HPE Community
Operating System - Linux
1825803 Members
2519 Online
109687 Solutions
New Discussion

Re: squid+iptables: cant access stels.sec.samsung.com only - plz help

 
Maaz
Valued Contributor

‎04-12-2007 12:06 AM

‎04-12-2007 12:06 AM

squid+iptables: cant access stels.sec.samsung.com only - plz help

Dear Experts
OS: SUSE Enterprise Server 10
#rpm -q iptables
iptables-1.3.5-13.2
#rpm -q squid
squid-2.5.STABLE12-18.2
Squid server is configured to run as a transparent proxy server. iptables, and squid are running on a single machine.

Dear all I have attached the
/etc/squid/squid.conf, /var/log/squid/access.log and iptables-script file, ... every thing is working fine users can browse almost all website and can chat using msn, and yahoo mesengers.

Prblm: ;(
when any client(either using win xp+IE, or either Linux+firefox) try to access the http://stels.sec.samsung.com/, browser doesnt show any thing, i.e web browser shows the blank page, while on status bar of web-browser(IE, or Firefox), it shows the status "Done".
But when I connect any of the client machine to the internet directly, i can access http://stels.sec.samsung.com/ ... no prblm

plz help, what should I do, so that my clients can access http://stels.sec.samsung.com/ if they are behind Proxy+Firewall server

Thanks in anticipation
Regards
Maaz
0 Kudos
8 REPLIES 8
Ivan Ferreira
Honored Contributor

‎04-12-2007 02:42 AM

‎04-12-2007 02:42 AM

Re: squid+iptables: cant access stels.sec.samsung.com only - plz help

Try using the no_cache option.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Maaz
Valued Contributor

‎04-12-2007 06:26 PM

‎04-12-2007 06:26 PM

Re: squid+iptables: cant access stels.sec.samsung.com only - plz help

Thanks Ivan for help
i add the following in squid.conf


acl SAMSUNG1 urlpath_regex http://stels.sec.samsung.com/front/login/index.jsp
acl SAMSUNG2 urlpath_regex http://stels.sec.samsung.com

acl SAMSUNG3 url_regex http://stels.sec.samsung.com/front/login/index.jsp
acl SAMSUNG4 url_regex http://stels.sec.samsung.com


no_cache deny SAMSUNG1
no_cache deny SAMSUNG2
no_cache deny SAMSUNG3
no_cache deny SAMSUNG4

then
#squid -k reconfigure
but still fail to access http://stels.sec.samsung.com

Plz help
Regards
Maaz
0 Kudos
Maaz
Valued Contributor

‎04-12-2007 10:46 PM

‎04-12-2007 10:46 PM

Re: squid+iptables: cant access stels.sec.samsung.com only - plz help

hope that the tcpdump output might assist you experts to diagnose/troublshoot the prblm I am facing.

here is the tcpdump output, on the gateway(Squid+Iptables) machine, when a client(10.0.0.121) was accessing http://stels.sec.samsung.com

#tcpdump -i $LAN_IN
15:25:04.148664 IP 10.0.0.121.59634 > 210.118.63.200.http: S 1408602740:1408602740(0) win 5840
15:25:04.148745 IP 210.118.63.200.http > 10.0.0.121.59634: S 981193054:981193054(0) ack 1408602741 win 5792
15:25:04.148857 IP 10.0.0.121.59634 > 210.118.63.200.http: . ack 1 win 1460
15:25:04.149908 IP 10.0.0.121.59634 > 210.118.63.200.http: P 1:423(422) ack 1 win 1460
15:25:04.149960 IP 210.118.63.200.http > 10.0.0.121.59634: . ack 423 win 1716
15:25:04.916057 IP 210.118.63.200.http > 10.0.0.121.59634: P 1:727(726) ack 423 win 1716
15:25:04.916309 IP 10.0.0.121.59634 > 210.118.63.200.http: . ack 727 win 1823
15:25:04.920789 IP 210.118.63.200.http > 10.0.0.121.59634: F 727:727(0) ack 423 win 1716
15:25:04.926239 IP 10.0.0.121.59634 > 210.118.63.200.http: F 423:423(0) ack 728 win 1823
15:25:04.926316 IP 210.118.63.200.http > 10.0.0.121.59634: . ack 424 win 1716

# tcpdump $INTERNET
15:25:04.151202 IP gateway.test.net.36322 > 210.118.63.200.http: S 974394621:974394621(0) win 5840
15:25:04.499294 IP 210.118.63.200.http > gateway.test.net.36322: S 273525633:273525633(0) ack 974394622 win 5792
15:25:04.499366 IP gateway.test.net.36322 > 210.118.63.200.http: . ack 1 win 1460
15:25:04.499577 IP gateway.test.net.36322 > 210.118.63.200.http: P 1:525(524) ack 1 win 1460
15:25:04.875427 IP 210.118.63.200.http > gateway.test.net.36322: . ack 525 win 6432
15:25:04.915368 IP 210.118.63.200.http > gateway.test.net.36322: P 1:610(609) ack 525 win 6432
15:25:04.915421 IP gateway.test.net.36322 > 210.118.63.200.http: . ack 610 win 1765
15:25:04.920441 IP 210.118.63.200.http > gateway.test.net.36322: F 610:610(0) ack 525 win 6432
15:25:04.920960 IP gateway.test.net.36322 > 210.118.63.200.http: F 525:525(0) ack 611 win 1765
15:25:05.262242 IP 210.118.63.200.http > gateway.test.net.36322: . ack 526 win 6432

Regards
Maaz
0 Kudos
Steven E. Protter
Exalted Contributor

‎04-14-2007 04:27 PM

‎04-14-2007 04:27 PM

Re: squid+iptables: cant access stels.sec.samsung.com only - plz help

Shalom,

There may be a DNS or networking problem at the site you mention causing this. Or it may be a fault in the squid proxy server and you may wish to file a bugzilla on this.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Huc_1
Honored Contributor

‎04-14-2007 06:36 PM

‎04-14-2007 06:36 PM

Re: squid+iptables: cant access stels.sec.samsung.com only - plz help

Hello Maaz, from home "Brussels" I did a scan of stels.sec.samsung.com and I do see only

Interesting ports on 210.118.63.200:
Not shown: 1678 filtered ports
PORT STATE SERVICE
80/tcp open http
8080/tcp open http-proxy

Nmap finished: 1 IP address (1 host up) scanned in 77.235 seconds

I then try a coonection from linux -> firefox -> this show a loading text inside browser page if I click on this the mouse arrow becoms busy and stays that way, nerver end loading. .... BUT it does load if I allow javascripts to run from firefox..

Have you solved this ?...

or is only true to some of use only ?
keep us informed, of where problem did lie if you know this.

what ever, Enjoy life.

Jean-Pierre Huc

Smile I will feel the difference
0 Kudos
Maaz
Valued Contributor

‎04-15-2007 08:17 PM

‎04-15-2007 08:17 PM

Re: squid+iptables: cant access stels.sec.samsung.com only - plz help

Thanks Dear SEP, and HUC for reply

Dear SEP
>here may be a DNS or networking problem at the site you mention causing >this.
I dont think becuase, we can access http://stels.sec.samsung.com, when we bypass the squid.

>Or it may be a fault in the squid proxy server and you may wish to file a >bugzilla on this.
Yes.. I have submitted the bug at http://www.squid-cache.org/bugs/ and the Bug# is "1934"

Dear HUC
>BUT it does load if I allow javascripts to run from firefox.
I think Javascript is enabled by-default.
firefox > Edit > Preferences > Content
Enable Java
Enable JavaScript
both options are enabled(check)
As I have said that with default IE/Firefox settings, I can access http://stels.sec.samsung.com... only when machines are not behind the Squid(i.e connected to the internet directly)
But once machines are behind squid, I cant access http://stels.sec.samsung.com.

>Have you solved this ?...
NOPE ;(

>keep us informed, of where problem did lie if you know this.
I am not sure, but all the evidence shows, that this is a squid bug

Thanks n Regards
0 Kudos
Maaz
Valued Contributor

‎04-16-2007 12:08 AM

‎04-16-2007 12:08 AM

Re: squid+iptables: cant access stels.sec.samsung.com only - plz help

downloaded the latest version of squid(2.6-STABLE), and this version of squid works quite fine i.e I can access http://stels.sec.samsung.com, using squid.
then obviously... the bug is in the squid binary version(Squid-2.5.STABLE12-18.2) shiped with SUSE Enterprise 10.

Thanks
Regards
Maaz
0 Kudos
Maaz
Valued Contributor

‎04-17-2007 04:49 PM

‎04-17-2007 04:49 PM

Re: squid+iptables: cant access stels.sec.samsung.com only - plz help

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.