Loading ...
Sorry, an error occurred while loading the content.

Need help to setup squid

Expand Messages
  • bubengsiauwjin
    Hello, I m testing squid in Fedora 13 and need your help. Here were what I did: 1. In firewall (let say the firewall IP is 192.168.1.1): - Allow port 80 access
    Message 1 of 2 , Jul 5, 2010
    View Source
    • 0 Attachment
      Hello,

      I'm testing squid in Fedora 13 and need your help. Here were what I did:

      1. In firewall (let say the firewall IP is 192.168.1.1):
      - Allow port 80 access to gateway from squid
      - Deny all access to port 80 except through squid

      2. In squid (let say the squid IP is 192.168.1.2):
      - create acl list for a computer (192.168.1.3) : acl test 192.168.1.3/24
      - deny http access for 192.168.1.3 : http_access deny test

      3. In client browser (e.g. using Internet Explorer)
      - put the squid IP and port 3128 as proxy in Tools > Internet Options > Connections > LAN Settings > Use a proxy server for your LAN

      My problem is the deny access was not working. I'm not really sure whether to create acl list and explicitly deny http access as I think in the last row there's already a rule to deny everything (http_access deny all) but even I didn't create the acl list, can still go to internet from 192.168.1.3. Anyone can help? Thanks.

      Regards,
      Tom
    • david.mouchoir
      hello the best would be to create an acls for each computer/network that is allowed allow http_acces for all those acls and deny all because in this way of
      Message 2 of 2 , Jul 18, 2010
      View Source
      • 0 Attachment
        hello
        the best would be to create an acls for each computer/network that is allowed
        allow http_acces for all those acls
        and deny all
        because in this way of doing, all you forget is forbidden which is better for security



        --- In redhat@yahoogroups.com, "bubengsiauwjin" <bubengsiauwjin@...> wrote:
        >
        > Hello,
        >
        > I'm testing squid in Fedora 13 and need your help. Here were what I did:
        >
        > 1. In firewall (let say the firewall IP is 192.168.1.1):
        > - Allow port 80 access to gateway from squid
        > - Deny all access to port 80 except through squid
        >
        > 2. In squid (let say the squid IP is 192.168.1.2):
        > - create acl list for a computer (192.168.1.3) : acl test 192.168.1.3/24
        > - deny http access for 192.168.1.3 : http_access deny test
        >
        > 3. In client browser (e.g. using Internet Explorer)
        > - put the squid IP and port 3128 as proxy in Tools > Internet Options > Connections > LAN Settings > Use a proxy server for your LAN
        >
        > My problem is the deny access was not working. I'm not really sure whether to create acl list and explicitly deny http access as I think in the last row there's already a rule to deny everything (http_access deny all) but even I didn't create the acl list, can still go to internet from 192.168.1.3. Anyone can help? Thanks.
        >
        > Regards,
        > Tom
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.