Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid 3.1.20 pkg 2.0.6 - custom option question

    pfSense Packages
    2
    4
    1060
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Legion last edited by

      I've got squid 3.1.20 with squidGuard-squid3 1.4_4 pkg v.1.9.5 running happily. Today I tried to set up a utorrent download and it fails repeatedly with messages like:

      TCP_DENIED/403 some_rfc_1918_address_but_not_in_my_local_net:utorrent's_port

      So I tried to set some custom squid.conf options like this:

      _acl utorrent src the_rfc_1918_address_utorrent_is_using/24
      acl utorrent_port port utorrent's_port
      acl CONNECT method CONNECT

      http_access allow CONNECT utorrent_

      And it still fails with the same message. So I went to my squid.conf and it seems the custom options are put right down the bottom, but earlier in the file there is:

      http_access deny CONNECT !sslports

      which I'm guessing matches well before my allow line and therefore utorrent is blocked. I'm a squid.conf noob so go easy, but is there something I'm missing, to allow utorrent past?

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        Add the ports you need as ssl ports and save config.
        IIRC, it's on access lilst tab.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • L
          Legion last edited by

          Thanks marcelloc. Doing that at least changed the error message to:

          TCP_MISS/503 0 CONNECT some_rfc_1918_address_but_not_in_my_local_net:utorrent's_port - DIRECT/some_rfc_1918_address_but_not_in_my_local_net

          Maybe it's something to do with the CONNECT method? Where I'd normally expect the GET method?

          1 Reply Last reply Reply Quote 0
          • marcelloc
            marcelloc last edited by

            @Legion:

            Thanks marcelloc. Doing that at least changed the error message to:

            TCP_MISS/503 0 CONNECT some_rfc_1918_address_but_not_in_my_local_net:utorrent's_port - DIRECT/some_rfc_1918_address_but_not_in_my_local_net

            Maybe it's something to do with the CONNECT method? Where I'd normally expect the GET method?

            This torrent maybe trying to connect via ssl, that's why you only see CONNECT on logs

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post