Hi! i am trying to set up squid just so i can monitor traffic and web caching my network is 192.168.1.0/255.255.255.0 i found a config file that i modified a little. i started squid (no errors) but when i set my browser (on an other pc) to use the proxy i get "proxy server is refusing connections" here is my config: visible_hostname squidtest.mansef unique_hostname squidtest.mansef # The port on which squid will listen for requests http_port 8080 # If 'cgi-bin' or '?' is in query, squid should not check with neighbours'/parents' cache # and should go to target web-server. hierarchy_stoplist cgi-bin ? # If url contains 'cgi-bin' or '?', then it must not be cached acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache #broken_vary_encoding allow apache # Absolute path to squid access log. access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # Access control list to control every IP address #TEST acl all src 0.0.0.0/0.0.0.0 acl network src 192.168.1.0/255.255.255.0 # Access control list for source machine in LAN acl lan_src src 192.168.1.0/24 # Access control list for destination machine in LAN acl lan_dst dst 192.168.1.0/24 # Access control list to manage squid cache acl manager proto cache_object # Access control list to define IP address allowed for source localhost acl localhost src 127.0.0.1/255.255.255.255 # Access control list to define IP addresses allowed for localhost as destination acl to_localhost dst 127.0.0.0/8 # Access control list to define Safe ports that should be allowed by default acl SSL_ports port 443 563 1863 5190 5222 5050 6667 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #TEST http_access allow network icp_access allow network # Allow cache management only from localhost http_access allow manager localhost # Deny cache management from remote hosts http_access deny manager # Deny http access via all the ports which are not listed as safe http_access deny !Safe_ports # Deny all connections via all ports which are not listed as safe http_access deny CONNECT !SSL_ports # Allow http access from localhost http_access allow localhost # Allow http access from machines on LAN http_access allow lan_src http_access deny all http_reply_access allow all icp_access allow all # Deny caching for everyone so that there is not caching at all cache deny all coredump_dir /var/spool/squid # Never allow direct connection to machines on the internet prefer_direct off never_direct allow all # Allow direct connetion if the destination machine is on LAN always_direct allow lan_dst # Delete this line if you don't have /etc/hosts file hosts_file /etc/hosts # Allow AIM connections # Delete the following 9 lines if you don't want people to connect to AIM acl AIM_ports port 5190 9898 6667 acl AIM_domains dstdomain .oscar.aol.com .blue.aol.com .freenode.net acl AIM_domains dstdomain .messaging.aol.com .aim.com acl AIM_hosts dstdomain login.oscar.aol.com login.glogin.messaging.aol.com toc.oscar.aol.com irc.freenode.net acl AIM_nets dst 64.12.0.0/255.255.0.0 acl AIM_methods method CONNECT http_access allow AIM_methods AIM_ports AIM_nets http_access allow AIM_methods AIM_ports AIM_hosts http_access allow AIM_methods AIM_ports AIM_domains # Allow connections to Yahoo Messenger # Delete the following 6 lines if you don't want people to connect to Yahoo Messenger acl YIM_ports port 5050 acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp acl YIM_methods method CONNECT http_access allow YIM_methods YIM_ports YIM_hosts http_access allow YIM_methods YIM_ports YIM_domains # Allow connections to Google Talk # Delete the following 6 lines if you don't want people to connect to Google Talk acl GTALK_ports port 5222 5050 acl GTALK_domains dstdomain .google.com acl GTALK_hosts dstdomain talk.google.com acl GTALK_methods method CONNECT http_access allow GTALK_methods GTALK_ports GTALK_hosts http_access allow GTALK_methods GTALK_ports GTALK_domains # Allow connections to MSN # Delete the following 6 lines if you don't want people to connect to Google Talk acl MSN_ports port 1863 443 1503 acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com acl MSN_hosts dstdomain messenger.hotmail.com acl MSN_nets dst 207.46.111.0/255.255.255.0 acl MSN_methods method CONNECT http_access allow MSN_methods MSN_ports MSN_hosts please help!!
May be a firewall is blocking connections to port 8080 on the proxy can you connect via telnet ? Code: telnet proxy_server 8080
That's beside the point, can you telnet to any of those ports. I ran into this situation myself on a VPS. Turned out the host installed a software firewall onto each VPS, and I had to go in and ask for every individual port that I needed to be open. You could be using ports that are all closed. You need to see if you can telnet in.
thats the same problem i am suffering from , i am also not able to connect to my server on which i have installed squid, i have tried on many ports , but each and every port is blocked,,, do u have a solution?
