Re: [squid-users] Making ACL for an IP range
Dear Ivan For and IP to IP you can define as follow acl pc1 src 192.168.1.30/255.255.255.255 http_access allow pc1 acl pc2 src 192.168.1.31/255.255.255.255 http_access allow pc2 regrds Maham Pakistan On 5/10/05, Ivan Petrushev [EMAIL PROTECTED] wrote: Hello :-) That's my first mailist posting but I hope I'll get the basics soon. Please excuse my poor english. The problem I'm trying to solve is how to make ACL responding for a range of IPs (not the whole subnet). If I wanted to make the ACL responding for the whole subnet I would use CIDR or dotted notation like: acl mynetwork src 192.168.1.1/255.255.255.0 or acl mynetwork src 192.168.1.1/24 I want that acl 'mynetwork' to respond only for IPs 192.168.1.30 - 192.168.1.47 (for example). That is neither a subnetwork and can't be done via the upper examples. So can I use (from IP) (to IP) range in squid.conf and what is the exact syntaxis? I haven't seen anything like that in the online documentation, but that doesn't mean it doesn't exist :-) Greetings, Ivan Petrushev. - http://host.GBG.bg -
Re: [squid-users] Making ACL for an IP range
acl vip src 192.168.1.1-192.168.1.10/255.255.255.255 http_access allow vip http_access deny all Dear Ivan For and IP to IP you can define as follow acl pc1 src 192.168.1.30/255.255.255.255 http_access allow pc1 acl pc2 src 192.168.1.31/255.255.255.255 http_access allow pc2 regrds Maham Pakistan On 5/10/05, Ivan Petrushev [EMAIL PROTECTED] wrote: Hello :-) That's my first mailist posting but I hope I'll get the basics soon. Please excuse my poor english. The problem I'm trying to solve is how to make ACL responding for a range of IPs (not the whole subnet). If I wanted to make the ACL responding for the whole subnet I would use CIDR or dotted notation like: acl mynetwork src 192.168.1.1/255.255.255.0 or acl mynetwork src 192.168.1.1/24 I want that acl 'mynetwork' to respond only for IPs 192.168.1.30 - 192.168.1.47 (for example). That is neither a subnetwork and can't be done via the upper examples. So can I use (from IP) (to IP) range in squid.conf and what is the exact syntaxis? I haven't seen anything like that in the online documentation, but that doesn't mean it doesn't exist :-)
Re: Re: [squid-users] Making ACL for an IP range
Thanks fot the comment :) Dear Ivan For and IP to IP you can define as follow acl pc1 src 192.168.1.30/255.255.255.255 http_access allow pc1 acl pc2 src 192.168.1.31/255.255.255.255 http_access allow pc2 But that would allow access only for two IPs. If I have to describe every IP in that way, imagine what would my squid.conf would be looking like for about 40 IPs :) There have to be shorter way. Thanks again :) - http://host.GBG.bg -
Re: Re: [squid-users] Making ACL for an IP range
Thanks for the comment :) http://squid.visolve.com/squid/squid24s1/access_controls.htm acl aclname src 172.16.1.25-172.16.1.35/32 Ryan Lamberton FamiLink Company Family Safe Internet Access That's exactly what I need :) In that example what is the purpose of the subnet mask? Does it have to match the subnet mask configured on the PCs over the network? Or it is only for determing the IP range parameters? - http://host.GBG.bg -
Re: [squid-users] Making ACL for an IP range
Ivan Petrushev wrote: Thanks for the comment :) http://squid.visolve.com/squid/squid24s1/access_controls.htm acl aclname src 172.16.1.25-172.16.1.35/32 Ryan Lamberton FamiLink Company Family Safe Internet Access That's exactly what I need :) In that example what is the purpose of the subnet mask? Does it have to match the subnet mask configured on the PCs over the network? Or it is only for determing the IP range parameters? For determining the IP range squid lets through. It doesn't have to match the clients subnet. Eg, I have a network of 10.0.0.0/16 Within that, there are VLAN's of 10.0.0.0/24, 10.0.1.0/24, etc In squid, I just do acl office_all 10.0.0.0/255.255.0.0 and then acl office0 10.0.0.0/255.255.255.0 acl office1 10.0.1.0/255.255.255.0 etc
Re: Re: [squid-users] Making ACL for an IP range
On Tue, 10 May 2005, Ivan Petrushev wrote: That's exactly what I need :) In that example what is the purpose of the subnet mask? Does it have to match the subnet mask configured on the PCs over the network? Or it is only for determing the IP range parameters? It specifies the size of the addresses specified. The same syntax is used for specifying ranges of networks. I.e you can use acl my_networks src 172.16.1.0-172.16.3.0/24 for matching the three 172.16.1-3.* networks. Due to some odd logics in Squid wrt netmaks size detection it is best to always specify the mask size (or netmask if you prefer). If you do not specify the maks size then Squid tries to guess, but it is not always right, especially so on ranges. Regards Henrik
Re: Re: [squid-users] Making ACL for an IP range
It looks like is what is needed to determine the IP range for the acl. Ryan Lamberton - Original Message - From: Ivan Petrushev [EMAIL PROTECTED] To: Ryan Lamberton [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Sent: Tuesday, May 10, 2005 12:48 AM Subject: Re: Re: [squid-users] Making ACL for an IP range Thanks for the comment :) http://squid.visolve.com/squid/squid24s1/access_controls.htm acl aclname src 172.16.1.25-172.16.1.35/32 Ryan Lamberton FamiLink Company Family Safe Internet Access That's exactly what I need :) In that example what is the purpose of the subnet mask? Does it have to match the subnet mask configured on the PCs over the network? Or it is only for determing the IP range parameters? - http://host.GBG.bg -
