[squid-users] External Access to Proxy for School

From: Mr Wells <adrian.wells@dont-contact.us>
Date: Sat, 19 Jan 2008 11:21:11 +0000

Hi All,
I'm unable to access a proxy server ("proxyEXT"). Can anyone please spot what I'm doing wrong?

Note: ISP will only allow 1 connection from us to its service. (unless we pay for second account!) ;-)

overview:
I have a Squid box ("proxy") serving the whole school. Upstream proxy with main filtering is provided by ISP. Running faultlessly for many years despite 3 hardware upragades & versions of squid. THANK YOU SQUID!
This box feeds two others. "proxyINT" & "proxyEXT".
proxyINT provides controlled internet access to boarding pupils, but seperate from main school system via wireless & CAT5.
proxyEXT it to provide access for remote parts of the school via ADSL.
Each remote house will have it's own proxy providing individual pupil access control via wireless & CAT5, with proxyEXT as it's upstream parent.

clouds:
public x.x.x.97 255.255.255.240 (range from .96 to .111 ?)
private main 10.x.x.x 255.0.0.0
private boarding 192.168.1.x 255.255.255.0

connection:
ISP ->ADSL -> CISCO router (x.x.x.97)

router has 3 Boxes connected to it's Cat5 ports
x.x.x.98 Mail server (internal address 10.1.1.5)
x.x.x.100 proxy (internal address 10.1.1.6)
x.x.x.103 proxyEXT (internal address 10.1.1.61)

10.1.1.x is reserved from DHCP for server addresses.

for info:
proxyINT (working fine) has an external address 10.1.1.60, internal address 192.168.1.1

Tests:
A) set a PC to x.x.x.104 using X-cable connect directly to proxyEXT external NIC - configure Firefox to x.x.x.103:3128 - Works
B) from home - ping x.x.x.103 - Works
C) from home - VNC into proxyEXT - Works
D) tracert to x.x.x.103 - Works 17 hops
E) from home - configure web browser to x.x.x.103:3128 - not working

Test E) above. In Firefox I get a general error telling me the server took too long to respond. IE gives the DNS error page.

These errors in E)above can be reproduced by configuring the web browser to a non-existent proxy. e.g. x.x.x.104:3128

History:
Previously was unable to get test B, C of D to work either. Our ISP decided that the router (ISP maintained) may be at fault and have sent a replacement part.

Kind regards
Adrian
Received on Sat Jan 19 2008 - 04:21:59 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST