RE: [squid-users] Squid 2.7: Request from LAN UNABLE to FORWARD or CONNECTION REFUSED or ACCESS DENIED

 
Yes, you're right, you told me. But there is one detail that I did not comment then, to not lengthen the thing (and because I figured it did not matter): the public IP is dynamic and is routed using a script to ZoneEdit.
Then, because Amos told me to leave http_port 80 bind to all...

About this, do you have any trick to set the dynamic IP in this Squid sentence?
I have a small script, "Ipofif", inserted between variables in iptables, and when running shows the IP of the NIC... Could I "embedded" in some way in this line of http_port to display the IP?
 
Any solution? Or, if the problem is caused by dynamic IP in accelerator mode, will I have to remove it?
 
Regards
Richard
 
----------------------------------------
> Date: Thu, 3 Sep 2009 11:39:27 -0800
> From: crobertson_at_gci.net
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Squid 2.7: Request from LAN UNABLE to FORWARD or CONNECTION REFUSED or ACCESS DENIED
>
> Ricardo A wrote:
>> Dear Chris and Henrik,
>> I'm sorry, but now cannot access webpages from outside...
>> Yes I can from LAN...
>>
>> I repeat that is a debian Lenny webserver-fileserver-firewall (iptables-Squid 2.7-Samba 3-Apache 2, all in the same machine).
>>
>> The setting:
>>
>> Squid 2.7
>>
>> http_port 192.168.000.1:3128 transparent
>> http_port 80 accel defaultsite=mysite.com vhost
>>
>
> As I stated in my first email, this line should be...
>
> http_port 192.168.0.1:80 accel defaultsite=mysite.com vhost
>
> ...because just using the port tells Squid to bind to all interfaces.
> You need to limit it to the public interface so Apache can bind to the
> loopback.
>
>> cache_peer 127.0.0.1 parent 80 0 no-query originserver name=Ricardo
>> cache_peer_access Ricardo mysite.com allow MyWeb
>> cache_peer_access Ricardo mysite.com deny all
>>
>> Where the acl "MyWeb" is:> acl myweb dstdomain mysite.com mysite1.com mysite2.com.ar
>>
>> (The sites are all on the same Apache, Virtual directory)
>>
>> Iptables:
>>
>> $IPTABLES -A tcp_packets -p TCP -s 0/0 -dport 80 -j allowed
>>
>> $IPTABLES -t nat -A PREROUTING -i $LAN_IFACE -s $LAN_IP_RANGE -d ! $LAN_IP_RANGE -p tcp -dport 80 -j REDIRECT> -to-ports 3128
>>
>> Apache 2:
>>
>> port.conf
>>
>> LISTEN 127.0.0.1:80
>> ------------
>> With these settings, Apache 2 again warn:
>>
>> apache2(98)Address already in use: make_sock: could not> bind to address [::]:80> (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80> no listening sockets available, shutting down> Unable to open logs
>>
>> Thanks in advance...
>> Ricardo
>>
>
> Chris
>
_________________________________________________________________
Learn how to add other email accounts to Hotmail in 3 easy steps.
http://clk.atdmt.com/UKM/go/167688463/direct/01/
Received on Thu Sep 03 2009 - 21:47:44 MDT