tor 2009-09-03 klockan 19:03 +0000 skrev Ricardo A: > Dear Chris and Henrik, > I'm sorry, but now cannot access webpages from outside... > Yes I can from LAN... > > I repeat that is a debian Lenny webserver-fileserver-firewall (iptables-Squid 2.7-Samba 3-Apache 2, all in the same machine). > > The setting: > > Squid 2.7 > > http_port 192.168.000.1:3128 transparent ok. > http_port 80 accel defaultsite=mysite.com vhost This http_port should be bound to the public ip. Not "any address". > cache_peer 127.0.0.1 parent 80 0 no-query originserver name=Ricardo ok. > cache_peer_access Ricardo mysite.com allow MyWeb > cache_peer_access Ricardo mysite.com deny all The above two lines looks wrong.. what is mysite.com doing there? > Where the acl "MyWeb" is:> acl myweb dstdomain mysite.com mysite1.com mysite2.com.ar > > (The sites are all on the same Apache, Virtual directory) > > Iptables: > > $IPTABLES -A tcp_packets -p TCP -s 0/0 -dport 80 -j allowed > > $IPTABLES -t nat -A PREROUTING -i $LAN_IFACE -s $LAN_IP_RANGE -d ! $LAN_IP_RANGE -p tcp -dport 80 -j REDIRECT> -to-ports 3128 I usually do not use a source (-s) condition there, but does not matter. Regards Henrik
