simple question Installed squid right now all internet access is blocked

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

simple question Installed squid right now all internet access is blocked

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Antony Stone
On Thursday 16 August 2018 at 12:14:04, Oldman wrote:

> OK I am newbie so please bear with me
>
> I am just learning nothing special no serious project
>
> what to change in my conf so I can access internet :)

Let's start with some basics...

1. What operating system have you installed Squid onto?

2. Which version have you installed?

3. How did you install Squid?

4. Did you follow any documentation telling you how to install and configure
Squid?  If yes, show us the URL of the documentation you followed.

5. Are you using the standard Squid config file?  See
https://wiki.squid-cache.org/SquidFaq/ConfiguringSquid for examples.

6. Have you made any changes to the installed config file?  If so, give us
details.

7. I'm assuming you are using a browser to access web sites via Squid.  Have
you configured that browser to use a proxy, and entered the IP address and port
number of Squid so the browser knows where to find it?

8. You say "all Internet access is blocked".  Give us details of how you know
this - copy and paste error messages, tell us which application/s are
producing the messages, and preferably show us what appears in the Squid
access log when you try to access the Internet.

Basically, please understand that we can only help you if we know:

 - what you're trying to acheive
 - what you've done so far
 - what's going wrong

otherwise we're just making guesses about your computer, your network, and
your setup, which may be quite inaccurate.


Regards,


Antony.

--
I lay awake all night wondering where the sun went, and then it dawned on me.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Antony Stone
On Thursday 16 August 2018 at 12:35:40, Oldman wrote:

> See I took your invoice and deleted every thing
> installed Centos 6  32  bit in my VPS
>
> then yum install squid  I installed it

Okay, I'm going to guess that you're using Squid 3.4 then.

> I have configured my browser correctly and this is my conf file
>
> https://pastebin.com/raw/hxkMNbss

That looks much better than the first config file you showed us :)

Note that the cache_dir directive is still commented-out, so you won't be
doing any caching with that setup, but that's not important right now; it
won't be blocking access to web sites.


Now we just need an answer to my question 8.


Regards,


Antony.

--
Never automate fully anything that does not have a manual override capability.
Never design anything that cannot work under degraded conditions in emergency.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Antony Stone
On Thursday 16 August 2018 at 13:05:31, Oldman wrote:

> Abour your question number 8
>
> This is the screenshot
>
> https://ibb.co/j4DcLp
>
> I just tested trying to access websites

Okay, so firstly that tells me you're using Squid 3.1.23 and not 3.4 as I had
assumed for CentOS 6.

Secondly please tell us:

 - the IP address of the computer you're running the browser on

 - the IP address of the machine running Squid

 - what appears in Squid's access log (probably found at
/var/log/squid/access.log, but I'm not a CentOS user, so this might not be
completely accurate) when you try to visit a website.


Regards,


Antony.

--
I bought a book about anti-gravity.  The reviews say you can't put it down.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Antony Stone
On Thursday 16 August 2018 at 13:22:38, Oldman wrote:

> The answer is simple :)
>
> Are you kidding?

No.

> Why do you want my proxy  ip ?

Because it may be relevant to understanding why your proxy is disallowing
requests from your computer.

> I do not have the knowledge but did you think I was stupid?

No, I do not think you are stupid; you are clearly just inexperienced with
networking.

> Ha Ha  you do not want to help

You can believe that if you choose to.  I think I have been extremely helpful
to you so far, especially given the amount of information you have provided
about what you are trying to do and what problems you're running into.

At the very least, show us what appears in your Squid access log file when you
make a request from the browser.


Antony.

--
The Magic Words are Squeamish Ossifrage.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Alex Crow
If it's an internal/RFC1918  IP then it makes no difference to your
security in telling the list. If it's a public IP address then I hope
you have your squid firewalled off from the internet.

If you at least paste your access.log and cache.log it will help.

Alex


On 16/08/18 12:29, Oldman wrote:

> You wanted to know my server ip  and did you expect me to publish this
> online?
>
> I chose to beleive you are wasting my time :)
>
> I am sorry I do not want to be rude but you are wasting my time.
>
>
>
> --
> Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Antony Stone
In reply to this post by Oldman
On Thursday 16 August 2018 at 13:29:04, Oldman wrote:

> You wanted to know my server ip  and did you expect me to publish this
> online?

Well, let's just discuss "public" and "private" IP addresses for a moment.

If your proxy server's IP address starts with 192.168, then nobody on the
Internet can get to it - it is only accessible to you on your local network.

The same applies if the address starts with 10, or with 172 followed by
anything between 16 and 31.

If, on the other hand, your proxy's IP address does not match any of the
above, then you are running it on a public IP address, and your configuration
file is only allowing access from private addresses, which cannot be routed
over the Internet.

That would be an explanation of why your proxy is denying access to your
browser.

I would seriously question the wisdom of running a Squid proxy on a public IP
address given your level of knowledge about networking, however.

> I chose to beleive you are wasting my time :)
>
> I am sorry I do not want to be rude but you are wasting my time.

In fact, you are wasting mine.

You have come here to get help from people who know more about Squid and
networking than you do, and both I and others have spent time giving you
advice and helping you to achieve what you want.

If you do not want to give us the information we need to understand what your
setup is and what might be wrong with it, that's entirely up to you.


Regards,


Antony.

--
My life is going completely according to plan.

I do sometimes wish it had been *my* plan, though.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Antony Stone
In reply to this post by Alex Crow
On Thursday 16 August 2018 at 13:36:50, Alex Crow wrote:

> If it's an internal/RFC1918 IP then it makes no difference to your
> security in telling the list.

Just in case you (Oldman) don't understand this reference, it's a document
which explains in far more detail than I just did what a private IP address
is.

https://tools.ietf.org/html/rfc1918

You might find https://en.wikipedia.org/wiki/Private_network a little more
accessible.

> If it's a public IP address then I hope you have your squid firewalled off
> from the internet.

Hear hear.

> If you at least paste your access.log and cache.log it will help.

Agreed.

> On 16/08/18 12:29, Oldman wrote:
> > You wanted to know my server ip  and did you expect me to publish this
> > online?
> >
> > I chose to beleive you are wasting my time :)
> >
> > I am sorry I do not want to be rude but you are wasting my time.

Regards,


Antony.

--
Python is executable pseudocode.
Perl is executable line noise.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Amos Jeffries
Administrator
On 16/08/18 23:50, Antony Stone wrote:

> On Thursday 16 August 2018 at 13:36:50, Alex Crow wrote:
>
>> If it's an internal/RFC1918 IP then it makes no difference to your
>> security in telling the list.
>
> Just in case you (Oldman) don't understand this reference, it's a document
> which explains in far more detail than I just did what a private IP address
> is.
>
> https://tools.ietf.org/html/rfc1918
>
> You might find https://en.wikipedia.org/wiki/Private_network a little more
> accessible.
>
>> If it's a public IP address then I hope you have your squid firewalled off
>> from the internet.
>
> Hear hear.
>
>> If you at least paste your access.log and cache.log it will help.
>
> Agreed.

If it helps, I do not think the Squid IP is necessary at this point. The
error message happening shows the Browser is successfully contacting the
proxy. It just not permitted through.

Oldman:
 if you really don't want to reveal any of your IPs at all you can
replace them in the published details with a placeholder value. So long
as you pick a unique placeholder for each IP and use them consistently
through the discussion. So we can a) see clearly when two different IPs
are occuring (eg to point out when they should be the same etc.).


If you still don't want to say. Then all we can do is point you at the
FAQ about how to write access controls. Maybe it will teach you how to
write the necessary rules yourself.

 <https://wiki.squid-cache.org/SquidFaq/SquidAcl>

 see particularly the sections above "How do I allow my clients to use
the cache?".

That FAQ says (what I think is) the solution to your problem, but the
sections above the answer are needed to understand what values need
entering into *your* particular squid.conf which may differ from the FAQ
answer.

As Anthony said the 172.* IPs are already allowed in the default config
so a simple cut-n-paste of the FAQ example text into your squid.conf at
"INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS" won't
change anything.


HTH
Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Amos Jeffries
Administrator
On second thought; were you wanting to use authentication or something
other than IPs to permit access to the proxy? such as what that
installer script was trying to setup for you.
That would be a different solution, but also on that FAQ page at 8.1
"Using Proxy Authentication".

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Antony Stone
On Thursday 16 August 2018 at 14:47:39, Amos Jeffries wrote:

> On second thought; were you wanting to use authentication or something
> other than IPs to permit access to the proxy? such as what that installer
> script was trying to setup for you.

Based on "I am just learning nothing special no serious project" and "Just
creating squid proxy for home use, my kids and I was also curious", I thought
that was unlikely.

> That would be a different solution, but also on that FAQ page at 8.1
> "Using Proxy Authentication".

My guess is that Oldman has installed Squid on a Virtual Server he's obtained
from some Internet-based hosting provider, and is then trying to access it
from a browser on his home network.

If that's true (Oldman, I'm hoping you're still following this discussion, and
have realised that people are genuinely trying to help you), then the Squid
proxy will need a couple of lines such as:

        acl homenet src aa.bb.cc.dd
        http_access allow homenet

where aa.bb.cc.dd is the public IP of your home Internet connection.  If you
don't know what this is, you can find out from https://whatsmyip.com/ (without
using the proxy, of course).

I still advise extreme caution in running a Squid server on a public IP
address, however.


Regards,


Antony.

--
This email was created using 100% recycled electrons.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Alex K
In reply to this post by Oldman
Why i have the feeling that this is a troll?




On Thu, Aug 16, 2018, 14:29 Oldman <[hidden email]> wrote:
You wanted to know my server ip  and did you expect me to publish this
online?

I chose to beleive you are wasting my time :)

I am sorry I do not want to be rude but you are wasting my time.
Why you don't hire a tech then to set this up for you? You don't provide the requested info regardless how patiently it has been asked and you demand in the same time help... Providing internal ip details and not public ones has zero security implications...

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Antony Stone
On Thursday 16 August 2018 at 17:16:42, Alex K wrote:

> Why i have the feeling that this is a troll?

I know what you mean.  I had for the most part put Oldman's attitude down to
ignorance of networking and related technical stuff, however given the stunning
silence on his part since he accused us (or mostly me) of wanting to get
access to his Squid server and claiming that I was wasting his time, I'm
thinking that either:

a) you're right, and our collective reasonableness has made him realise that
we're not easily trolled, so he's gone somewhere else, or

b) he's considered that there might actually be something useful in what
several people here have been telling him, so he's gone away to read some more
(hopefully useful) documentation about Squid and how to use it.

Either way it bemuses me that someone who introduces himself as "not very
technical" chooses to have the email address [hidden email]

If he's the admin, I wonder what the user experience is like...

> On Thu, Aug 16, 2018, 14:29 Oldman <[hidden email]> wrote:
> > You wanted to know my server ip  and did you expect me to publish this
> > online?
> >
> > I chose to beleive you are wasting my time :)
> >
> > I am sorry I do not want to be rude but you are wasting my time.
>
> Why you don't hire a tech then to set this up for you? You don't provide
> the requested info regardless how patiently it has been asked and you
> demand in the same time help... Providing internal ip details and not
> public ones has zero security implications...

Oh well,


Antony.

--
The Royal Society for the Prevention of Cruelty to Animals was formed in 1824.
The National Society for the Prevention of Cruelty to Children was not formed
until 1884.
That says something about the British.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: simple question Installed squid right now all internet access is blocked

Vacheslav
In reply to this post by Alex K

What you could say, why do I feel like he is trolling, although I would still think this is slander, but of course condemning is much worse than slander!

 

From: squid-users <[hidden email]> On Behalf Of Alex K
Sent: Thursday, August 16, 2018 6:17 PM
To: Oldman <[hidden email]>
Cc: [hidden email]
Subject: Re: [squid-users] simple question Installed squid right now all internet access is blocked

 

Why i have the feeling that this is a troll?

 

 

 

On Thu, Aug 16, 2018, 14:29 Oldman <[hidden email]> wrote:

You wanted to know my server ip  and did you expect me to publish this
online?

I chose to beleive you are wasting my time :)

I am sorry I do not want to be rude but you are wasting my time.

Why you don't hire a tech then to set this up for you? You don't provide the requested info regardless how patiently it has been asked and you demand in the same time help... Providing internal ip details and not public ones has zero security implications...


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users