Squid to allow specific ports

PROXYsquid

I am a programmer but have now a role looking after a linux based network so this question may be a little silly. All P.C.s go through squid as the proxy server, squid is not set to block the normal "trusted" ports e.g. 80 (http) and I have also changed it to allow higher ports e.g. 4040. but when I try to open a URL containing this port number squid blocks it, e.g.

http://192.168.1.100:4040

any thoughts as to why it is doing this.

The clients are windows XP, squid is running on debian (afaik) on a VMware image.

Best Answer

Allowed ports are usually configured by the Safe_ports acl. The configuration file should have an ACL configuring a ports list. This is used in an http_access rule. My configuration has the rule http_access deny !Safe_ports.

The Debian system may be running an iptables firewall which prevents outgoing access to port 4040.

EDIT: It may be easier to read the configuration if you strip comments and blank lines from it. This should reduce the number lines you are looking at to under 50 or so. Commands to strip down the file and extract the acl data are: 

 sudo grep -v -e '^#' -e '^$' /etc/squid3/squid.conf > ~/squid.txt
 grep grep -i -e acl -e allow  -e deny squid.txt

Significant lines for your problem are:

acl localnet src 192.168.0.0/16  # RFC1918 possible internal network
acl Safe_ports port 1025-65535  # unregistered ports
http_access deny !Safe_ports
http_access allow localnet

Problem would most likely occur if unregistered ports are missing. Connection will likely fail if HTTPS is being used on the port.

Related Topic