You mention you are able to get to the Proxy server from the User Lan,, but are
you able to get to the User Lan from Your Proxy Server. Does your Firewall know
about this box and does it have a rule for it ?
"Dr. Michael Weller" wrote:
> On Mon, 9 Jul 2001, Larsson, Carl wrote:
>
> > Hi!
> >
> > I have installed a squid proxy server in my network and can't seem to get it
> > to work. The server is installed on between to LAN's and the user is on a
> > third. I have opened the http port in my firewall to the proxy server but
> > nothing seems to happened on the squid server.
> > I have also added an acl in the squid.conf file for the user LAN.
> >
> > I works to access Internet from the squid server locally and to use it form
> > the same LAN as it is installed. But the purpose if this server is to have
> > it behind a firewall to increase the security of the user LAN.
> >
> > This is a small map of the environment.
> >
> > Internet -> Lan1 ->Squid server -> Lan2 ->Firewall -> User LAN
> >
> > I have ensured in the Firewalls log that the signals goes threw to the squid
> > server.
> >
> > Does anyone have any ideas or hints to give me?
>
> Hmm, difficult. Can you ping or telnet or etc the squid server from
> the User LAN (provided the firewall is setup to allow that). Actually
> for debugging I'd suggest you setup the firewall to a pass-through mode,
> then add rules to locate the problem.
>
> What you describe, looks to me like two possible causes:
>
> a) The clients in the user lan are configured wrong and don't try to use
> the proxy at all.
>
> b) Also you think it is, the firewall is configured wrong and doesn't let
> pass the connection (at least not as you'd need it).
>
> If a) and b) are checked (like you say), maybe:
>
> c) How does the firewall deal with the User lan connections? Does it do
> NAT/masquerading for them (which isn't strictly needed in your setup),
> and does it do that right?
>
> Or, if it doesn't do NAT/masquerading, you are well aware that you'd
> need a TCP route back to the user lan through the firewall on the squid
> server, are you? Maybe this is the most likely cause actually.
>
> Connection attempts would remain in an embryonic state and not
> be signalled to squid in this case.
>
> Michael.
>
> --
>
> Michael Weller: eowmob@exp-math.uni-essen.de, eowmob@ms.exp-math.uni-essen.de,
> or even mat42b@spi.power.uni-essen.de. If you encounter an eowmob account on
> any machine in the net, it's very likely it's me.
-- A. Lester Burke Network Analyst Arlington Public Schools, VA V 703-228-6057 E leburke@mindspring.comReceived on Mon Jul 09 2001 - 06:59:33 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:04 MST