Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Squid Configuration Help
Top Forums UNIX for Dummies Questions & Answers Squid Configuration Help Post 302555013 by DGPickett on Tuesday 13th of September 2011 03:35:06 PM
Old 09-13-2011
Yes, you can define it as localhost, sorta like Spybot S&D Immunize, in the local domain server, and everyone under it will be flummoxed! We did somethng like this once for aol.com, pointing inside people to a firewall proxy.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Help Me Squid Server

Hello! I'm trying config Squid Cache Server...Where ? Can me find document about config Squid (Basic)... Thanks you (4 Replies)
Discussion started by: binhnx2000
4 Replies

2. Linux

Problem with SQUID

hi all... i installed Red Hat 9...but i can use a proxy server with service squid... in my job i have a direct internet connection in the linux, but i configurate squid.conf...ports...ip's.... but still not working...with the windows machines.... in the linux server if i put the 127.0.0.0 port... (1 Reply)
Discussion started by: chanfle
1 Replies

3. Shell Programming and Scripting

squid anonymizer

Hello; some sites describe how to anonymize the squid the web browsing by inserting the following cods to “http.c” file that located on “src” directory.(when we install squid manually) but I have installed putty via “yum” command , and the files and directories are not similar the manually... (0 Replies)
Discussion started by: globalvpn
0 Replies

4. UNIX for Dummies Questions & Answers

Squid Configuration problem

I have squid version 2.6 running on ubuntu linux as a proxycache although caching is not being used, the problem I have is that certain websites that require the user to log into do not seem to pass through the squid, the only thing I see is that the website is trying to access a file called... (1 Reply)
Discussion started by: Simon Young
1 Replies

5. Emergency UNIX and Linux Support

Squid acls

Hi guys, There is a line in squid default configuration: # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports acls are applied from top down, so CONNECT acl will deny access to all non SSL and SSL ports. I mean it never reaches the second access rule. (0 Replies)
Discussion started by: majid.merkava
0 Replies

6. IP Networking

SQUID Proxy server configuration

Can any one direct me to the resources where I can find in-depth instructions on Squid Proxy server and its configuration? Thanks in advance.:) (1 Reply)
Discussion started by: admin_xor
1 Replies

7. UNIX for Advanced & Expert Users

Squid Dynamic Proxy Server Configuration

Hello all, I am trying to configure squid proxy server for different organizations. These organizations will have different blocked ports, different acls, etc. But, I can use only one proxy server for this purpose. Thinking of making a shell script with iptables and squid. For an example: a... (1 Reply)
Discussion started by: admin_xor
1 Replies

8. IP Networking

Squid vs iptables = no Squid access.log?

Hello, I have a pretty useless satellite link at home (far from any civilization), so I wanted to set up caching in order to speed things up. My Squid 2.6 runs "3128 transparent" and is set up quite well on a separate machine. I also have my dd-wrt router to move all port 80 traffic through... (0 Replies)
Discussion started by: theWojtek
0 Replies

9. Linux

squid + AD configuration issues

Hi, I am new in squid. We need to make our squid users to be authenticated by Windows AD. The squid proxy is installed on SuSE linux. Here are AD related settings: auth_param basic program /usr/sbin/squid_ldap_auth -P -R -v 3 \ -b "dc=mydomain,dc=com" \ -D cn=squid.bind,ou=service... (1 Reply)
Discussion started by: aixlover
1 Replies

10. UNIX and Linux Applications

Issues with squid

Hello, I have been trying to setup the following squid configuration http://veloso.org/SquidConfig/SquidConfig.html but every time I get to start squid I get the following error- 2012/05/28 10:31:12| WARNING: redirector #1 (FD 7) exited 2012/05/28 10:31:12| WARNING: redirector #2 (FD 9)... (2 Replies)
Discussion started by: jamie_123
2 Replies

LEARN ABOUT DEBIAN

xpainet

xpainet(7)							SAORD Documentation							xpainet(7)

NAME

       XPAInet -  XPA Communication Between Hosts

SYNOPSIS

       XPA uses standard inet sockets to support communication between two or more host computers.

DESCRIPTION

       When the Communication Method is set to inet (as it is by default), XPA can be used to communicate between different computers on the
       Internet.  INET sockets utilize the IP address of the given machine and a (usually random) port number to communicate between processes on
       the same machine or between different machines on the Internet.	These standard Internet sockets are also used by programs such as Net-
       scape, ftp. etc.

       XPA supports a host-based Access Control mechanism to prevent unauthorized access of XPA access points by other computers on the Net.  By
       default, only the machine on which the XPA server is running can access XPA services. Therefore, setting up communication between a local
       XPA server machine and a remote client machine requires a two-part registration process:

       o   the XPA service on the local machine must be made known to the remote machine

       o   the remote machine must be given permission to access the local XPA service

       Three methods by which this remote registration can be accomplished are described below.

       Manual Registration

       The first method is the most basic and does not require the remote client to have xpans running.  To use it, the local server simply gives
       a remote client machine access to one or more XPA access points using xpaset and the -acl sub-command. For example, consider the XPA test
       program "stest" running on a local machine.  By default the access control for the access point named "xpa" is restricted to that machine:

	 [sh]$ xpaget xpa -acl
	 *:* 123.456.78.910 gisa
	 *:* localhost gisa

       Using xpaset and the -acl sub-command, a remote client machine can be given permission to perform xpaget, xpaset, xpaaccess, or xpainfo
       operations.  For example, to allow the xpaget operation, the following command can be issued on the local machine:

	 [sh]$ xpaset -p xpa -acl "remote_machine g"

       This results in the following access permissions on the local machine:

	 [sh]$ xpaget xpa -acl
	 XPA:xpa 234.567.89.012 g
	 *:* 123.456.78.910 gisa
	 *:* localhost gisa

       The remote client can now use the local server's xpans name server to establish communication with the local XPA service. This can be done
       on a call-by-call basis using the -i switch on xpaset, xpaget, etc:

	 [sh]$ xpaget -i "local_machine:12345" xpa
	 class: XPA
	 name: xpa
	 method: 88877766:2778
	 sendian: little
	 cendian: big

       Alternatively, the XPA_NSINET variable on the remote machine can be set to point directly to xpans on the local machine, removing the need
       to override this value each time an XPA program is run:

	 [csh]$ setenv XPA_NSINET 'karapet:$port'
	 [csh]$ xpaget xpa
	 class: XPA
	 name: xpa
	 method: 88877766:2778
	 sendian: little
	 cendian: big

       Here, '$port' means to use the default XPA name service port (14285).  not a port environment variable.

       Access permission for remote client machines can be stored in a file on the local machine pointed to by the XPA_ACLFILE environment vari-
       able or using the XPA_DEFACL environment variable. See <A HREF="./acl.html">XPA Access Control for more information.

       Remote Registration

       If xpans is running on the remote client machine, then a local xpaset command can be used with the -remote sub-command to register the
       local XPA service in the remote name service, while at the same time giving the remote machine permission to access the local service.  For
       example, assume again that "stest" is running on the local machine and that xpans is also running on the remote machine.  To register
       access of this local xpa on the remote machine, use the xpaset and the -remote sub-command:

	 [sh]$ ./xpaset -p xpa -remote 'remote_machine:$port' +

       To register the local xpa access point on the remote machine with xpaget access only, execute:

	 [sh]$ ./xpaset -p xpa -remote 'remote_machine:$port' g

       Once the remote registration command is executed, the remote client machine will have an entry such as the following in its own xpans name
       service:

	 [csh]$ xpaget xpans
	 XPA xpa gs 88877766:2839 eric

       The xpa access point can now be utilized on the remote machine without further setup:

	 [csh]$ xpaget xpa
	 class: XPA
	 name: xpa
	 method: 838e2f68:2839
	 sendian: little
	 cendian: big

       To unregister remote access from the local machine, use the same command but with a '-' argument:

	 [sh]$ xpaset -p xpa -remote 'remote_machine:$port' -

       The benefit of using remote registration is that communication with remote access points can be mixed with that of other access points on
       the remote machine.  Using Access Point Names and Templates, one XPA command can be used to send or receive messages to the remote and
       local services.

       XPANS Proxy Registration

       The two methods described above are useful when the local and remote machines are able to communicate freely to one another. This would be
       the case on most Local Area Networks (LANs) where all machines are behind the same firewall and there is no port blocking between machines
       on the same LAN.  The situation is more complicated when the XPA server is behind a firewall, where outgoing connections are allowed, but
       incoming port blocking is implemented to prevent machines outside the firewall from connecting to machines inside the firewall. Such incom-
       ing port blocking will prevent xpaset and xpaget from connecting to an XPA server inside a firewall.

       To allow locally fire-walled XPA services to register with remote machines, we have implemented a proxy service within the xpans name
       server. To register remote proxy service, xpaset and the -remote sub-command is again used, but with an additional -proxy argument added
       to the end of the command:

	 [sh]$ ./xpaset -p xpa -remote 'remote_machine:$port' g -proxy

       Once a remote proxy registration command is executed, the remote machine will have an entry such as the following in its own xpans name
       service:

	 [csh]$ xpaget xpans
	 XPA xpa gs @88877766:2839 eric

       The '@' sign in the name service entry indicates that xpans proxy processing is being used for this access point. Other than that, from the
       user's point of view, there is no difference in how this XPA access point is contacted using XPA programs (xpaset, xpaget, etc.) or
       libraries:

	 [csh]$ xpaget xpa
	 class: XPA
	 name: xpa
	 method: 88877766:3053
	 sendian: little
	 cendian: big

       Of course, the underlying processing of the XPA requests is very much different when xpans proxy is involved. Instead of an XPA program
       such contacting the XPA service directly, it contacts the local xpans.  Acting as a proxy server, xpans communicates with the XPA service
       using the command channel established at registration time. Commands (including establishing a new data channel) are sent between xpans and
       the XPA service to set up a new message transfer, and then data is fed to/from the xpa request, through xpans, from/to the XPA service. In
       this way, it can be arranged so that connections between the fire-walled XPA service and the remote client are always initiated by the XPA
       service itself. Thus, incoming connections that would be blocked by the firewall are avoided. Note that there is a performance penalty for
       using the xpans/proxy service.  Aside from extra overhead to set up proxy communication, all data must be sent through the intermediate
       proxy process.

       The xpans proxy scheme requires that the remote client allow the local XPA server machine to connect to the remote xpans/proxy server. If
       the remote client machine also is behind a port-blocking firewall, such connections will be disallowed. In this case, the only solution is
       to open up some ports on the remote client machine to allow incoming connections to xpans/proxy. Two ports must be opened (for command and
       data channel connections). By default, these two ports are 14285 and 14287. The port numbers can be changed using the XPA_NSINET environ-
       ment variable. This variable takes the form:

	 setenv XPA_NSINET machine:port1[,port2[,port3]]

       where port1 is the main connecting port, port2 is the XPA access port, and port3 is the secondary data connecting port. The second and
       third ports are optional and default to port1+1 and port1+2, respectively.  It is port1 and port3 that must be left open for incoming con-
       nections.

       For example, to change the port assignments so that xpans listens for registration commands on port 12345 and data commands on port 28573:

	 setenv XPA_NSINET myhost:12345

       Alternatively, all three ports can be assigned explicitly:

	 setenv XPA_NSINET remote:12345,3000,12346

       In this case 12345 and 12346 should be open for incoming connections.  The XPA access port (which need not be open to the outside world) is
       set to 3000.

       Finally, note that we currently have no mechanism to cope with Internet proxy servers (such as SOCKS servers). If an XPA service is running
       on a machine that cannot connect directly to outside machines, but goes through a proxy server instead, there currently is no way to regis-
       ter that XPA service with a remote machine.  We hope to implement support for SOCKS proxy in a future release.

SEE ALSO

       See xpa(7) for a list of XPA help pages

version 2.1.14							   June 7, 2012 							xpainet(7)
All times are GMT -4. The time now is 02:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy