[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: F7 problem with squid - please help



William W. Austin wrote:
A couple of weeks ago I had to replace an ancient firewall machine (h/w failure). That machine had been running FC3 without problems for well over a year, and it was my proxy server running squid.

I thought that I would upgrade the O/S, and I installed F7. (Mistake?)

Everything else works fine, but I now have spent several days trying to get squid working properly. My config file

<snip>

Hi William

It took me a little while to figure out Squid's permissions system when I set it up recently on an F7 server. I have Webmin installed on that machine, which gives you a nice, easy to use interface to Squid, so I was able to sort it out by looking at the existing settings.

Squid appears to use "iptables like" permissions to work out who can connect, from where, and what they can get to. It makes Squid pretty powerful in what it can do, but also more complex to configure.

I have just had a look in:

  /etc/squid/squid.conf

and see that I have added to the standard configuration under the ACL heading (very long file, this is about 61% of the way down):

  acl LAN src 192.168.8.1/255.255.255.0

This was sufficient to allow all clients on my subnet (192.168.8.*) to connect to squid. You will have to adjust the ip (and possibly the netmask) to suit your LAN.

I also had to add an "allow" statement to the "LAN" ACL node a little further down with a group of similar statements:

  http_access allow LAN

Note: this MUST come before the: "http_access deny all". This is one of the similarities with iptables ...


I believe that was all I had to do to make Squid work (apart from a restart). I believe that the machine in question has selinux running.

Hope that this is useful to you.

Regards,
Langdon


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]