Re: [squid-users] whitelisted IP problem

From: Edmonds Namasenda <namasenda_at_gmail.com>
Date: Mon, 19 Mar 2012 17:58:23 +0000

You might need a firewall of sorts.
And, you need to specify your LAN's network (s) in Squid conf.

I.P.N Edmonds
Systems | Networks | ICTs
UgM: +256 71 227 3374 | TzM: +255 68 422 1561
# 22249, Kampala Uganda.

-----Original Message-----
From: Vijay S <vijay_at_reactmedia.com>
Date: Mon, 19 Mar 2012 23:22:30
To: <namasenda_at_gmail.com>; <squid-users_at_squid-cache.org>
Subject: Re: [squid-users] whitelisted IP problem

DO i have to do any IP tables configurations for this as well?

On Mon, Mar 19, 2012 at 10:57 PM, Vijay <vijay_at_reactmedia.com> wrote:
> I am still a beginner, I googled some site and found this configuration
> initially it was this
>
>
> #
> # Recommended minimum configuration:
> #
> acl manager proto cache_object
> acl server src 192.168.1.10
> acl localhost src 192.168.1.0/32 ::1
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
>
>
> # Example rule allowing access from your local networks.
> # Adapt to list your (internal) IP networks from where browsing
> # should be allowed
> acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> acl localnet src fc00::/7       # RFC 4193 local private network range
> acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
> machines
>
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
>
> #
> # Recommended minimum Access Permission configuration:
> #
> # Only allow cachemgr access from localhost
> http_access allow manager localhost server
> http_access deny manager
>
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
>
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
>
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
>
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
> http_access allow localnet
> http_access allow localhost server
>
> # And finally deny all other access to this proxy
> http_access deny all
>
> # Squid normally listens to port 3128
> http_port 3128
>
> # We recommend you to use at least the following line.
> hierarchy_stoplist cgi-bin ?
>
> # Uncomment and adjust the following to add a disk cache directory.
> #cache_dir ufs /var/spool/squid 100 16 256
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
>
> # Add any of your own refresh_pattern entries above these.
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20%     4320
>
>
> visible_hostname reactmedia.com
>
> debug_options ALL,1 33,2 28,9
>
> tcp_outgoing_address 122.166.1.184
>
>
>
> Thanks & Regards
> Vijay
>
>
> -----Original Message-----
> From: Edmonds Namasenda [mailto:namasenda_at_gmail.com]
> Sent: Monday, March 19, 2012 10:33 PM
> To: Vijay S; squid-users_at_squid-cache.org
> Subject: Re: [squid-users] whitelisted IP problem
>
> Vijay,
> Just a quick look has shown me you did not specify your network and there
> are a few typo errors.
> Re-adjust, test, and fill us in some more.
>
> I.P.N Edmonds
> Systems | Networks | ICTs
> UgM: +256 71 227 3374 | TzM: +255 68 422 1561 # 22249, Kampala Uganda.
>
> -----Original Message-----
> From: Vijay S <vijay_at_reactmedia.com>
> Date: Mon, 19 Mar 2012 22:28:03
> To: <squid-users_at_squid-cache.org>
> Subject: [squid-users] whitelisted IP problem Hi
>
> I have a my server box hosting apache and squid on centos machine.
> When I send my request for clients feeds it works as they have whitelisted
> my IP address, and when I make the call via squid its give me invalid IP. I
> checked the access log for more information and found out instead of sending
> my IP address its sending the localhost IP address (127.0.0.1).
>
> I googled a little and found that using tcp_outgoing_address directive I can
> control the outgoing IP address  and to my bad luck this didn't work
>
> My configuration file is as follows
>
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
> 127.0.0.0/32 acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> http_access allow localhost
> http_access deny all
>
> icp_access allow all
>
> http_port 3128
>
> visible_hostname loclahost
> debug_options ALL,1 33,2 28,9
> tcp_outgoing_address 122.166.1.184
>
> Can somebody help me with configuration for the my servers. It will be of
> great help.
>
> Thanks & Regards
> Vijay
>
Received on Mon Mar 19 2012 - 17:58:34 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 20 2012 - 12:00:04 MDT