[squid-users] Squid in DMZ Help from cdwz on 2003-09-12 (squid-users)

From: cdwz <cdwz@dont-contact.us>
Date: Fri, 12 Sep 2003 19:42:03 -0300

Hello all,

I am a newbie in Linux world and have been working for 3
weeks in a lab network test that has the following layout:

Internet---ExternalFirewall--Squid--InternalFirewall--LAN

The LAN clients are SecureNat having the InternalFirewall's
(an ISA Server) LAN Interface as Gateway.
I want Squid to act as a Proxy Server to my LAN Clients and
the problem is that these clients are not able
to connect to the internet neither when ISA is configured to
have Squid as an Upstream Proxy Server nor as the Gateway of
ISA's DMZ interface.
Even if I set these secureNAT clients also as WebClients, ths
Squid access.log shows no connections.
On the other hand, when I set ISA's Gateway to
ExternalFirewall's DMZ interface IP, clients can connect to
the internet.
Also, from Squid I am able to ping and resolve internet
names.
The squid client is able to connect to the internet too and
leaves its signature in access.log.
ExtFw DMZ IP: 175.17.6.11, DG:none
SQUID IP: 175.17.6.1, DG:175.17.6.11
IntFw DMZ IP: 175.17.6.5, DG:175.17.6.(1 or 11)
IntFw LAN IP: 192.168.1.10, DG:none
My LAN is 192.168.1.0/24, DMZ 175.17.6.0/24
The Linux is running Squid and Postfix, no IPTables. Its
Gateway is the ExternalFirewall's DMZ interface IP.
I have already set Squid to listen on port 3128 and 80,
enabled httpd accelerated mode on port 80 and 3128, set
httpd_accel_host to virtual and to the ExternalFirewall's DMZ
interface IP with no positive result.
If I put a computer client in the DMZ it is able to connect
to the internet only as a WebClient, not as SecureNAT (having
squid as proxy/gateway). No records in access.log.

My squid.conf is simple:
http_port 3128
acl all 0.0.0.0/0.0.0.0
http_access allow all

and also tested with:
(httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on )

Is there any conceptual error here? I am not sure whether I
need Squid in Accelerated mode.
Must Squid be between subnets, acting as a gateway to all
this work?

Comments would be great!

Tia,

Claudius

---
Acabe com aquelas janelinhas que pulam na sua tela.
AntiPop-up UOL - É grátis! 
http://antipopup.uol.com.br

Received on Fri Sep 12 2003 - 16:41:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:43 MST