squid acl problem

squid acl problem

am 24.09.2007 18:06:16 von Luca Ferrari

Hi all,
I'm running squid on ubuntu server 7.04 (squid 2.6) and I'm getting a trobule
copying the old config (worked on squid 2.4) to the new squid.
I'd like to use the squid as transparent proxy,
and thus I've got iptables redirecting all the stuff from the port 80 to the
port 8080. If I manually set the proxy in a browser I can surf, but if I try
to use it transparently I got a "unable to forward the request at this time"
message error. I've found that it only happens if I take this acl enabled:

acl sbloccati_ip src "/etc/squid/sbloccati_ip.acl"
http_access allow sbloccati_ip

if I comment out the http_access line I got the squid working, and the file
sbloccati_ip.acl contains a list of ip that are allowed to use the proxy. It
is working with other configurations, but I cannot find the solution. I've
got the
httpd_port 8080 transparent
setting.

I've checked that the NAT is not breaking the above acl, and I don't know
where I can see further. Any idea?

Thanks,
Luca
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: squid acl problem

am 25.09.2007 18:31:35 von George Iosif

Hi Luca,

Are your internal IP addresses in the /etc/squid/sbloccati_ip.acl file ?
If my guess about your network configuration is correct (the NAT router
and the Squid server are the same machine), then the NAT doesn't take
effect when the clients connect to your Squid process.
So, you should put the clients' IP addresses in the ACL file, not the
NAT-ed IP addresses.

I hope it helps !
George Iosif

>>> Luca Ferrari 09/24/07 7:06 PM >>>
Hi all,
I'm running squid on ubuntu server 7.04 (squid 2.6) and I'm getting a
trobule
copying the old config (worked on squid 2.4) to the new squid.
I'd like to use the squid as transparent proxy,
and thus I've got iptables redirecting all the stuff from the port 80 to
the
port 8080. If I manually set the proxy in a browser I can surf, but if I
try
to use it transparently I got a "unable to forward the request at this
time"
message error. I've found that it only happens if I take this acl
enabled:

acl sbloccati_ip src "/etc/squid/sbloccati_ip.acl"
http_access allow sbloccati_ip

if I comment out the http_access line I got the squid working, and the
file
sbloccati_ip.acl contains a list of ip that are allowed to use the
proxy. It
is working with other configurations, but I cannot find the solution.
I've
got the
httpd_port 8080 transparent
setting.

I've checked that the NAT is not breaking the above acl, and I don't
know
where I can see further. Any idea?

Thanks,
Luca
-
To unsubscribe from this list: send the line "unsubscribe linux-admin"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html