Hi Hassan,
Thanks for your suggestion, I just did that about 10 times already lol
I started from scratch, the one I have right now is basically a default
config with few changes
I can easily remove them, but with the default config there was no way I
could access my sites
the only thing it did allow was the access to the internet for network
clients
I will double check what Amos has suggested once again and see if I hadn't
missed anything
Regards
Adam
----- Original Message -----
From: "Nyamul Hassan" <mnhas...@usa.net>
To: "Squid Users" <squid-users@squid-cache.org>
Sent: Monday, March 29, 2010 1:32 AM
Subject: Re: [squid-users] Help with accelerated site
At this point, the best suggestion that I can provide to Adam is to
remove the existing config, and re-instate the default config that
came with Squid. Then, start from there. No need to define make
custom ACLs, make everything accessible at first. Just concentrate on
making the FWD + REV configs working, then moving to ACLs.
Regards
HASSAN
On Mon, Mar 29, 2010 at 6:22 AM, Amos Jeffries <squ...@treenet.co.nz> wrote:
On Mon, 29 Mar 2010 00:39:40 +0100, "a...@gmail" <adbas...@googlemail.com>
wrote:
Hello Amos,
Thanks for your reply and suggestion
I have just done what you suggested and I still couldn't access the
internet
from my local network
I completely removed "our_network" and the relevant http_access etc..
But couldn't access the internet
Part #1 of my sentence (cleaning out config garbage) completed.
"You need to remove the "our_network" ACL completely"
Part #2 of my sentence (how to enable access) apparently ignored.
... " and adjust the "localnet" ACL as per the default config
instructions so that it only specifies your internal LAN IP address
range(s)."
Instead you went on and made up your own approach which complicates your
setup A LOT and now requires you to juggle many other software
configurations as well to make them all match the fancy squid.conf ...
After that I did the following
added and http_port 8080
to the config and up my clients could access the internet and I can
still
access my backend server from the internet
So normally everything is working fine
100% sure about that?
What is your public website name?
I am not sure it's being wise to make squid listen on more than one
port,
... not sure it's _wise_ ?!
It's REQUIRED for safe security to run a different port for each type of
input the proxy receives. When doing so firewall and squid.conf rules
become very easy to understand and get correct without causing security
breaches by accidental misconfiguration.
What we have been trying to get you to do is properly setup "http_port 80
accel vhost" to receive reverse-proxy mode traffic (public website) and
"http_port 3128" to receive forward-proxy mode traffic (your LAN).
I'll keep a closer eye on it and see what will happen in the next day or
two.
Anyway this for the benefit of anybody who find themselves in the same
or
similar situation
if you're forced to use http_port 3128 vhost (in order to access your
sites
from outside i.e Internet)
This is if your sites are on the same webserver on a virtual host
Nobody is ever forced to do this by Squid. You are no exception.
Amos
