Re: F7 problem with squid - please help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



William W. Austin wrote:
A couple of weeks ago I had to replace an ancient firewall machine (h/w failure). That machine had been running FC3 without problems for well over a year, and it was my proxy server running squid.

I thought that I would upgrade the O/S, and I installed F7. (Mistake?)

Everything else works fine, but I now have spent several days trying to get squid working properly. My config file

<snip>

Hi William

It took me a little while to figure out Squid's permissions system when I set it up recently on an F7 server. I have Webmin installed on that machine, which gives you a nice, easy to use interface to Squid, so I was able to sort it out by looking at the existing settings.

Squid appears to use "iptables like" permissions to work out who can connect, from where, and what they can get to. It makes Squid pretty powerful in what it can do, but also more complex to configure.

I have just had a look in:

  /etc/squid/squid.conf

and see that I have added to the standard configuration under the ACL heading (very long file, this is about 61% of the way down):

  acl LAN src 192.168.8.1/255.255.255.0

This was sufficient to allow all clients on my subnet (192.168.8.*) to connect to squid. You will have to adjust the ip (and possibly the netmask) to suit your LAN.

I also had to add an "allow" statement to the "LAN" ACL node a little further down with a group of similar statements:

  http_access allow LAN

Note: this MUST come before the: "http_access deny all". This is one of the similarities with iptables ...


I believe that was all I had to do to make Squid work (apart from a restart). I believe that the machine in question has selinux running.

Hope that this is useful to you.

Regards,
Langdon

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux