RE: [squid-users] configuring ip address ranges allowed to use my squid server...

From: David Norton <davidn@dont-contact.us>
Date: Sat, 22 Jun 2002 22:54:19 +0200

I think you missed out a very important key work on the acl lines.

Should be

acl all src 0.0.0.0/0.0.0.0
acl net1 src x.y.0.0/255.255.0.0
acl net2 src x.y.z.0/255.255.248.0

httpd_access allow net1
httpd_access allow net2
httpd_access deny all

That should sort out the problem.

David Norton

-----Original Message-----
From: Rick Coloccia [mailto:coloccia@geneseo.edu]
Sent: 22 June 2002 08:07 PM
To: squid-users@squid-cache.org
Subject: [squid-users] configuring ip address ranges allowed to use my
squid server...

Hi Everyone-

I'm new to the list, and pretty new to squid.

I've been through the FAQs and done a few google searches to no avail,
so
here comes my question:

I've got a linux redhat 7.3 firewall set up, running iptables, gated,
etc. It's also running squid 2.4stable6. I have it running in
transparent
proxy mode (although when in that mode, it does properly proxy anyone
who
sets their browser settings to the name and port of the squid service)

Anyhow, I really should restrict which addresses the service will proxy
for.

This is done in /proxy/squid/etc/squid.conf on my system, in the Access
Controls section.

I'd like to say something like:

only addresses from lan x.y.0.0/255.255.0.0 and x.y.z.0/255.255.248.0
will
be serviced by squid.

so I did this:
acl all 0.0.0.0/0.0.0.0
acl net1 x.y.0.0/255.255.0.0
acl net2 x.y.z.0/255.255.248.0

and then I did

httpd_access allow net1
httpd_access allow net2
httpd_access deny all

This doesn't seem to work, though, and I can't hit the proxy from
net2...

Should it be:

httpd_access allow net1 net2
httpd_access deny !net1 !net2

I'd appreciate some suggestions... Thanks so much, Everyone!

-Rick

-------------
Rick Coloccia
Network Analyst
SUNY Geneseo
124B2 South Hall
Geneseo, NY 14454
Voice: (585) 245-5577
Fax: (585) 245-5579
Received on Sat Jun 22 2002 - 14:54:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:46 MST