Link to home
Start Free TrialLog in
Avatar of supacon
supacon

asked on

How to Disable/Turn off Squid Cache/Proxy Server

I've got a CentOS 4.4 Linux machine that acts as a router for a smaller office network.  We have a lot of problems with squid screwing up access to certain sites, giving errors like:
    * Connection to 64.141.17.170 Failed
The system returned:
    (111) Connection refused
The remote host or network may be down. Please try the request again.

Even though the remote host is clearly accessible through diagnostic tools like ping, etc.

Also, we often have problems accessing sites and you have to reload multiple times until it lets you through.  I'd like to just disable squid because we really don't need any of its features... but if I do that, like through yum remove or something, HTTP access becomes completely broken.

I'm not sure what I need to do to allow this machine to allow http traffic through with squid disabled - is this likely an IPTables configuration thing?  I can't find anything really relevant in our configuration that seems pertinent to squid.

Avatar of ravenpl
ravenpl
Flag of Poland image

To disable transparent to-squid redirection You indeed have to modify iptables, please bring here
/etc/sysconfig/iptables
file, We'll tell You how to modify.
Avatar of supacon
supacon

ASKER

Ay, that's what I thought.  Here's my iptables file:


# Generated by iptables-save v1.2.11 on Fri Jun 22 12:53:09 2007
*mangle
:PREROUTING ACCEPT [9020:2188071]
:INPUT ACCEPT [7507:1735118]
:FORWARD ACCEPT [1333:391483]
:OUTPUT ACCEPT [7068:1577569]
:POSTROUTING ACCEPT [8403:1969528]
COMMIT
# Completed on Fri Jun 22 12:53:09 2007
# Generated by iptables-save v1.2.11 on Fri Jun 22 12:53:09 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7068:1577569]
:PREROUTING - [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i eth2 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -j RH-Firewall-1-INPUT
#-A FORWARD -o eth2 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
#-A FORWARD -i eth2 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
#-A FORWARD -o eth1 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
#-A FORWARD -i eth1 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A FORWARD -j ACCEPT
-A FORWARD -d 192.168.0.85 -i eth2 -o eth1 -p tcp -m tcp --dport 3389 -j ACCEPT
-A OUTPUT -o eth2 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A RH-Firewall-1-INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.200.0/255.255.255.0 -p udp -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.200.0/255.255.255.0 -p udp -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.200.0/255.255.255.0 -p tcp -m tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.200.0/255.255.255.0 -p tcp -m tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 9997 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 500 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 1701 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5061 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 5061 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 67 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Jun 22 12:53:09 2007
# Generated by iptables-save v1.2.11 on Fri Jun 22 12:53:09 2007
*nat
:PREROUTING ACCEPT [364:90533]
:POSTROUTING ACCEPT [38:4706]
:OUTPUT ACCEPT [91:34208]
-A PREROUTING -s 192.168.200.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -i eth2 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.200.155:3389
-A POSTROUTING -s 192.168.200.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Fri Jun 22 12:53:09 2007

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of ravenpl
ravenpl
Flag of Poland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of supacon

ASKER

Weird... I was sure that I already tried that but it wasn't working.  In any case, I have no more squid problems - thanks!
Have it worked now?
Maybe You were not restarting iptables service but whole box?