Safe_ports port 5010 # yahoo messenger voice UDP
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl mynet src 10.0.0.0/8
http_access allow mynet
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all

httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


Any Idea ???
Thanks in Advance

Regards,
AK
Eyes Never Says Lies
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re: Yahoo Problem

Post by LinuxFreaK »

Dear A_Karim,
Salam,
A_Karim wrote:I have problem connecting Yahoo Messenger with No Proxies using Squid as Proxy Server . MSN working fine.I am using Cable Net.

Scenario
Transparent Proxy - 192.168.1.1
My Squid Proxy -
eth1 = 192.168.1.2
eth0 = 10.0.0.1
My Cable wala running transparent proxy with MAC address filtering and by using his setting me and my users running applications fine.
But i want my users using my squid server as proxy by setting 10.0.0.1 as proxy and it works fine for rest of application only yahoo messenger does not working with No Proxies. There is no IPTABLES rules

[Squid.Conf]
http_port 8080
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 100 16 256
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 5050 # yahoo messenger TCP
acl Safe_ports port 5100 # yahoo messenger webcam TCP
acl Safe_ports port 5000 # yahoo messenger voice TCP/UDP
acl Safe_ports port 5001 # yahoo messenger voice TCP
acl Safe_ports port 5010 # yahoo messenger voice UDP
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl mynet src 10.0.0.0/8
http_access allow mynet
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all

httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Can you please let us know your firewall rules ?

Best Regards.
Farrukh Ahmed
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Post by A_Karim »

Dear LinuxFreaK,
wsalam
i mention that there is no firewall rule on my squid proxy.
Eyes Never Says Lies
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Re: Yahoo Problem

Post by kbukhari »

A_Karim wrote:Assalam-o-Alikum
I have problem connecting Yahoo Messenger with No Proxies using Squid as Proxy Server . MSN working fine.I am using Cable Net.

Scen

SNIP------

Any Idea ???
Thanks in Advance

Regards,
AK
Squid is an HTTP proxy and has nothing to do with yahoo
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

Dear,

You can use following setting.


#/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

#/sbin/iptables -A POSTROUTING -t nat -s 10.0.0.0/8 -o eth1 -j MASQUERADE

#/sbin/iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80
-j REDIRECT --to-port 8080

Above are three commands running these three commands and check and let me know.

Regards,
Noman Liaquat
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Post by A_Karim »

Dear,

You can use following setting.


#/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

#/sbin/iptables -A POSTROUTING -t nat -s 10.0.0.0/8 -o eth1 -j MASQUERADE

#/sbin/iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80
-j REDIRECT --to-port 8080

Above are three commands running these three commands and check and let me know.

Regards,
Noman Liaquat
First of all thanks to all for replying.
By applying above three commands mentioned by Noman Bahi Yahoo still unable to connect with No Proxies.By the way im using Red Hat Enterprise Linux AS release 4 (Nahant Update 3).

[iptables]
# Generated by iptables-save v1.2.11 on Mon Sep 3 12:58:13 2007
*filter
:INPUT ACCEPT [207610:112847013]
:FORWARD ACCEPT [481:35652]
:OUTPUT ACCEPT [176564:135397686]
COMMIT
*nat
:PREROUTING ACCEPT [24813:5313083]
:POSTROUTING ACCEPT [2681:245515]
:OUTPUT ACCEPT [2518:234656]
COMMIT


After running above three commands

# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
tcp -- 192.168.0.0/24 anywhere tcp dpt:http
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


[access.log]
1190241283.868 768 10.255.247.94 TCP_MISS/200 358 POST http://207.46.111.76/gateway/gateway.dll? - DIRECT/207.46.111.76 application/x-msn-messenger

Can anybody tell me whats wrong with squid or any othere settings.

Regards,
AK
Eyes Never Says Lies
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Post by A_Karim »

No solution ? any idea ???

Regards,
AK
Eyes Never Says Lies
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

A_Karim wrote:No solution ? any idea ???

Regards,
AK
check iptables -nvL -t nat
and see are you getting matches ?
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Post by A_Karim »

kbukhari wrote:
check iptables -nvL -t nat
and see are you getting matches ?
here is output

# iptables -nvL -t nat

Chain PREROUTING (policy ACCEPT 4411 packets, 567K bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080

Chain POSTROUTING (policy ACCEPT 1162 packets, 105K bytes)
pkts bytes target prot opt in out source destination
1 198 MASQUERADE all -- * eth1 10.0.0.0/8 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 1162 packets, 105K bytes)
pkts bytes target prot opt in out source destination

Any clue or solution please ?

Regards,
AK
Eyes Never Says Lies
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

evry thing is fine then why only one packet 1 198 MASQUERADE all -- * eth1 10.0.0.0/8 0.0.0.0/0
what the gateway of your client computer ?
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Post by A_Karim »

Assalam-o-Aliakum to all
sry for late reply

Gateway for client computers = 10.255.255.251

All the settings on client side comes from transparent proxy ( Cable Wala) through DHCP and my own squid also using same gateway.

any hint ? or idea ??

Regards,
AK
Eyes Never Says Lies
A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Post by A_Karim »

Assalam-o-Aliakum to All

My yahoo messenger problem has been solved by setting gateway but thanks to all for ur guidance and solutions.

Regards,
AK
Eyes Never Says Lies
Post Reply