Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Squid cache - adding network address:port to accept connections
valtam

396 posts

Ultimate Geek
+1 received by user: 2


#69163 4-Oct-2010 15:54
Send private message

Hey,

I run a Squid cache at home, one of the best things I've done for my network this year.
I need to be able to see http://192.168.0.2:85 from 192.168.0.3 and at the moment I can't.

This is the error I get on 192.168.0.3:

https://cdn.geekzone.co.nz/imagessubs/blog0e495509eb9b481d0c911fabaed354b9.jpg

192.168.0.2 is where the apache server is. Port 85 refers to my MediaPortal EPG Guide.




Support a locally made Linux based Operating System, try Linux Lite.
Download Linux Lite

Create new topic
raab
262 posts

Ultimate Geek
Inactive user


  #387745 4-Oct-2010 16:02
Send private message

In squid.conf find "acl Safe_ports port" and add a line saying

acl Safe_ports port 85

Or add it to the existing line acl Safe_ports port 80

e.g. acl Safe_ports port 80 85

Then restart squid



valtam

396 posts

Ultimate Geek
+1 received by user: 2


  #387755 4-Oct-2010 16:21
Send private message

Perfect! Thank you very much, working well :)




Support a locally made Linux based Operating System, try Linux Lite.
Download Linux Lite

raab
262 posts

Ultimate Geek
Inactive user


  #387787 4-Oct-2010 18:02
Send private message

np



ptinson
677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  #388038 5-Oct-2010 08:44
Send private message

Looking at the IP that you posted it all looks internal to your home network, so why pass it through a proxy at all?
I would place an exception in the browser for 192.168.0.0/16 to not go to the cache.

How you do this in the browser settings is different from browser to browser of course.

I am assuming this is a proxy you have explicitly set in your browser as well:)

Paul




meat popsicle

raab
262 posts

Ultimate Geek
Inactive user


  #388045 5-Oct-2010 08:59
Send private message

I think there's a rule you can use to bypass local traffic but there's a rule in squid which blocks non standard ports so that's catching it

ptinson
677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  #388051 5-Oct-2010 09:09
Send private message

raab: I think there's a rule you can use to bypass local traffic but there's a rule in squid which blocks non standard ports so that's catching it


Absolutely there is a rule stopping it and your post showed how to fix that:), I guess i would just avoid caching it internally or even passing through the box at all when the server is on the same subnet as the client.

Not sure about the bypass on the cache though, you still pass through the proxy server and the squid daemon. You can do it with IPTables but again, its on the same subnet so best not to proxy it unless you have a specific need to.




meat popsicle

 
 
 
 

Shop now for Lego sets and other gifts (affiliate link).
muppet
2642 posts

Uber Geek
+1 received by user: 1660

Trusted

  #388134 5-Oct-2010 11:48
Send private message

valtam: Hey,

I run a Squid cache at home, one of the best things I've done for my network this year.
I need to be able to see http://192.168.0.2:85 from 192.168.0.3 and at the moment I can't.

This is the error I get on 192.168.0.3:

https://cdn.geekzone.co.nz/imagessubs/blog0e495509eb9b481d0c911fabaed354b9.jpg

192.168.0.2 is where the apache server is. Port 85 refers to my MediaPortal EPG Guide.


Sort of offtopic, but how do you force people through the proxy? Are you using PBR, or do you have to configure the proxy manually?

If you're using PBR, what router are you using @ home?

I ask because I'm doing exactly the same thing, except my netscreen has died and I was doing PBR on it.

Curious if there's another cheap and cheerful router that'll do PBR. Manually configuring proxies is too much of a PITA for me.

Tim




Audiophiles are such twits! They buy such pointless stuff: Gold plated cables, $2000 power cords. Idiots.

 

OOOHHHH HYPERFIBRE!

raab
262 posts

Ultimate Geek
Inactive user


  #388139 5-Oct-2010 11:54
Send private message

Any router with dd-wrt or tomato will work, just setup some iptables rules

For dd-wrt this is what I had, placing the below in a file, chmod +x'ing it and running it

#!/bin/sh
PROXY_IP=
PROXY_PORT=3128
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`

iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright