> -----Original Message----- > From: Louis [mailto:lkutter@xxxxxxxxxx] > Sent: Friday, April 29, 2005 5:18 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: [squid-users] Problems with Squid and ebtables > > > > I have server running fedora and squid. It is running in a bridge mode. > It has two nics and ebtables running, ebtables redirects to squid > process. All seems to work fine except the server appears to be > sending spam, when I do a netstat -p | grep smtp it shows the squid > process trying to send out to many different servers. Here is the main > part of the config that I am having problems with > > visible_hostname cache.mydomain.com` > > acl net1 src 10.0.0.0/255.0.0.0 > acl net2 src 0.0.0.0/0.0.0.0 > > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > http_access allow net1 > http_access allow net2 > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > > I know take out the 0.0.0.0 subnet but when I do that people on the > outside world cannot access the internal web servers. But the smtp > traffic Stops. I have tried varies access rules but haven't hit the > right combination yet. > Thanks in advance. > Louis I don't run a Web-Accelerator Proxy, so my advice might not be accurate, but I would think that you would need to restrict where net2 is allowed to go. Something like: acl net1 src 10.0.0.0/8 acl net2 src 0.0.0.0/0 acl webserver 10.10.10.10/32 # This IP should be your webserver http_access allow net1 http_access allow net2 webserver http_access deny net2 # for clarity etc... Chris
