Hi Amos,
Thanks again for your reply
You asked me to remove the our_network Acl completely, I have done so I
didn't even comment it, I removed it.
I have commented out the # acl localnet 172.0.0....
I have commented out the # acl localnet 10.0.0.0/8
I have put my own localnet
acl localnet 192.168.1.0/32
http_access allow manager localhost
http_access deny manager
http_access allow localnet
right?
Now for 100% sure I will give it as I said a day or two and see how it goes
for now everything seem to be working fine.
I will email you my website
I have done what you suggested now if there's something you think I haven't
done please let me know
Thanks again
Regards
Adam
----- Original Message -----
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Monday, March 29, 2010 1:22 AM
Subject: Re: Help with accelerated site
On Mon, 29 Mar 2010 00:39:40 +0100, "Adam@Gmail" <adbasque@xxxxxxxxxxxxxx>
wrote:
Hello Amos,
Thanks for your reply and suggestion
I have just done what you suggested and I still couldn't access the
internet
from my local network
I completely removed "our_network" and the relevant http_access etc..
But couldn't access the internet
Part #1 of my sentence (cleaning out config garbage) completed.
"You need to remove the "our_network" ACL completely"
Part #2 of my sentence (how to enable access) apparently ignored.
... " and adjust the "localnet" ACL as per the default config
instructions so that it only specifies your internal LAN IP address
range(s)."
Instead you went on and made up your own approach which complicates your
setup A LOT and now requires you to juggle many other software
configurations as well to make them all match the fancy squid.conf ...
After that I did the following
added and http_port 8080
to the config and up my clients could access the internet and I can
still
access my backend server from the internet
So normally everything is working fine
100% sure about that?
What is your public website name?
I am not sure it's being wise to make squid listen on more than one
port,
... not sure it's _wise_ ?!
It's REQUIRED for safe security to run a different port for each type of
input the proxy receives. When doing so firewall and squid.conf rules
become very easy to understand and get correct without causing security
breaches by accidental misconfiguration.
What we have been trying to get you to do is properly setup "http_port 80
accel vhost" to receive reverse-proxy mode traffic (public website) and
"http_port 3128" to receive forward-proxy mode traffic (your LAN).
I'll keep a closer eye on it and see what will happen in the next day or
two.
Anyway this for the benefit of anybody who find themselves in the same
or
similar situation
if you're forced to use http_port 3128 vhost (in order to access your
sites
from outside i.e Internet)
This is if your sites are on the same webserver on a virtual host
Nobody is ever forced to do this by Squid. You are no exception.
Amos
