[squid-users] configuring ip address ranges allowed to use my squid server...

From: Rick Coloccia <coloccia@dont-contact.us>
Date: Sat, 22 Jun 2002 14:06:32 -0400

Hi Everyone-

I'm new to the list, and pretty new to squid.

I've been through the FAQs and done a few google searches to no avail, so
here comes my question:

I've got a linux redhat 7.3 firewall set up, running iptables, gated,
etc. It's also running squid 2.4stable6. I have it running in transparent
proxy mode (although when in that mode, it does properly proxy anyone who
sets their browser settings to the name and port of the squid service)

Anyhow, I really should restrict which addresses the service will proxy for.

This is done in /proxy/squid/etc/squid.conf on my system, in the Access
Controls section.

I'd like to say something like:

only addresses from lan x.y.0.0/255.255.0.0 and x.y.z.0/255.255.248.0 will
be serviced by squid.

so I did this:
acl all 0.0.0.0/0.0.0.0
acl net1 x.y.0.0/255.255.0.0
acl net2 x.y.z.0/255.255.248.0

and then I did

httpd_access allow net1
httpd_access allow net2
httpd_access deny all

This doesn't seem to work, though, and I can't hit the proxy from net2...

Should it be:

httpd_access allow net1 net2
httpd_access deny !net1 !net2

I'd appreciate some suggestions... Thanks so much, Everyone!

-Rick

-------------
Rick Coloccia
Network Analyst
SUNY Geneseo
124B2 South Hall
Geneseo, NY 14454
Voice: (585) 245-5577
Fax: (585) 245-5579
Received on Sat Jun 22 2002 - 12:06:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:46 MST