[ubuntu-in] Squid, ufw and http(s) port

Mehul Ved mehul.n.ved at gmail.com
Tue Jun 15 19:15:28 BST 2010 

I am trying to configure a machine to be used as a gateway and would
like the client machines connecting only through squid and not
directly. Thus, I blocked all outgoing connections except port 3128.
If I do that, I cannot open any websites until I open port 80/443. I
cannot configure transparent proxy either as authentication is
required to access some websites. I checked that the browser is using
correct proxy settings. I have also checked the same with wget and get
the same results.

$ wget http://google.com
--2010-06-15 23:40:23--  http://google.com/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:3128... failed: Connection refused.
Connecting to localhost|127.0.0.1|:3128... connected.
Proxy request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/ [following]
--2010-06-15 23:40:23--  http://www.google.com/
Connecting to localhost|127.0.0.1|:3128... connected.
Proxy request sent, awaiting response...

and it stays stuck here when ufw is enabled but goes through when ufw
is disabled

$ wget http://google.com
--2010-06-15 23:44:37--  http://google.com/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:3128... failed: Connection refused.
Connecting to localhost|127.0.0.1|:3128... connected.
Proxy request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/ [following]
--2010-06-15 23:44:37--  http://www.google.com/
Connecting to localhost|127.0.0.1|:3128... connected.
Proxy request sent, awaiting response... 302 Moved Temporarily
Location: http://www.google.co.in/ [following]
--2010-06-15 23:44:37--  http://www.google.co.in/
Connecting to localhost|127.0.0.1|:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `index.html'

    [ <=>
                                                               ] 9,352
      --.-K/s   in 0.06s

2010-06-15 23:44:38 (159 KB/s) - `index.html' saved [9352]

Here is the ufw status

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
3128/tcp                   ALLOW IN    Anywhere (log)

3128/tcp                   ALLOW OUT   Anywhere (log)

More information about the ubuntu-in mailing list