Hi Henrik, thanks for your help. All right now. I have done as you suggested: a bash script, which first captures the dynamic IP with "ipofif", it saving in a log and in a file (wich contains the "include" with the http_port). Then, from time to time (configured in crontab), again the script take the IP, compared with the previous one and if equal, nothing, but if is different rebuild the include, so every 15 minutes (cron). Now I have a weird problem. I can only access some domains (runon the same server where Squid and Apache2). That is, YES I can access mydomain.com, but NOT I can not www.mydomain.com. In Squid I have a line acl myweb dstdomain "/usr/squid/domain". Where "domain" save a list: *.mydomain.com www.mydomain.com *.otherdomain.com www.otherdomain.com In Apache2 each virtualhost is setting: *. midominio.com www.midominio.com etc ... I have seen in other forums of years ago that had problems with Squid acl dstdomain When you add multiple URLs to the same ... Any ideas? Regards Ricardo -----Mensaje original----- De: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Enviado el: viernes, 04 de septiembre de 2009 01:12 a.m. Para: Ricardo A CC: crobertson@xxxxxxx; squid-users@xxxxxxxxxxxxxxx Asunto: Re: Squid 2.7: Request from LAN UNABLE to FORWARD or CONNECTION REFUSED or ACCESS DENIED Ricardo A wrote: > > Yes, you're right, you told me. But there is one detail that I did not comment then, to not lengthen the thing (and because I figured it did not matter): the public IP is dynamic and is routed using a script to ZoneEdit. > Then, because Amos told me to leave http_port 80 bind to all... Right, back when you were only speaking of Squid alone. That method is used with dynamic IPs to make Squid listen to every single IP the box has now and ever. Adding apache on the same box means either the IP has to be pre-known or apache listening on a strange port. > > About this, do you have any trick to set the dynamic IP in this Squid sentence? > I have a small script, "Ipofif", inserted between variables in iptables, and when running shows the IP of the NIC... Could I "embedded" in some way in this line of http_port to display the IP? > > Any solution? Or, if the problem is caused by dynamic IP in accelerator mode, will I have to remove it? You could make a script that gets called whenever the IP changes (I'm not sure jhow, maybe an ifupdown hook) generate a file, say /etc/squid/ports containing the http_port lines (only). And call reconfigure on squid whenever the IP changes. You would also need to have "include /etc/squid/ports" set in squid.conf to load the generated ports file. Amos > ---------------------------------------- >> Date: Thu, 3 Sep 2009 11:39:27 -0800 >> From: crobertson@xxxxxxx >> To: squid-users@xxxxxxxxxxxxxxx >> Subject: Re: Squid 2.7: Request from LAN UNABLE to FORWARD or CONNECTION REFUSED or ACCESS DENIED >> >> Ricardo A wrote: >>> Dear Chris and Henrik, >>> I'm sorry, but now cannot access webpages from outside... >>> Yes I can from LAN... >>> >>> I repeat that is a debian Lenny webserver-fileserver-firewall (iptables-Squid 2.7-Samba 3-Apache 2, all in the same machine). >>> >>> The setting: >>> >>> Squid 2.7 >>> >>> http_port 192.168.000.1:3128 transparent >>> http_port 80 accel defaultsite=mysite.com vhost >>> >> As I stated in my first email, this line should be... >> >> http_port 192.168.0.1:80 accel defaultsite=mysite.com vhost >> >> ...because just using the port tells Squid to bind to all interfaces. >> You need to limit it to the public interface so Apache can bind to the >> loopback. >> >>> cache_peer 127.0.0.1 parent 80 0 no-query originserver name=Ricardo >>> cache_peer_access Ricardo mysite.com allow MyWeb >>> cache_peer_access Ricardo mysite.com deny all >>> >>> Where the acl "MyWeb" is:> acl myweb dstdomain mysite.com mysite1.com mysite2.com.ar >>> >>> (The sites are all on the same Apache, Virtual directory) >>> >>> Iptables: >>> >>> $IPTABLES -A tcp_packets -p TCP -s 0/0 -dport 80 -j allowed >>> >>> $IPTABLES -t nat -A PREROUTING -i $LAN_IFACE -s $LAN_IP_RANGE -d ! $LAN_IP_RANGE -p tcp -dport 80 -j REDIRECT> -to-ports 3128 >>> >>> Apache 2: >>> >>> port.conf >>> >>> LISTEN 127.0.0.1:80 >>> ------------ >>> With these settings, Apache 2 again warn: >>> >>> apache2(98)Address already in use: make_sock: could not> bind to address [::]:80> (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80> no listening sockets available, shutting down> Unable to open logs >>> >>> Thanks in advance... >>> Ricardo >>> >> Chris >> > _________________________________________________________________ > Learn how to add other email accounts to Hotmail in 3 easy steps. > http://clk.atdmt.com/UKM/go/167688463/direct/01/ -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
