RE: [squid-users] whitelisted IP problem

From: Vishal Agarwal <vishal_at_norpknit.com>
Date: Tue, 20 Mar 2012 10:44:06 +0600

The LAN network should be 192.168.1.0/24 , not /32.

Thanks/regards,
Vishal Agarwal

-----Original Message-----
From: Vijay S [mailto:vijay_at_reactmedia.com]
Sent: Tuesday, March 20, 2012 12:02 AM
To: namasenda_at_gmail.com
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] whitelisted IP problem

I have mentioned my LAN network as 192.168.1.0/32
was that not enough, am i missing something in below configuration?

On Mon, Mar 19, 2012 at 11:28 PM, Edmonds Namasenda <namasenda_at_gmail.com>
wrote:
> You might need a firewall of sorts.
> And, you need to specify your LAN's network (s) in Squid conf.
>
> I.P.N Edmonds
> Systems | Networks | ICTs
> UgM: +256 71 227 3374 | TzM: +255 68 422 1561
> # 22249, Kampala Uganda.
>
> -----Original Message-----
> From: Vijay S <vijay_at_reactmedia.com>
> Date: Mon, 19 Mar 2012 23:22:30
> To: <namasenda_at_gmail.com>; <squid-users_at_squid-cache.org>
> Subject: Re: [squid-users] whitelisted IP problem
>
> DO i have to do any IP tables configurations for this as well?
>
> On Mon, Mar 19, 2012 at 10:57 PM, Vijay <vijay_at_reactmedia.com> wrote:
>> I am still a beginner, I googled some site and found this configuration
>> initially it was this
>>
>>
>> #
>> # Recommended minimum configuration:
>> #
>> acl manager proto cache_object
>> acl server src 192.168.1.10
>> acl localhost src 192.168.1.0/32 ::1
>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
>>
>>
>> # Example rule allowing access from your local networks.
>> # Adapt to list your (internal) IP networks from where browsing
>> # should be allowed
>> acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
>> acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>> acl localnet src fc00::/7       # RFC 4193 local private network range
>> acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
>> machines
>>
>> acl SSL_ports port 443
>> acl Safe_ports port 80          # http
>> acl Safe_ports port 21          # ftp
>> acl Safe_ports port 443         # https
>> acl Safe_ports port 70          # gopher
>> acl Safe_ports port 210         # wais
>> acl Safe_ports port 1025-65535  # unregistered ports
>> acl Safe_ports port 280         # http-mgmt
>> acl Safe_ports port 488         # gss-http
>> acl Safe_ports port 591         # filemaker
>> acl Safe_ports port 777         # multiling http
>> acl CONNECT method CONNECT
>>
>> #
>> # Recommended minimum Access Permission configuration:
>> #
>> # Only allow cachemgr access from localhost
>> http_access allow manager localhost server
>> http_access deny manager
>>
>> # Deny requests to certain unsafe ports
>> http_access deny !Safe_ports
>>
>> # Deny CONNECT to other than secure SSL ports
>> http_access deny CONNECT !SSL_ports
>>
>> # We strongly recommend the following be uncommented to protect innocent
>> # web applications running on the proxy server who think the only
>> # one who can access services on "localhost" is a local user
>> #http_access deny to_localhost
>>
>> #
>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>> #
>>
>> # Example rule allowing access from your local networks.
>> # Adapt localnet in the ACL section to list your (internal) IP networks
>> # from where browsing should be allowed
>> http_access allow localnet
>> http_access allow localhost server
>>
>> # And finally deny all other access to this proxy
>> http_access deny all
>>
>> # Squid normally listens to port 3128
>> http_port 3128
>>
>> # We recommend you to use at least the following line.
>> hierarchy_stoplist cgi-bin ?
>>
>> # Uncomment and adjust the following to add a disk cache directory.
>> #cache_dir ufs /var/spool/squid 100 16 256
>>
>> # Leave coredumps in the first cache dir
>> coredump_dir /var/spool/squid
>>
>> # Add any of your own refresh_pattern entries above these.
>> refresh_pattern ^ftp:           1440    20%     10080
>> refresh_pattern ^gopher:        1440    0%      1440
>> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
>> refresh_pattern .               0       20%     4320
>>
>>
>> visible_hostname reactmedia.com
>>
>> debug_options ALL,1 33,2 28,9
>>
>> tcp_outgoing_address 122.166.1.184
>>
>>
>>
>> Thanks & Regards
>> Vijay
>>
>>
>> -----Original Message-----
>> From: Edmonds Namasenda [mailto:namasenda_at_gmail.com]
>> Sent: Monday, March 19, 2012 10:33 PM
>> To: Vijay S; squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] whitelisted IP problem
>>
>> Vijay,
>> Just a quick look has shown me you did not specify your network and there
>> are a few typo errors.
>> Re-adjust, test, and fill us in some more.
>>
>> I.P.N Edmonds
>> Systems | Networks | ICTs
>> UgM: +256 71 227 3374 | TzM: +255 68 422 1561 # 22249, Kampala Uganda.
>>
>> -----Original Message-----
>> From: Vijay S <vijay_at_reactmedia.com>
>> Date: Mon, 19 Mar 2012 22:28:03
>> To: <squid-users_at_squid-cache.org>
>> Subject: [squid-users] whitelisted IP problem Hi
>>
>> I have a my server box hosting apache and squid on centos machine.
>> When I send my request for clients feeds it works as they have
whitelisted
>> my IP address, and when I make the call via squid its give me invalid IP.
I
>> checked the access log for more information and found out instead of
sending
>> my IP address its sending the localhost IP address (127.0.0.1).
>>
>> I googled a little and found that using tcp_outgoing_address directive I
can
>> control the outgoing IP address  and to my bad luck this didn't work
>>
>> My configuration file is as follows
>>
>> acl all src all
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
>> 127.0.0.0/32 acl SSL_ports port 443
>> acl Safe_ports port 80          # http
>> acl Safe_ports port 21          # ftp
>> acl Safe_ports port 443         # https
>> acl Safe_ports port 70          # gopher
>> acl Safe_ports port 210         # wais
>> acl Safe_ports port 1025-65535  # unregistered ports
>> acl Safe_ports port 280         # http-mgmt
>> acl Safe_ports port 488         # gss-http
>> acl Safe_ports port 591         # filemaker
>> acl Safe_ports port 777         # multiling http
>> acl CONNECT method CONNECT
>>
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>>
>> http_access allow localhost
>> http_access deny all
>>
>> icp_access allow all
>>
>> http_port 3128
>>
>> visible_hostname loclahost
>> debug_options ALL,1 33,2 28,9
>> tcp_outgoing_address 122.166.1.184
>>
>> Can somebody help me with configuration for the my servers. It will be of
>> great help.
>>
>> Thanks & Regards
>> Vijay
>>
Received on Tue Mar 20 2012 - 04:44:03 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 20 2012 - 12:00:04 MDT