Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Squid vs iptables = no Squid access.log?
Special Forums IP Networking Squid vs iptables = no Squid access.log? Post 302606398 by theWojtek on Sunday 11th of March 2012 10:27:33 AM
Old 03-11-2012
Squid vs iptables = no Squid access.log?
Hello,

I have a pretty useless satellite link at home (far from any civilization), so I wanted to set up caching in order to speed things up. My Squid 2.6 runs "3128 transparent" and is set up quite well on a separate machine.
I also have my dd-wrt router to move all port 80 traffic through proxy:
Code:
#!/bin/sh
PROXY_IP=192.168.0.12
PROXY_PORT=3128
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -

However, when I look into squid logs, they only grow when the proxy is set explicitly in browsers setup (manually). The access.log doesn't grow once the settings are cleared.

My expectations: if I have my router move all the port 80 traffic through squid, it should show up in the access.log

Any ideas?

---------- Post updated at 03:27 PM ---------- Previous update was at 01:17 PM ----------

OK, seems I've narrowed down the thing... What I want to do is route port 80 traffic from my network to the Squid. However - I do not want the traffic from Squid to the Internet to be looped back (Squid server is on the same subnet).
I already know why the logs didn't grow - the traffic wasn't routed to Squid at all! Point is, I have no idea on how to identify ethN ports in my router, so I assumed br0 would be OK. Apparently it isn't.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Help Me Squid Server

Hello! I'm trying config Squid Cache Server...Where ? Can me find document about config Squid (Basic)... Thanks you (4 Replies)
Discussion started by: binhnx2000
4 Replies

2. Shell Programming and Scripting

SH script to split squid log by date

Hi, I really need your help to make a script to split a large squid's log file into a multiple files, each of them containing the log entries for every logged date. To achieve the result I planned to use the function "date" with the first log field as a parameter using this syntax: date -d... (4 Replies)
Discussion started by: _MCRH_
4 Replies

3. UNIX and Linux Applications

How to redirect to squid login web page when internet access

Hi , I am new user. As you know when acl is defined in /etc/squid/squid.conf file according to its http_access users are able to access internet. Before that .htaccess asks them to access internet. It is fine. I saw in some customised linux servers in place of .htaccess login ,html web page... (1 Reply)
Discussion started by: sandeepvson
1 Replies

4. Emergency UNIX and Linux Support

Configure Squid to use LDAP group auth to deny internet access

Hi all We have squid-2.5.STABLE11-3.FC4 running in our environment. LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group.... (1 Reply)
Discussion started by: wbdevilliers
1 Replies

5. IP Networking

squid and iptables

Hello all I have a little network as described below. A Linux router/proxy with the External interface: 192.168.121.240 Internal interface: 10.0.0.2 and a DMZ interface: 10.1.0.2 On the DMZ i have a linux with ip: 10.1.0.10 and apache2, php5, mysql and samba installed. On the internal... (0 Replies)
Discussion started by: davano
0 Replies

6. UNIX for Advanced & Expert Users

squid: Allow access to only one site and only via 80 or 443

Can someone please give me the conf file line to allow access to myexample.com and only that site, and only through http and https? So far I have only that site accessible via http, but all https sites are opened. Squid 3.1 on Cent 6 ---------- Post updated at 12:06 PM ---------- Previous... (0 Replies)
Discussion started by: glev2005
0 Replies

7. Emergency UNIX and Linux Support

[solved] Block access to all sites except one using Squid

I need a Squid config that allows access to only one domain: .example.com Traffic should only be allowed through if coming from 10.100.0.0/24 and only port 80 (http) and port 443 (https) traffic should be allowed through, but again, only to this ONE domain. It Must be Squid (no iptables... (3 Replies)
Discussion started by: glev2005
3 Replies

8. UNIX for Advanced & Expert Users

Change Log Path for Squid on Centos 6

I searched and did not find a useful answer. Can someone please tell me the best practice to change the log directory from /var/log to /opt/squid? (4 Replies)
Discussion started by: glev2005
4 Replies

9. Proxy Server

How to use Squid on Linux to control certain IP to access Web Server and certain IP cannot access?

Dear all experts here, :) I would like to install a proxy server on Linux server to perform solely to control the access of Web server. In this case, some of my vendor asked me to try Squid and I have installed it onto my Linux server. I would like know how can I set the configuration to... (1 Reply)
Discussion started by: kwliew999
1 Replies

LEARN ABOUT DEBIAN

squid3_radius_auth

squid_radius_auth(8)					      System Manager's Manual					      squid_radius_auth(8)

NAME

       squid_radius_auth - Squid RADIUS authentication helper

SYNOPSIS

       squid_radius_auth -f configfile
       squid_radius_auth -h "server" [-p port] [-i identifier] -w secret

DESCRIPTION

       This helper allows Squid to connect to a RADIUS server to validate the user name and password of Basic HTTP authentication.

       -f configfile
	      Specifies the path to a configuration file. See the CONFIGURATION section for details.

       -h server
	      Alternative method of specifying the server to connect to

       -p port
	      Specify  another	server	port where the RADIUS server listens for requests if different from the default RADIUS port.  Normally not
	      specified.

       -i identifier
	      Unique identifier identifying this Squid proxy to the RADIUS server.  If not specified the IP address is used  as  to  identify  the
	      proxy.

       -w secret
	      Alternative method of specifying the shared secret. Using the configuration file is generally more secure and recommended.

       -t timeout
	      RADIUS request timeout. Default 10 seconds.

CONFIGURATION

       The configuration specifies how the helper connects to RADIUS.  The file contains a list of directives (one per line). Lines beginning with
       a # is ignored.

       server radiusserver
	      specifies the name or address of the RADIUS server to connect to.

       secret somesecretstring
	      specifies the shared RADIUS secret.

       identifier nameofserver
	      specifies what the proxy should identify itsels as to the RADIUS server.	This directive is optional.

       port portnumber
	      Specifies the port number or service name where the helper should connect.

AUTHOR

       This manual page was written by Henrik Nordstrom <hno@squid-cache.org>

       squid_radius_auth is written by Marc van Selm <selm@cistron.nl> with contributions from Henrik  Nordstrom  <hno@squid-cache.org>  and  many
       others

QUESTIONS

       Any  questions on usage can be sent to Squid Users <squid-users@squid-cache.org>, or to your favorite RADIUS list/friend if the question is
       more related to RADIUS than Squid.

REPORTING BUGS

       Report bugs or bug-fixes to Squid Bugs <squid-bugs@squid-cache.org> or ideas for new improvements  to  Squid  Developers  <squid-dev@squid-
       cache.org>

SEE ALSO

       RFC2058 - Remote Authentication Dial In User Service (RADIUS)

Squid RADIUS Auth						   7 August 2004					      squid_radius_auth(8)
All times are GMT -4. The time now is 12:39 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy