stupid newbie question all over again... from Matthew Petach on 1997-07-10 (squid-users)

From: Matthew Petach <mattp@dont-contact.us>
Date: Thu, 10 Jul 1997 15:56:58 -0700 (PDT)

Hi folks...

I've browsed through the list archives, and while many
questions came close to this, none quite matched, so
I'll prevail upon you to hopefully be merciful and
help me out.

Here's our setup:

                  -----------------
                  | Squid Proxy/ |
                  | Accel server |
                  -----------------
____________ | -------------
| | | | corp. |
| Internet |------------------------| firewall |
| at | | router |
| Large | -------------
------------ |
                                          |
                                 ---------------------
                                 | corporate |
                                 | internal |
                                 | webserver |
                                 ---------------------

What I've done on the firewall router is ONLY allow port
80 through from the Squid server outside. I'd like to
allow employees who are outside the firewall to connect
from specific IP addresses to the Squid server on port 80,
and have it proxy the requests through the firewall to
the actual webserver inside. This way, I can use an
acl in the squid.conf file to list those IP's that
should be allowed to connect.

I _also_ want to be able to run a general purpose cache
on port 3128. Is it possible to:

a). Run both a caching server on port 3128, and an
accelerator on port 80 for an internal machine?

b). Have different acl's for the port 80 and port 3128
access?

c). Ensure that objects in the cache from the port 80
     acceleration cannot be fetched via queries to port 3128
     unless the client host meets the acl requirements for
     the port 80 connection.

Right now, I've managed to get the box running as a cache on
port 3128, with the acl for it being read in from a separate
file with a list of src addresses that are to be allowed;
however, I can't get port 80 to respond, even though I have
the following lines in my squid.conf file:

httpd_accel virtual 80
httpd_accel_with_proxy on

Should I change the httpd_accel to be:
httpd_accel IP_of_private_server 80

Shouldn't port 80 respond even if I just have the "virtual" keyword
in it? the documentation seems to indicate it should...

Enough questions for my first message. I know it's a boring,
simplistic request, so let's get it out of the way so we can
move on to the more interesting stuff... :-)

Thanks!

Matt

-- 
InterNex Information Services   |           Matthew Petach
Network Engineering             |           mpetach@internex.net
2306 Walsh Avenue               |           Tel: (408) 327-2211
Santa Clara, CA  95051          |           Fax: (408) 496-5484

Received on Thu Jul 10 1997 - 16:01:17 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:43 MST