tor 2009-09-03 klockan 19:03 +0000 skrev Ricardo A:
> Dear Chris and Henrik,
> I'm sorry, but now cannot access webpages from outside...
> Yes I can from LAN...
>
> I repeat that is a debian Lenny webserver-fileserver-firewall (iptables-Squid 2.7-Samba 3-Apache 2, all in the same machine).
>
> The setting:
>
> Squid 2.7
>
> http_port 192.168.000.1:3128 transparent
ok.
> http_port 80 accel defaultsite=mysite.com vhost
This http_port should be bound to the public ip. Not "any address".
> cache_peer 127.0.0.1 parent 80 0 no-query originserver name=Ricardo
ok.
> cache_peer_access Ricardo mysite.com allow MyWeb
> cache_peer_access Ricardo mysite.com deny all
The above two lines looks wrong.. what is mysite.com doing there?
> Where the acl "MyWeb" is:> acl myweb dstdomain mysite.com mysite1.com mysite2.com.ar
>
> (The sites are all on the same Apache, Virtual directory)
>
> Iptables:
>
> $IPTABLES -A tcp_packets -p TCP -s 0/0 -dport 80 -j allowed
>
> $IPTABLES -t nat -A PREROUTING -i $LAN_IFACE -s $LAN_IP_RANGE -d ! $LAN_IP_RANGE -p tcp -dport 80 -j REDIRECT> -to-ports 3128
I usually do not use a source (-s) condition there, but does not matter.
Regards
Henrik
Received on Thu Sep 03 2009 - 19:39:00 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 04 2009 - 12:00:02 MDT