On Mon, 24 May 2004, Jose Nathaniel Nengasca wrote: > And by the way, 192.168.0.0/255.255.0.0 is correct? are you using class B on > 192.168? instead of using class C?
Network classes are meaningless in the context of Squid Access Control Lists. Either of the following forms will match any host assigned an IP address with 192.168 in the high-order octets of the source address. acl localnet src 192.168.0.0/16 acl localnet src 192.168.0.0/255.255.0.0 The following acl shouldn't match anything as the netmask requires all octets of the IP address to be 0B. acl all src 0.0.0.0/255.255.255.255 The following acl matches all IP addresses. acl all src 0.0.0.0/0.0.0.0 The following should work. http_access allow localnet http_access deny !localnet http_access allow all Merton Campbell Crockett > > ----- Original Message ----- > From: "Jose Nathaniel Nengasca" <[EMAIL PROTECTED]> > To: "Squid Mailing List" <[EMAIL PROTECTED]> > Sent: Monday, May 24, 2004 11:12 AM > Subject: Re: [squid-users] TCP_DENIED/403 1402 GET > > > > It seems that your netmask ACL on ALL is a bit messy, try not to use > > 255.255.255.255, use 0.0.0.0 instead... > > > > > > > Hello, > > > > > > I searched the archives, edited my ACLs, but I can't figure this one > > > out. A Version 2.5.STABLE5 that seemed to be working fine is now > > > rejecting users with an access denied message. My access log has > > > entries like the following: > > > > > > > > > 1085339278.198 2 192.168.253.14 TCP_DENIED/403 1352 GET > > > http://slashdot.org/ - NONE/- text/html > > > 1085340459.256 2 192.168.253.14 TCP_DENIED/403 1356 GET > > > http://macintouch.com/ - NONE/- text/html > > > > > > > > > My squid box is sitting in a DMZ behind the firewall, so I'd like to > > > just run pretty lax security on it. The conf file, which I'm trying to > > > keep simple, has the following ACLs: > > > > > > acl all src 0.0.0.0/255.255.255.255 > > > http_access allow src 192.168.0.0/255.255.0.0 > > > http_access allow all # Added out of frustration > > > http_access deny all > > > > > > Thoughts? > > > --jorn > > > > > -- BEGIN: vcard VERSION: 3.0 FN: Merton Campbell Crockett ORG: General Dynamics Advanced Information Systems; Intelligence and Exploitation Systems N: Crockett;Merton;Campbell EMAIL;TYPE=internet: [EMAIL PROTECTED] TEL;TYPE=work,voice,msg,pref: +1(805)497-5045 TEL;TYPE=work,fax: +1(805)497-5050 TEL;TYPE=cell,voice,msg: +1(805)377-6762 END: vcard