At this point, the best suggestion that I can provide to Adam is to remove the existing config, and re-instate the default config that came with Squid. Then, start from there. No need to define make custom ACLs, make everything accessible at first. Just concentrate on making the FWD + REV configs working, then moving to ACLs. Regards HASSAN On Mon, Mar 29, 2010 at 6:22 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Mon, 29 Mar 2010 00:39:40 +0100, "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx> > wrote: >> Hello Amos, >> Thanks for your reply and suggestion >> >> I have just done what you suggested and I still couldn't access the >> internet >> from my local network >> I completely removed "our_network" and the relevant http_access etc.. >> But couldn't access the internet >> > > Part #1 of my sentence (cleaning out config garbage) completed. > > "You need to remove the "our_network" ACL completely" > > Part #2 of my sentence (how to enable access) apparently ignored. > > ... " and adjust the "localnet" ACL as per the default config > instructions so that it only specifies your internal LAN IP address > range(s)." > > > Instead you went on and made up your own approach which complicates your > setup A LOT and now requires you to juggle many other software > configurations as well to make them all match the fancy squid.conf ... > > >> >> After that I did the following >> >> added and http_port 8080 >> to the config and up my clients could access the internet and I can > still >> access my backend server from the internet >> So normally everything is working fine > > 100% sure about that? > > What is your public website name? > > >> >> I am not sure it's being wise to make squid listen on more than one > port, > > ... not sure it's _wise_ ?! > > It's REQUIRED for safe security to run a different port for each type of > input the proxy receives. When doing so firewall and squid.conf rules > become very easy to understand and get correct without causing security > breaches by accidental misconfiguration. > > What we have been trying to get you to do is properly setup "http_port 80 > accel vhost" to receive reverse-proxy mode traffic (public website) and > "http_port 3128" to receive forward-proxy mode traffic (your LAN). > > >> I'll keep a closer eye on it and see what will happen in the next day or > >> two. >> Anyway this for the benefit of anybody who find themselves in the same > or >> similar situation >> if you're forced to use http_port 3128 vhost (in order to access your >> sites >> from outside i.e Internet) >> This is if your sites are on the same webserver on a virtual host > > Nobody is ever forced to do this by Squid. You are no exception. > > Amos > >
