* squid acl problem
@ 2007-09-24 16:06 Luca Ferrari
0 siblings, 0 replies; 2+ messages in thread
From: Luca Ferrari @ 2007-09-24 16:06 UTC (permalink / raw)
To: linux-admin
Hi all,
I'm running squid on ubuntu server 7.04 (squid 2.6) and I'm getting a trobule
copying the old config (worked on squid 2.4) to the new squid.
I'd like to use the squid as transparent proxy,
and thus I've got iptables redirecting all the stuff from the port 80 to the
port 8080. If I manually set the proxy in a browser I can surf, but if I try
to use it transparently I got a "unable to forward the request at this time"
message error. I've found that it only happens if I take this acl enabled:
acl sbloccati_ip src "/etc/squid/sbloccati_ip.acl"
http_access allow sbloccati_ip
if I comment out the http_access line I got the squid working, and the file
sbloccati_ip.acl contains a list of ip that are allowed to use the proxy. It
is working with other configurations, but I cannot find the solution. I've
got the
httpd_port 8080 transparent
setting.
I've checked that the NAT is not breaking the above acl, and I don't know
where I can see further. Any idea?
Thanks,
Luca
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: squid acl problem
@ 2007-09-25 16:31 George Iosif
0 siblings, 0 replies; 2+ messages in thread
From: George Iosif @ 2007-09-25 16:31 UTC (permalink / raw)
To: fluca1978, linux-admin
Hi Luca,
Are your internal IP addresses in the /etc/squid/sbloccati_ip.acl file ?
If my guess about your network configuration is correct (the NAT router
and the Squid server are the same machine), then the NAT doesn't take
effect when the clients connect to your Squid process.
So, you should put the clients' IP addresses in the ACL file, not the
NAT-ed IP addresses.
I hope it helps !
George Iosif
>>> Luca Ferrari <fluca1978@infinito.it> 09/24/07 7:06 PM >>>
Hi all,
I'm running squid on ubuntu server 7.04 (squid 2.6) and I'm getting a
trobule
copying the old config (worked on squid 2.4) to the new squid.
I'd like to use the squid as transparent proxy,
and thus I've got iptables redirecting all the stuff from the port 80 to
the
port 8080. If I manually set the proxy in a browser I can surf, but if I
try
to use it transparently I got a "unable to forward the request at this
time"
message error. I've found that it only happens if I take this acl
enabled:
acl sbloccati_ip src "/etc/squid/sbloccati_ip.acl"
http_access allow sbloccati_ip
if I comment out the http_access line I got the squid working, and the
file
sbloccati_ip.acl contains a list of ip that are allowed to use the
proxy. It
is working with other configurations, but I cannot find the solution.
I've
got the
httpd_port 8080 transparent
setting.
I've checked that the NAT is not breaking the above acl, and I don't
know
where I can see further. Any idea?
Thanks,
Luca
-
To unsubscribe from this list: send the line "unsubscribe linux-admin"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-09-25 16:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-24 16:06 squid acl problem Luca Ferrari
-- strict thread matches above, loose matches on Subject: below --
2007-09-25 16:31 George Iosif
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).