On 23/08/2013 6:13 p.m., HillTopsGM wrote:
> In trying to configure the squid.conf file to cache windows updates as per
> the wiki on this page here:
>
> http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
> <http://wiki.squid-cache.org/SquidFaq/WindowsUpdate>
>
> I am having trouble getting squid to run.
> If I paste this code:
>
>
>> acl windowsupdate dstdomain windowsupdate.microsoft.com
>> acl windowsupdate dstdomain .update.microsoft.com
>> acl windowsupdate dstdomain download.windowsupdate.com
>> acl windowsupdate dstdomain redir.metaservices.microsoft.com
>> acl windowsupdate dstdomain images.metaservices.microsoft.com
>> acl windowsupdate dstdomain c.microsoft.com
>> acl windowsupdate dstdomain www.download.windowsupdate.com
>> acl windowsupdate dstdomain wustat.windows.com
>> acl windowsupdate dstdomain crl.microsoft.com
>> acl windowsupdate dstdomain sls.microsoft.com
>> acl windowsupdate dstdomain productactivation.one.microsoft.com
>> acl windowsupdate dstdomain ntservicepack.microsoft.com
>>
>> acl CONNECT method CONNECT
>> acl wuCONNECT dstdomain www.update.microsoft.com
>> acl wuCONNECT dstdomain sls.microsoft.com
> *
>> http_access allow CONNECT wuCONNECT localnet
> *
> *
>> http_access allow windowsupdate localnet
> *
>
> . . . into my squid.conf file and save it. Squid will not restart properly.
>
> when I try to restart it i get this message:
>
>> stop: Unknown instance:
>> squid3 start/running, process 4374
> If I run 'top' I don't see it running there either.
>
> The only way I can get the squid3 service to show that it stops and restarts
> (and to show running again when I type in 'top' ) is if the code that I have
> in bold above is commented out . . . That would be these lines:
>
> *
>> http_access allow CONNECT wuCONNECT localnet
> *
> *
>> http_access allow windowsupdate localnet
> *
>
> Under the section labelled "*How do I stop Squid popping up the
> Authentication box for Windows Update?*"
>
> The first line before the code says:
>
>> Add the following to your squid.conf, assuming you have defined localnet
>> to mean your local clients. It 'MUST' be added near the top before any ACL
>> that require authentication.
> All I was doing was using the default ACL settings that come when Squid is
> installed, and I entered the code immediately after this default setting in
> the conf file:
>
>
>> # Recommended minimum configuration:
>> #
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32 ::1
>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
>>
>> # Example rule allowing access from your local networks.
>> # Adapt to list your (internal) IP networks from where browsing
>> # should be allowed
>> #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>> #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>> #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>> #acl localnet src fc00::/7 # RFC 4193 local private network range
>> #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
>> machines
Ah. I spot the mangling that Debian do to prevent Squid runngin with
default configuration file.
You need to uncomment whichever of those localnet lines are appropriate.
Add a new one if you have some other IP address range in your LAN.
>> acl SSL_ports port 443
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
> Do I have to "*defined localnet to mean your local clients*"?
Yes.
> Right now the DHCP network is assigning ips in this range: 192.168.1.0/24
Then the 192.168.*** line will probably be enough. If you have IPv6
enabled on the LAN you will also want the fe80:: one.
Amos
Received on Fri Aug 23 2013 - 07:25:22 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 23 2013 - 12:00:35 MDT