Thank you
I have no problem with clients. The prob is with parent proxy - where can I
find description of cache-to-cache communication? I thought I only need
allow incoming connections on 3130 with -y flag from it. Am I wrong?
Miroslav
> -----Original Message-----
> From: Jim Selph [mailto:jselph@icanon.com]
> Sent: Wednesday, September 13, 2000 5:58 PM
> To: squid-users@ircache.net
> Subject: [SQU] fighting with parent cache and firewall
>
>
> Miroslav,
> Try this
> #check ack bit on input if not set then dropped by default rule
> /sbin/ipchains -A input -i eth0 -p tcp ! -y -s $ANY 3128 -d $YOU
> $UNPRIVPORT -j ACCEPT
> /sbin/ipchains -A output -i eth0 -p tcp -s $YOU $UNPRIVPORT
> -d $ANY 3128 -j
> ACCEPT
>
> YOU = your IP
> UNPRIVPORT = a range of ports you find acceptable ie 1024:30000
> ANY = an IP address of you choice could be 0.0.0.0/0
> eth0 or eth1 use your interface to the outside here
>
> hope this helps
>
> James
>
>
> >Hi!
> >Added
>
> >/sbin/ipchains -A input -p UDP --dport 3130 -s <parent ip>
> -j ACCEPT #let
> >parent connect using ICP
> >/sbin/ipchains -A input -p TCP --dport 3128 -s <parent ip>
> -j ACCEPT #let
> >parent connect using http
>
> >but still have probs communicating with parent
>
> >Any ideas please?
>
> >Thx
>
> >Miroslav
>
>
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Thu Sep 14 2000 - 01:15:23 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:18 MST