Elvar wrote:
Hello,
I've followed the following
http://wiki.squid-cache.org/SquidFaq/WindowsUpdate and it does work...
with a catch. In my scenario Dansguardian is running in front of Squid
on the LAN IP of the firewall which is 172.30.1.2:8888. Squid is
running on 127.0.0.1:3128. Dansguardian forwards incoming traffic to
Squid which then goes out to the net. Even following the directions in
that URL with the port / ip setup above, windows updates do not work.
In order for me to get them to work, I have to move squid to
172.30.1.2 to share the same listen IP as Dansguardian. I do not
understand why this matters, but it's the only way it ever works. This
is the case for me on multiple firewalls deployed at difference places.
Can anyone tell me why it will not work with squid listening on
127.0.0.1?
Thanks,
Elvar
Please disregard, I figured it out. I forgot to add 'localhost' to the
http_access lines for windows update. Once I did it started working
perfectly.
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl wuCONNECT dstdomain www.update.microsoft.com
http_access allow CONNECT wuCONNECT localnet
http_access allow CONNECT wuCONNECT localnet2
http_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localnet
http_access allow windowsupdate localnet2
http_access allow windowsupdate localhost
