 | | | Squid Problems | Squid Problems 2003-05-09 - By Zimbizi H
Back
PART OF MY SQUID IS READS THIS
acl all src 0.0.0.0/0.0.0.0
acl tsd src 190.0.0.50/255.255.255.255
acl web src 190.0.0.6-15/255.255.255.255
acl exchange src 190.0.0.41/255.255.255.255
acl ads dstdomain .doubleclick.net ads.icq.com
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny ads
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow exchange
http_access allow tsd
http_access allow web
http_access deny all
-- --Original Message-- --
From: Tony Nugent [mailto:tony@(protected)]
Sent: Monday, May 05, 2003 1:57 AM
To: Redhat 7. 2 Enigma Mailing List
Subject: Re: Squid Problems
On Sun May 04 2003 at 15:24, Zimbizi H wrote:
> I am running squid on linux 7.2 server and have failed to solve this
> problem. I running a windows based web server inside my lan and have
> therefore configured my squid as httpaccelerator server. I can access my
web
> quite well from the internet. but from inside my lan I get proxy access
> denied.
Without looking at your /etc/squid/squid.conf file and knowing the
configuration of your network, it is hard to give specific help.
But this would almost certainly be an ACL (access control list)
configuration issue... make sure that you have things configured so
that you are denying access to everyone except those hosts from
within your own network. Remember that the access rules are
evaluated in order (top-to-bottom) in squid.conf, so if want to deny
everyone except one (or more) ACL group(s) then you must specify the
group(s) and then "http deny all".
> Iam not running dns server infact my linux dns server is forwarding
> everything to my isp.
You should run a cache-only nameserver either on the same box or
another local one. Squid (and email) can be demanding on DNS
services, and having lookups cached locally can save a lot of time
and traffic, and greating improve performance.
> I am also running iptables.
That could be the problem (but you give no details). I assume that
you have not blocked access to your squid proxy. What does the
output of "netstat -plutn" tell you?
Are you attempting to run this on a firewall as a transparent proxy?
There are some tricks to this to get it right, but it isn't hard.
Have a search at google for "transparent proxy squid iptables" (or
similar) and you'll get lots of links to information that will point
you in the right direction.
> could any body out there
> help me figure out what could be wrong on my squid proxy
At this point, all we can do with your cry for help is to point you
in the right direction to be able to find and fix the problem for
yourself :)
Good luck.
Cheers
Tony
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
enigma-list mailing list
enigma-list@(protected)
https://listman.redhat.com/mailman/listinfo/enigma-list
Earn $52 per hosting referral at Lunarpages.
|
|
|