Results 1 to 3 of 3

Thread: Setting up squid proxy behind firewall. Argh!

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Location
    Reading, Berkshire
    Posts
    1,250
    Thanks
    64
    Thanked
    53 times in 34 posts
    • tfboy's system
      • Motherboard:
      • MSI X470 Gaming Plus
      • CPU:
      • AMD Ryzen 7 2700
      • Memory:
      • 2x8GB Corsair Vengeance LPX)
      • Storage:
      • Force MP600 1TB PCIe SSD
      • Graphics card(s):
      • 560 Ti
      • PSU:
      • Corsair RM 650W
      • Case:
      • CM Silencio 550
      • Operating System:
      • W10 Pro
      • Monitor(s):
      • HP LP2475w + Dell 2001FP
      • Internet:
      • VM 350Mb

    Setting up squid proxy behind firewall. Argh!

    This is driving me nuts!

    I'm trying to set up a RHEL box in a DMZ to act as a proxy server for other machines in the LAN. The idea is that all the other machines won't have direct internet access, they'll all have to go through the proxy as the single point of internet access. We have installed a Juniper SRX firewall and the zones and security policies have been set up to allow the squid proxy full internet access via a NATed IP.

    What works:
    - Direct internet access from the squid box (bypassing proxy)
    - Proxy access from the squid box works (so firefox has localhost as proxy address to use with default port 3128).

    However, trying to use any other machine with the proxy does not work. I get either garbage data, a 400 bad request or the proxy returns an html page saying that the url is invalid.

    This is even with a machine in the same DMZ subnet as the squid box so it's not a routing issue.

    Basic settings:
    - default squid proxy 3.1 configuration file (so it permits the used IPs). Running RHEL 5.8.
    - firewalls, etc, all configured to allow content

    Any ideas where to start looking?

    Thanks

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Location
    Reading, Berkshire
    Posts
    1,250
    Thanks
    64
    Thanked
    53 times in 34 posts
    • tfboy's system
      • Motherboard:
      • MSI X470 Gaming Plus
      • CPU:
      • AMD Ryzen 7 2700
      • Memory:
      • 2x8GB Corsair Vengeance LPX)
      • Storage:
      • Force MP600 1TB PCIe SSD
      • Graphics card(s):
      • 560 Ti
      • PSU:
      • Corsair RM 650W
      • Case:
      • CM Silencio 550
      • Operating System:
      • W10 Pro
      • Monitor(s):
      • HP LP2475w + Dell 2001FP
      • Internet:
      • VM 350Mb

    Re: Setting up squid proxy behind firewall. Argh!

    Hmm, after a bit of digging, it looks like the "garbage" appears only on routed proxy traffic (client on different subnet to squid proxy server)



    the "Error" page appears only when client is on same subnet to squid proxy server:


    I've edited out the end of the FQDN for anonymity.

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Location
    Reading, Berkshire
    Posts
    1,250
    Thanks
    64
    Thanked
    53 times in 34 posts
    • tfboy's system
      • Motherboard:
      • MSI X470 Gaming Plus
      • CPU:
      • AMD Ryzen 7 2700
      • Memory:
      • 2x8GB Corsair Vengeance LPX)
      • Storage:
      • Force MP600 1TB PCIe SSD
      • Graphics card(s):
      • 560 Ti
      • PSU:
      • Corsair RM 650W
      • Case:
      • CM Silencio 550
      • Operating System:
      • W10 Pro
      • Monitor(s):
      • HP LP2475w + Dell 2001FP
      • Internet:
      • VM 350Mb

    Re: Setting up squid proxy behind firewall. Argh!

    Problem solved.

    And, it was VMware of all things! Previous install was running initial ESXi 5.0.0, and since upgrading it to 5.0 Update 1, everything's started working and I haven't changed any configs!

    99% of the time, I love VMware, but for that other 1%

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •