On Mon, 29 Mar 2010 00:39:40 +0100, "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx> wrote: > Hello Amos, > Thanks for your reply and suggestion > > I have just done what you suggested and I still couldn't access the > internet > from my local network > I completely removed "our_network" and the relevant http_access etc.. > But couldn't access the internet > Part #1 of my sentence (cleaning out config garbage) completed. "You need to remove the "our_network" ACL completely" Part #2 of my sentence (how to enable access) apparently ignored. ... " and adjust the "localnet" ACL as per the default config instructions so that it only specifies your internal LAN IP address range(s)." Instead you went on and made up your own approach which complicates your setup A LOT and now requires you to juggle many other software configurations as well to make them all match the fancy squid.conf ... > > After that I did the following > > added and http_port 8080 > to the config and up my clients could access the internet and I can still > access my backend server from the internet > So normally everything is working fine 100% sure about that? What is your public website name? > > I am not sure it's being wise to make squid listen on more than one port, ... not sure it's _wise_ ?! It's REQUIRED for safe security to run a different port for each type of input the proxy receives. When doing so firewall and squid.conf rules become very easy to understand and get correct without causing security breaches by accidental misconfiguration. What we have been trying to get you to do is properly setup "http_port 80 accel vhost" to receive reverse-proxy mode traffic (public website) and "http_port 3128" to receive forward-proxy mode traffic (your LAN). > I'll keep a closer eye on it and see what will happen in the next day or > two. > Anyway this for the benefit of anybody who find themselves in the same or > similar situation > if you're forced to use http_port 3128 vhost (in order to access your > sites > from outside i.e Internet) > This is if your sites are on the same webserver on a virtual host Nobody is ever forced to do this by Squid. You are no exception. Amos