TechQA.

Squid proxy on cent os blocks everything

48 views Asked by At

When I install squid forward proxy on a centos 7 vm and then tell a ubuntu vm to use the centos vm as a proxy squid blocks everything, this happens even if i create a new centos vm and install a fresh version of squid. If i change nothing in squid the problem still persists. I have created these vms in esxi 8

i have tried writing in the squid.conf file http_access allow all.

centos squid esxi
Original Q&A
1

There are 1 answers

0
nikolay On

Can you post your config? Are you using Squid on CentOS 7 with SELinux enabled? Do the command getenforce to find out. If its output says Enforcing, then SELinux is enabled and you should interact (start/stop/make changes) to Squid the same way the RedHat documentation specifies.

With Squid, you should add a new acl in the config that references your Ubuntu servers ip.
Example: acl ubuntu src 216.128.143.117/32

Then, you should add a new http_access directive that allows your acl to access Squid.
Example: http_access allow ubuntu

I have a feeling you are using a local ip address, so you'll have ensure Squid is configured to allow traffic from local IPs. If you are adding an http_access allow all directive (not reccomended), then make sure it's above the http_access deny all directive, if it exists.

On Ubuntu, you can enable an http/s proxy by doing:
export http_proxy="http://{host}:{port}/" for an http proxy, and
export https_proxy="https://{host}:{port}/" for an https proxy.
This will forward all http and https requests to the server specified.

Add those directives to a users .bashrc file to make it permanent for that user, or add them to /etc/environment to make it permanent systemwide.


In case you're still struggling, I tested it out myself and got it working within minutes.
I deployed 2 servers on Vultr in Dallas, Texas:
One running CentOS 7 SELinux, and the other Ubuntu 22.04 LTS.

On the CentOS server, I did the following:
sudo yum update
sudo yum install squid
sudo firewall-cmd --add-port=3128/tcp --permanent
sudo firewall-cmd --reload
nano /etc/squid/squid.conf and added:
acl ubuntu src 216.128.143.117/32 and http_access allow ubuntu
Then, I did systemctl start squid.service

My squid.conf looked like this:

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
##########
acl ubuntu src 216.128.143.117/32
##########
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
##########
http_access allow ubuntu
##########
# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

On the Ubuntu server, I did:
sudo apt-get update
export http_proxy="http://216.128.131.111:3128/"
export https_proxy="https://216.128.131.111:3128/"
Then I did curl ipinfo.io/ip and the response was 216.128.131.111, my CentOS server ip.

Related Questions in CENTOS

Related Questions in SQUID

Related Questions in ESXI

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions