Yes, you're right, you told me. But there is one detail that I did not comment then, to not lengthen the thing (and because I figured it did not matter): the public IP is dynamic and is routed using a script to ZoneEdit. Then, because Amos told me to leave http_port 80 bind to all... About this, do you have any trick to set the dynamic IP in this Squid sentence? I have a small script, "Ipofif", inserted between variables in iptables, and when running shows the IP of the NIC... Could I "embedded" in some way in this line of http_port to display the IP? Any solution? Or, if the problem is caused by dynamic IP in accelerator mode, will I have to remove it? Regards Richard ---------------------------------------- > Date: Thu, 3 Sep 2009 11:39:27 -0800 > From: crobertson@xxxxxxx > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid 2.7: Request from LAN UNABLE to FORWARD or CONNECTION REFUSED or ACCESS DENIED > > Ricardo A wrote: >> Dear Chris and Henrik, >> I'm sorry, but now cannot access webpages from outside... >> Yes I can from LAN... >> >> I repeat that is a debian Lenny webserver-fileserver-firewall (iptables-Squid 2.7-Samba 3-Apache 2, all in the same machine). >> >> The setting: >> >> Squid 2.7 >> >> http_port 192.168.000.1:3128 transparent >> http_port 80 accel defaultsite=mysite.com vhost >> > > As I stated in my first email, this line should be... > > http_port 192.168.0.1:80 accel defaultsite=mysite.com vhost > > ...because just using the port tells Squid to bind to all interfaces. > You need to limit it to the public interface so Apache can bind to the > loopback. > >> cache_peer 127.0.0.1 parent 80 0 no-query originserver name=Ricardo >> cache_peer_access Ricardo mysite.com allow MyWeb >> cache_peer_access Ricardo mysite.com deny all >> >> Where the acl "MyWeb" is:> acl myweb dstdomain mysite.com mysite1.com mysite2.com.ar >> >> (The sites are all on the same Apache, Virtual directory) >> >> Iptables: >> >> $IPTABLES -A tcp_packets -p TCP -s 0/0 -dport 80 -j allowed >> >> $IPTABLES -t nat -A PREROUTING -i $LAN_IFACE -s $LAN_IP_RANGE -d ! $LAN_IP_RANGE -p tcp -dport 80 -j REDIRECT> -to-ports 3128 >> >> Apache 2: >> >> port.conf >> >> LISTEN 127.0.0.1:80 >> ------------ >> With these settings, Apache 2 again warn: >> >> apache2(98)Address already in use: make_sock: could not> bind to address [::]:80> (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80> no listening sockets available, shutting down> Unable to open logs >> >> Thanks in advance... >> Ricardo >> > > Chris > _________________________________________________________________ Learn how to add other email accounts to Hotmail in 3 easy steps. http://clk.atdmt.com/UKM/go/167688463/direct/01/
