Re: [squid-users] routing OR different IP address

Ok.

When I finish the acl tomorrow, I will send you an update.

What I will also do, I will see if I can put together a small squid page on
our site for squid users for problems like minds. This will cut down on some
of the emails you will have to answer.

I am a 6 week old linux/squid user.

I guest I am a newbaby to both worlds.

Thank you very much.

Best regards,

Edward Millington
(Network Administrator & Senior Technical Support Technician)
Cariaccess Communications Ltd.
Wildey
St. Michael
Barbados
1-246-430-7435
Fax : 1-246-431-0170
www.cariaccess.com

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Edward" <edward@cariaccess.com>
Cc: "squid" <squid-users@squid-cache.org>
Sent: Sunday, May 06, 2001 3:51 PM
Subject: Re: [squid-users] routing OR different IP address

> Edward wrote:
>
> > I have the a policy route to the cache on one ip address.
> >
> > eg
> > access-list 110 deny tcp any any neq www
> > access-list 110 deny tcp host 200.50.68.7 any
> [...]
> > The other IP is 64.110.11.2.
> >
> > As you can see here, the ciso is only sending to the 200.50.68.7.
> >
> > What I believe here, after sending you that email, 64.110.11.2 is not
> > getting pass the router faste0/0 interface.
>
> Correct. Your Cisco does not know that 64.110.11.2 should not be
> redirected to 200.50.68.7.
>
> I seem to remember that your clients is actually on different subnets
> than your servers. In such case it is probably better to reverse the
> router ACL to tell what should be redirected rather than what should
> not. I.e. only redirect your client networks to the proxy.
>
> > If that is the case then I will have to add
> >
> > access-list 110 deny tcp host 64.110.11.2 any
> >
> > to the access-list.
> >
> > What do you think Henrik?
>
> Not a Cisco expert, but it looks like a step in the correct direction.
>
> --
> Henrik Nordstrom
> Squid Hacker
>
Received on Sun May 06 2001 - 16:10:07 MDT