subject:"\[squid\-users\] Squid box for two networks"

Re: [squid-users] Squid box for two networks

2017-07-21 Thread Pablo Ruben Maldonado

Thanks to all for your help.

Eliezer, certainly that can use my graph.

I could confirm that my problem is in rules mark connection and mark packet
that i use to stop the big downloads across the port 80. But this it is my
problem. Even I have it pending.

On Thu, Jul 20, 2017 at 5:13 PM, joseph  wrote:

> well this work almost 10 year
>
> an u can do 2 mark if you want to   make shur u use same marking
> new-routing-mark=http
> on each range
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.
> 1019090.n4.nabble.com/Squid-box-for-two-networks-tp4683119p4683197.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-20 Thread joseph

well this work almost 10 year

an u can do 2 mark if you want to   make shur u use same marking
new-routing-mark=http 
on each range 



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-box-for-two-networks-tp4683119p4683197.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-20 Thread Eliezer Croitoru

First take joseph advice.
This is the right way of doing things.
And since I have here couple MikroTik devices sitting I took one to create the 
same scenario that you have and the full configuration can be seen at:
http://wiki.squid-cache.org/EliezerCroitoru/Drafts/MikroTik-Route-To-Intercept-Squid

And on my site at:
http://ngtech.co.il/paste/1786/raw/

Technically since the px is on the same segment as the MikroTik it's better to 
accept traffic(in both the mangle and the filter tables) by the mac address of 
the px rather then the ip but for your case the ip should play fine with the 
combination of the interface which the traffic from the px flows in\at.
When it will all work for you as expected I will add this scenario with your 
network diagram as an example to the wiki(if it's fine with you that the 
project will use the diagram..).

Thanks,
Eliezer


http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Pablo Ruben Maldonado
Sent: Thursday, July 20, 2017 21:51
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid box for two networks

Hi Eliezer, thanks for you reply.

I'm marking and routing traffic to port 80 from my lan's 
http://192.168.110.0/24 (Work!) and http://192.168.115.0/24 (Fail!). The mark 
line in Mangle is:

add action=mark-connection chain=prerouting comment="TCP 80: Tr\E1fico HTTP de\
sde la red WIFI. Se marca la conexi\F3n para QoS y Policy Routing. Ser\E1 \
routeado hacia Proxy03" !connection-bytes !connection-limit \
connection-mark=no-mark !connection-nat-state !connection-rate \
!connection-state !connection-type !content disabled=no !dscp \
!dst-address !dst-address-list !dst-address-type !dst-limit dst-port=80 \
!fragment !hotspot !icmp-options !in-bridge-port in-interface=eth4-wifi \
!ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
log=no log-prefix="" new-connection-mark=conn_proxy !nth !out-bridge-port \
!out-interface !p2p !packet-mark !packet-size passthrough=yes \
!per-connection-classifier !port !priority protocol=tcp !psd !random \
!routing-mark !routing-table src-address=http://192.168.115.0/24 
!src-address-list \
!src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
!ttl

The packet mark and route lines:

add action=mark-packet chain=prerouting comment=\
"TCP 80: Se marca el paquete para Queue Tree (Up)" !connection-bytes \
!connection-limit connection-mark=conn_proxy !connection-nat-state \
!connection-rate !connection-state !connection-type !content disabled=no \
!dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
!dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
!ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
log=no log-prefix="" new-packet-mark=up_tcp_80_pkt !nth !out-bridge-port \
!out-interface !p2p !packet-mark !packet-size passthrough=yes \
!per-connection-classifier !port !priority !protocol !psd !random \
!routing-mark !routing-table !src-address !src-address-list \
!src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat !ttl
add action=mark-routing chain=prerouting comment=\
"TCP 80: Se ejecuta el Policy Routing hacia Proxy03" !connection-bytes \
!connection-limit !connection-mark !connection-nat-state !connection-rate \
!connection-state !connection-type !content disabled=no !dscp \
!dst-address dst-address-list=!clientslist !dst-address-type !dst-limit \
!dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface \
!ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
log=no log-prefix="" new-routing-mark=route_toproxy03 !nth \
!out-bridge-port !out-interface !p2p packet-mark=up_tcp_80_pkt \
!packet-size passthrough=no !per-connection-classifier !port !priority \
!protocol !psd !random !routing-mark !routing-table !src-address \
!src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
!tcp-mss !time !ttl

Thanks

On Thu, Jul 20, 2017 at 2:11 PM, Eliezer Croitoru <mailto:elie...@ngtech.co.il> 
wrote:
Hey Pablo,

I am working as a tech support for MikroTik devices and the tcpdump dumps are 
leaving couple things unknown.
Can you share the MikroTik rules PBR rules you are using?
Are you using any kind of connection marking and tracking in the mix or just 
plain source based routing?
I am pretty sure that the issue is in the reverse path and not backwards.
If you can export your MikroTik configuration I might be able to try and help 
you find the right rules if these are wrong.
Also make sure that the squid box has reverse pa

Re: [squid-users] Squid box for two networks

2017-07-20 Thread Pablo Ruben Maldonado

Joseph, these lines already exists in my setup. Thanks.

Remember you what my Squid box work for my primary lan (192.168.110.0/24)
but don't work to the second lan (192.168.115.0/24)

On Thu, Jul 20, 2017 at 4:49 PM, joseph  wrote:

>  you might need his configuration
>
> /ip firewall address-list
> add address=192.168.110.0/24 comment="one route port 80" list=http-route
> add address=192.168.115.0/24 comment="two route port 80" list=http-route
>
> /ip firewall mangle
> add action=mark-routing chain=prerouting comment=\
> "Clients HTTP route to cache" dst-port=80 \
> new-routing-mark=http passthrough=yes protocol=tcp
> src-address-list=http-route
>
> /ip route
> add comment="Cache route" distance=1 gateway=192.168.1.1 routing-mark=http
>
> using squid as gateway
> ps 192.168.10.1  is squid box so put yours
>
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.
> 1019090.n4.nabble.com/Squid-box-for-two-networks-tp4683119p4683193.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-20 Thread joseph

 you might need his configuration

/ip firewall address-list
add address=192.168.110.0/24 comment="one route port 80" list=http-route
add address=192.168.115.0/24 comment="two route port 80" list=http-route

/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"Clients HTTP route to cache" dst-port=80 \
new-routing-mark=http passthrough=yes protocol=tcp
src-address-list=http-route

/ip route
add comment="Cache route" distance=1 gateway=192.168.1.1 routing-mark=http  

using squid as gateway 
ps 192.168.10.1  is squid box so put yours




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-box-for-two-networks-tp4683119p4683193.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-20 Thread Pablo Ruben Maldonado

Hi Eliezer, thanks for you reply.

I'm marking and routing traffic to port 80 from my lan's 192.168.110.0/24
(Work!) and 192.168.115.0/24 (Fail!). The mark line in Mangle is:

add action=mark-connection chain=prerouting comment="TCP 80: Tr\E1fico HTTP
de\
sde la red WIFI. Se marca la conexi\F3n para QoS y Policy Routing.
Ser\E1 \
routeado hacia Proxy03" !connection-bytes !connection-limit \
connection-mark=no-mark !connection-nat-state !connection-rate \
!connection-state !connection-type !content disabled=no !dscp \
!dst-address !dst-address-list !dst-address-type !dst-limit dst-port=80
\
!fragment !hotspot !icmp-options !in-bridge-port in-interface=eth4-wifi
\
!ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
log=no log-prefix="" new-connection-mark=conn_proxy !nth
!out-bridge-port \
!out-interface !p2p !packet-mark !packet-size passthrough=yes \
!per-connection-classifier !port !priority protocol=tcp !psd !random \
!routing-mark !routing-table src-address=192.168.115.0/24
!src-address-list \
!src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time \
!ttl

The packet mark and route lines:

add action=mark-packet chain=prerouting comment=\
"TCP 80: Se marca el paquete para Queue Tree (Up)" !connection-bytes \
!connection-limit connection-mark=conn_proxy !connection-nat-state \
!connection-rate !connection-state !connection-type !content
disabled=no \
!dscp !dst-address !dst-address-list !dst-address-type !dst-limit \
!dst-port !fragment !hotspot !icmp-options !in-bridge-port
!in-interface \
!ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
log=no log-prefix="" new-packet-mark=up_tcp_80_pkt !nth
!out-bridge-port \
!out-interface !p2p !packet-mark !packet-size passthrough=yes \
!per-connection-classifier !port !priority !protocol !psd !random \
!routing-mark !routing-table !src-address !src-address-list \
!src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat !ttl
add action=mark-routing chain=prerouting comment=\
"TCP 80: Se ejecuta el Policy Routing hacia Proxy03" !connection-bytes \
!connection-limit !connection-mark !connection-nat-state
!connection-rate \
!connection-state !connection-type !content disabled=no !dscp \
!dst-address dst-address-list=!clientslist !dst-address-type !dst-limit
\
!dst-port !fragment !hotspot !icmp-options !in-bridge-port
!in-interface \
!ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
log=no log-prefix="" new-routing-mark=route_toproxy03 !nth \
!out-bridge-port !out-interface !p2p packet-mark=up_tcp_80_pkt \
!packet-size passthrough=no !per-connection-classifier !port !priority \
!protocol !psd !random !routing-mark !routing-table !src-address \
!src-address-list !src-address-type !src-mac-address !src-port
!tcp-flags \
!tcp-mss !time !ttl

Thanks

On Thu, Jul 20, 2017 at 2:11 PM, Eliezer Croitoru 
wrote:

> Hey Pablo,
>
> I am working as a tech support for MikroTik devices and the tcpdump dumps
> are leaving couple things unknown.
> Can you share the MikroTik rules PBR rules you are using?
> Are you using any kind of connection marking and tracking in the mix or
> just plain source based routing?
> I am pretty sure that the issue is in the reverse path and not backwards.
> If you can export your MikroTik configuration I might be able to try and
> help you find the right rules if these are wrong.
> Also make sure that the squid box has reverse path filtering disabled
> using:
> http://wiki.squid-cache.org/EliezerCroitoru/Drafts/MwanLB#
> Set_Reverse_Path_Filter_machine_globally_script
>
> And also take a peek at:
> http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2#Linux_and_
> Squid_Configuration
>
> I planned to add into the wiki an article\tutorial how to setup squid with
> MikroTik since there are more than a dozen of articles\tutorials that just
> do not do it the right way.
>
> Eliezer
>
> * you can send me the configuration privately if these are sensitive
>
> 
> http://ngtech.co.il/lmgtfy/
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: elie...@ngtech.co.il
>
>
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Pablo Ruben Maldonado
> Sent: Thursday, July 20, 2017 16:41
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Squid box for two networks
>
> The packets are routing using a mark and later routing rules inside my
> principal router (Mikrotik). Attach images with examples of packets
> arriving to Squid box.
>
> On Thu, Jul 20, 2017 at 10:27 AM, Antony Stone <mailto:Antony.Stone@squid.
> open.sou

Re: [squid-users] Squid box for two networks

2017-07-20 Thread Eliezer Croitoru

Hey Pablo,

I am working as a tech support for MikroTik devices and the tcpdump dumps are 
leaving couple things unknown.
Can you share the MikroTik rules PBR rules you are using?
Are you using any kind of connection marking and tracking in the mix or just 
plain source based routing?
I am pretty sure that the issue is in the reverse path and not backwards.
If you can export your MikroTik configuration I might be able to try and help 
you find the right rules if these are wrong.
Also make sure that the squid box has reverse path filtering disabled using:
http://wiki.squid-cache.org/EliezerCroitoru/Drafts/MwanLB#Set_Reverse_Path_Filter_machine_globally_script

And also take a peek at:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2#Linux_and_Squid_Configuration

I planned to add into the wiki an article\tutorial how to setup squid with 
MikroTik since there are more than a dozen of articles\tutorials that just do 
not do it the right way.

Eliezer

* you can send me the configuration privately if these are sensitive 

http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il

From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Pablo Ruben Maldonado
Sent: Thursday, July 20, 2017 16:41
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid box for two networks

The packets are routing using a mark and later routing rules inside my 
principal router (Mikrotik). Attach images with examples of packets arriving to 
Squid box.

On Thu, Jul 20, 2017 at 10:27 AM, Antony Stone 
<mailto:antony.st...@squid.open.source.it> wrote:
On Thursday 20 July 2017 at 14:08:27, Pablo Ruben Maldonado wrote:

> Hi, i add information missing in original post. Thanks for assistance:
>
> The Squid Box has setup for Intercept Mode. Iptables rules here:
>
> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129

How are you routing the packets from the firewall to Squid?

> The config paste in https://pastebin.com/Witg3cG1
>
> Thanks
>
> On Mon, Jul 17, 2017 at 5:31 PM, Pablo Ruben Maldonado <
>
> mailto:pablo.ruben.maldon...@gmail.com> wrote:
> > Hello, I have a squid box 3.5 working without problems for the lan
> > http://192.168.110.0/24 for several months. Now I want setup to another lan
> > http://192.168.115.0/24 but I cannot. Tcpdump inform me that the packages 
> > come
> > to squid box. But in Squid's log I do not see anything. Can they give me
> > some tip?

Can you give us any examples of packets as seen by tcpdump on the Squid box:

a) from http://192.168.110.0/24

b) from http://192.168.115.0/24

Antony.

--
BASIC is to computer languages what Roman numerals are to arithmetic.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
mailto:squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-20 Thread Pablo Ruben Maldonado

The packets are routing using a mark and later routing rules inside my
principal router (Mikrotik). Attach images with examples of packets
arriving to Squid box.

On Thu, Jul 20, 2017 at 10:27 AM, Antony Stone <
antony.st...@squid.open.source.it> wrote:

> On Thursday 20 July 2017 at 14:08:27, Pablo Ruben Maldonado wrote:
>
> > Hi, i add information missing in original post. Thanks for assistance:
> >
> > The Squid Box has setup for Intercept Mode. Iptables rules here:
> >
> > -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
> > -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129
>
> How are you routing the packets from the firewall to Squid?
>
> > The config paste in https://pastebin.com/Witg3cG1
> >
> > Thanks
> >
> > On Mon, Jul 17, 2017 at 5:31 PM, Pablo Ruben Maldonado <
> >
> > pablo.ruben.maldon...@gmail.com> wrote:
> > > Hello, I have a squid box 3.5 working without problems for the lan
> > > 192.168.110.0/24 for several months. Now I want setup to another lan
> > > 192.168.115.0/24 but I cannot. Tcpdump inform me that the packages
> come
> > > to squid box. But in Squid's log I do not see anything. Can they give
> me
> > > some tip?
>
> Can you give us any examples of packets as seen by tcpdump on the Squid
> box:
>
> a) from 192.168.110.0/24
>
> b) from 192.168.115.0/24
>
>
> Antony.
>
> --
> BASIC is to computer languages what Roman numerals are to arithmetic.
>
>Please reply to the
> list;
>  please *don't* CC
> me.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-20 Thread Antony Stone

On Thursday 20 July 2017 at 14:08:27, Pablo Ruben Maldonado wrote:

> Hi, i add information missing in original post. Thanks for assistance:
> 
> The Squid Box has setup for Intercept Mode. Iptables rules here:
> 
> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129

How are you routing the packets from the firewall to Squid?

> The config paste in https://pastebin.com/Witg3cG1
> 
> Thanks
> 
> On Mon, Jul 17, 2017 at 5:31 PM, Pablo Ruben Maldonado <
> 
> pablo.ruben.maldon...@gmail.com> wrote:
> > Hello, I have a squid box 3.5 working without problems for the lan
> > 192.168.110.0/24 for several months. Now I want setup to another lan
> > 192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come
> > to squid box. But in Squid's log I do not see anything. Can they give me
> > some tip?

Can you give us any examples of packets as seen by tcpdump on the Squid box:

a) from 192.168.110.0/24

b) from 192.168.115.0/24


Antony.

-- 
BASIC is to computer languages what Roman numerals are to arithmetic.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-20 Thread Pablo Ruben Maldonado

Hi, i add information missing in original post. Thanks for assistance:

The Squid Box has setup for Intercept Mode. Iptables rules here:

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129

The config paste in https://pastebin.com/Witg3cG1

Thanks

On Mon, Jul 17, 2017 at 5:31 PM, Pablo Ruben Maldonado <
pablo.ruben.maldon...@gmail.com> wrote:

> Hello, I have a squid box 3.5 working without problems for the lan
> 192.168.110.0/24 for several months. Now I want setup to another lan
> 192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come
> to squid box. But in Squid's log I do not see anything. Can they give me
> some tip?
>


Network map.pdf
Description: Adobe PDF document
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-18 Thread Amos Jeffries


On 19/07/17 00:28, Antony Stone wrote:


Maybe you could also answer my questions:



In addition to those answers, please also post at least the http_port 
and https_port lines from your squid.conf.


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-18 Thread Antony Stone

On Tuesday 18 July 2017 at 13:09:31, Pablo Ruben Maldonado wrote:

> The iptables only follow configuration:
> 
> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129

Oh, you didn't say this was an intercepting proxy - that sort of thing does 
make a difference...

Maybe you could also answer my questions:

On Monday 17 July 2017 at 22:57:13, Antony Stone wrote:

> How is that new subnet connected to the Squid box?
> 
> Is it connected on a second network card in the Squid machine, or is it
> routed via a separate gateway connecting the two networks?

Given what you've now told us, that this machine is an intercepting proxy, 
please give us a network map - how are the following interconnected with each 
other:

 - the subnet 192.168.110.0/24
 - the subnet 192.168.115.0/24
 - the Squid server
 - the Internet-facing router

On Tuesday 18 July 2017 at 12:15:32, Antony Stone wrote:

> Can you SSH from a machine on 192.168.115.0/24 to the Squid server?
> 
> For that matter, can you ping it?
> 
> Does the Squid server have an appropriate route to get back to machines on
> 192.168.115.0/24?

If you can give us more information about your network and your Squid 
configuration, this may well make it easier for us to guess what is going on.

Antony.

-- 
Numerous psychological studies over the years have demonstrated that the 
majority of people genuinely believe they are not like the majority of people.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-18 Thread Pablo Ruben Maldonado

The iptables only follow configuration:

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129

On Tue, Jul 18, 2017 at 8:11 AM, Matus UHLAR - fantomas 
wrote:

> On 17.07.17 17:31, Pablo Ruben Maldonado wrote:
>
>> Hello, I have a squid box 3.5 working without problems for the lan
>> 192.168.110.0/24 for several months. Now I want setup to another lan
>> 192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come
>> to
>> squid box. But in Squid's log I do not see anything. Can they give me some
>> tip?
>>
>
> local firewall on the squid box probably?
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Linux is like a teepee: no Windows, no Gates and an apache inside...
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-18 Thread Antony Stone

On Tuesday 18 July 2017 at 12:11:58, Matus UHLAR - fantomas wrote:

> On 17.07.17 17:31, Pablo Ruben Maldonado wrote:
> >Hello, I have a squid box 3.5 working without problems for the lan
> >192.168.110.0/24 for several months. Now I want setup to another lan
> >192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come to
> >squid box. But in Squid's log I do not see anything. Can they give me some
> >tip?
> 
> local firewall on the squid box probably?

Can you SSH from a machine on 192.168.115.0/24 to the Squid server?

For that matter, can you ping it?

Does the Squid server have an appropriate route to get back to machines on 
192.168.115.0/24?

Antony.

-- 
This is not a rehearsal.
This is Real Life.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-18 Thread Matus UHLAR - fantomas


On 17.07.17 17:31, Pablo Ruben Maldonado wrote:

Hello, I have a squid box 3.5 working without problems for the lan
192.168.110.0/24 for several months. Now I want setup to another lan
192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come to
squid box. But in Squid's log I do not see anything. Can they give me some
tip?


local firewall on the squid box probably?


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-17 Thread Antony Stone

On Monday 17 July 2017 at 21:31:50, Pablo Ruben Maldonado wrote:

> Hello, I have a squid box 3.5 working without problems for the lan
> 192.168.110.0/24 for several months. Now I want setup to another lan
> 192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come to
> squid box. But in Squid's log I do not see anything. Can they give me some
> tip?

How is that new subnet connected to the Squid box?

Is it connected on a second network card in the Squid machine, or is it routed 
via a separate gateway connecting the two networks?

Antony.

-- 
All generalisations are inaccurate.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

2017-07-17 Thread Craddock, Tommy

Hello,




Hello, I have a squid box 3.5 working without problems for the lan 
192.168.110.0/24 for several months. Now I want setup 
to another lan 192.168.115.0/24 but I cannot. Tcpdump 
inform me that the packages come to squid box. But in Squid's log I do not see 
anything. Can they give me some tip?

We need more info on your config.  Either post your squid.conf, or link to it 
from a site like pastebin.

Off the top of my head, did you create an ACL allowing this new subnet to use 
the proxy?



__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid box for two networks

2017-07-17 Thread Pablo Ruben Maldonado

Hello, I have a squid box 3.5 working without problems for the lan
192.168.110.0/24 for several months. Now I want setup to another lan
192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come to
squid box. But in Squid's log I do not see anything. Can they give me some
tip?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

Re: [squid-users] Squid box for two networks

[squid-users] Squid box for two networks

18 matches

Site Navigation

Mail list logo

Footer information