# squid and icq [Solved]

## Nomad-71

I have installed squid proxy server and everything works great except of icq and skype. 

My squid config is

```
 acl BANNER url_regex banner bannerid reklama linkexch banpics us\.yimg\.com[\./]ad[s]?[\./]

acl all src all

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8

acl localnet src 10.0.0.0/8    # RFC1918 possible internal network

acl localnet src 172.16.0.0/12    # RFC1918 possible internal network

acl localnet src 192.168.0.0/16    # RFC1918 possible internal network

acl SSL_ports port 443

acl Safe_ports port 80        # http

acl Safe_ports port 21        # ftp

acl Safe_ports port 443        # https

acl Safe_ports port 70        # gopher

acl Safe_ports port 210        # wais

acl Safe_ports port 1025-65535    # unregistered ports

acl Safe_ports port 280        # http-mgmt

acl Safe_ports port 488        # gss-http

acl Safe_ports port 591        # filemaker

acl Safe_ports port 777        # multiling http

acl Safe_ports port 901        # SWAT

acl Safe_ports port 5190    #icq

acl purge method PURGE

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

# Only allow purge requests from localhost

http_access allow purge localhost

http_access deny purge

# Deny requests to unknown ports

http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports

http_access deny CONNECT !SSL_ports

http_access deny BANNER

http_access allow localnet

# Allow the localhost to have access by default

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

icp_access allow localnet

icp_access deny all

http_port 3128

cache_mem 128 MB

maximum_object_size 32000 KB

access_log /var/log/squid/access.log squid

refresh_pattern ^ftp:        1440    20%    10080

refresh_pattern ^gopher:    1440    0%    1440

refresh_pattern -i (/cgi-bin/|\?) 0    0%    0

refresh_pattern .        0    20%    4320

negative_ttl 1 minutes

positive_dns_ttl 6 hours

negative_dns_ttl 1 minute

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache
```

----------

## think4urs11

Whats in the squid logs?

Did you configure skype/icq to connect via port 443? All other ports are not allowed to use https connect.

----------

## Nomad-71

I have tried do connect through port 3128, now i am changed it to 443 and skype works fine. ICQ still not working, what logs i should paste?

----------

## ianw1974

ICQ requires to connect to port 5190 unless I'm mistaken.  Is that allowed via the proxy?  Or is that port not in an access list to be allowed as a safe port for example.

----------

## TSP__

 *Nomad-71 wrote:*   

> I have tried do connect through port 3128, now i am changed it to 443 and skype works fine. ICQ still not working, what logs i should paste?

 

Do something like this

```
tail -f /var/log/squid/access.log 
```

and see what's squid say when you tried to use ICQ.

----------

## Nomad-71

 *Quote:*   

> ICQ requires to connect to port 5190 unless I'm mistaken. Is that allowed via the proxy? Or is that port not in an access list to be allowed as a safe port for example.

 

yes, i have added it to safe ports

```
acl Safe_ports port 5190    #icq 

```

part of access.log 

```

1221893515.057   5130 127.0.0.1 TCP_MISS/304 388 GET http://www.fedoralinux.ru/templates/bizportal/images/menu.gif - DIRECT/89.111.173.73 -

1221893515.956    899 127.0.0.1 TCP_MISS/200 530 GET http://an.yandex.ru/code/33772?rnd=779415&direct-limit=9&charset=windows-1251&block-origin=2&page-ref=&target-ref=http%3A//www.fedoralinux.ru/ - DIRECT/77.88.21.90 text/html

1221893515.956    899 127.0.0.1 TCP_MISS/302 331 GET http://www.fedoralinux.ru/forum/viewtopic.php?id=1409&action=new - DIRECT/89.111.173.73 text/html

1221893516.356   1298 127.0.0.1 TCP_MISS/200 562 GET http://bs.yandex.ru/watch/33772?rn=766523&cnt-class=1&page-ref=&page-url=http%3A//www.fedoralinux.ru/&browser-info=j:1:s:1280x1024x24:f:9.0%20r124:t:%u0413%u043B%u0430%u0432%u043D%u0430%u044F%20-%20Fedora%20linux&wmode=1 - DIRECT/213.180.204.90 text/plain

1221893516.816    459 127.0.0.1 TCP_MISS/302 326 GET http://www.fedoralinux.ru/forum/viewtopic.php?id=1409&action=last - DIRECT/89.111.173.73 text/html

1221893517.306    490 127.0.0.1 TCP_MISS/200 41546 GET http://www.fedoralinux.ru/forum/viewtopic.php?pid=4350 - DIRECT/89.111.173.73 text/html

1221893517.706    353 127.0.0.1 TCP_MISS/200 2456 GET http://an.yandex.ru/resource/context.js?rnd=56638 - DIRECT/77.88.21.90 application/x-javascript

1221893518.107    754 127.0.0.1 TCP_MISS/304 388 GET http://www.fedoralinux.ru/forum/img/sibirsky_org/fon111.gif - DIRECT/89.111.173.73 -

1221893518.505    398 127.0.0.1 TCP_MISS/200 562 GET 

1221893518.906    798 127.0.0.1 TCP_MISS/200 4950 GET http://an.yandex.ru/code/33772?rnd=750807&direct-limit=9&charset=windows-1251&block-origin=2&page-ref=http%3A//www.fedoralinux.ru/&target-ref=http%3A//www.fedoralinux.ru/forum/viewtopic.php%3Fpid%3D4350%23p4350 - DIRECT/77.88.21.90 text/html

1221893519.405    500 127.0.0.1 TCP_MISS/304 388 GET http://www.fedoralinux.ru/forum/img/modern_bbcode/cornflower_cellpic2.gif - DIRECT/89.111.173.73 -

1221893519.805    399 127.0.0.1 TCP_MISS/200 462 GET f

1221893520.645   3313 127.0.0.1 TCP_MISS/304 388 GET http://www.fedoralinux.ru/forum/img/sibirsky_org/back.gif - DIRECT/89.111.173.73 -

1221893521.518   3012 127.0.0.1 TCP_MISS/200 12199 GET http://forums.gentoo.org/ - DIRECT/140.211.166.170 text/html

1221893591.976    512 127.0.0.1 TCP_DENIED/403 1384 CONNECT login.messaging.aol.com:5190 - NONE/- text/html

1221893630.001    502 127.0.0.1 TCP_DENIED/403 1384 CONNECT login.messaging.aol.com:5190 - NONE/- text/html

1221893705.541    496 127.0.0.1 TCP_DENIED/403 1384 CONNECT login.messaging.aol.com:5190 - NONE/- text/html

1221893856.151    498 127.0.0.1 TCP_DENIED/403 1384 CONNECT login.messaging.aol.com:5190 - NONE/- text/html

1221893954.947    496 127.0.0.1 TCP_DENIED/403 1384 CONNECT login.messaging.aol.com:5190 - NONE/- text/html

1221893958.747   1797 127.0.0.1 TCP_MISS/200 7439 GET http://www.gentoo.org/ - DIRECT/209.177.148.228 text/html

1221893966.067   1072 127.0.0.1 TCP_MISS/200 51572 GET http://tutu.ru/ - DIRECT/87.242.73.175 text/html

1221893966.866    788 127.0.0.1 TCP_MISS/200 697 GET http://tutu.ru/favicon.ico - DIRECT/87.242.73.175 image/x-icon

1221893966.866    787 127.0.0.1 TCP_MISS/200 11214 GET http://tutu.ru/css.css - DIRECT/87.242.73.175 text/css

1221893967.866   1000 127.0.0.1 TCP_MISS/200 3831 GET http://tutu.ru/i/tutu.jpg - DIRECT/87.242.73.175 image/jpeg

1221893967.866    986 127.0.0.1 TCP_MISS/200 738 GET http://tutu.ru/i/selector_l.gif - DIRECT/87.242.73.175 image/gif

1221893968.366   1483 127.0.0.1 TCP_MISS/302 324 GET http://d8.c2.b9.a0.top.list.ru/counter?id=600067 - DIRECT/194.67.45.125 -

1221893969.166   1300 127.0.0.1 TCP_MISS/200 1205 GET http://ad4.tutu.ru/758_90_1_m.php - DIRECT/89.111.189.13 text/html

1221893969.166   2284 127.0.0.1 TCP_MISS/200 2144 GET http://ad4.tutu.ru/468_60_m.php - DIRECT/89.111.189.13 text/html

1221893969.865   2000 127.0.0.1 TCP_MISS/200 612 GET 

1221893971.166   2000 127.0.0.1 TCP_MISS/200 400 GET http://counter.yadro.ru/hit;tutu_elec?r;s1280*1024*24;uhttp%3A//tutu.ru/;0.08191193951038445 - DIRECT/88.212.196.66 image/gif

1221893971.166   2000 127.0.0.1 TCP_MISS/200 1081 GET http://counter.rambler.ru/top100.cnt?499475 - DIRECT/81.19.70.13 image/gif

1221893971.166   2000 127.0.0.1 TCP_MISS/200 2878 GET http://www.tutu.ru/js/gemius.js - DIRECT/87.242.73.175 application/x-javascript

1221893971.766    600 127.0.0.1 TCP_DENIED/403 1420 GET http://ad4.tutu.ru/advert/www/delivery/lg.php?bannerid=12&campaignid=5&zoneid=13&loc=http%3A%2F%2Fad4.tutu.ru%2F468_60_m.php&referer=http%3A%2F%2Ftutu.ru%2F&cb=69bc814a8e - NONE/- text/html

1221893973.365   3500 127.0.0.1 TCP_MISS/200 664 GET http://top4.mail.ru/counter?id=600067;FTID=0;VID=1TCEli3NV9WZ - DIRECT/194.67.45.101 image/gif
```

----------

## think4urs11

 *Nomad-71 wrote:*   

> 
> 
> ```
> 1221893591.976    512 127.0.0.1 TCP_DENIED/403 1384 CONNECT login.messaging.aol.com:5190 - NONE/- text/html
> 
> ...

 

This is your problem. ICQ attempts to connect via port 5190.

As already said with your config only port 443 is allowed for method connect. Either reconfigure your ICQ client to use port 443 or add port 5190 to SSL_ports.

----------

## ianw1974

If you try to use telnet like this:

```
[ian@esprit ~]$ telnet login.messaging.aol.com 5190

Trying 205.188.179.233...

Connected to login.messaging.aol.com (205.188.179.233).

Escape character is '^]'.

*�Connection closed by foreign host.
```

does it work?  This will help rule out some config problem with ICQ.

----------

## think4urs11

 *ianw1974 wrote:*   

> If you try to use telnet like this:

 

would help only if internal clients are allowed to connect directly to external addresses.

If/when only the proxy can conect to outside the telnet-test from an internal box is useless as it'll always fail.

----------

## ianw1974

Aye true, wasn't sure if a firewall could be blocking it also and wasn't sure if squid was configured as transparent proxy or not to capture all traffic before it was being forwarded  :Smile: 

----------

## Nomad-71

 *Quote:*   

> This is your problem. ICQ attempts to connect via port 5190.
> 
> As already said with your config only port 443 is allowed for method connect. Either reconfigure your ICQ client to use port 443 or add port 5190 to SSL_ports

 

thank you.[/quote]

----------

