RE: [squid-users] gShield+2 private networks + squid

I changed squid.conf as follows.

acl local-servers dstdomain <snip>.com
acl sub1-servers dst 192.168.1.0/255.255.255.0
acl sub0-servers src 192.168.0.0/255.255.255.0
always_direct allow local-servers
always_direct allow sub0-servers
always_direct allow sub1-servers

Since the user is on the .0 subnet and the web server is on the .1.
It still doesn't work.
I'm thinking that even though the proxy sends it direct, the firewall is
forcing it to go to proxy no matter what.

-Patrick
-----Original Message-----
From: Colin Campbell [mailto:sgcccdc@citec.qld.gov.au]
Sent: Thursday, March 21, 2002 8:36 PM
To: Zbigniew
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] gShield+2 private networks + squid

Hi,

On Thu, 21 Mar 2002, Zbigniew wrote:

> I'm using iptables/gShield on my firewall that is in front of two
> private subnets, 192.168.0 and 192.168.1.
> If I force all http traffic, using gshield/iptables, to the proxy
server
> which is currently on the firewall I can no longer access a webserver
on
> that .1 subnet from the .0 subnet.
>
> In squid.conf I have:
>
> acl local-servers dstdomain mydomain.com
> acl sub1-servers src 192.168.1.0/255.255.255.0
> acl sub0-servers src 192.168.0.0/255.255.255.0
> always_direct allow local-servers
> always_direct allow sub0-servers
> always_direct allow sub1-servers
>
> But that doesn't seem to do anything.

You probably want "dst" instead of "src" in some of those. For web
servers
you are trying to get "to", use "dst".

Colin
Received on Fri Mar 22 2002 - 08:39:50 MST