On 23/06/2012 9:55 p.m., Ton Muller wrote:
On 23-6-2012 3:47, Linda W wrote:
Ton Muller wrote:
access webmail is not possible when i use name lookup, i must use IP
adres for it.
so, my question..
where did i make a mistake , i used basic squid config, and added only
some ports for access.
----
lots of possibilities --
1), I usually have clients setup to go direct to anything on my local net.
If they can't resolve the other hostnames properly (internal DNS/hosts/NIS/
whatever). That could cause problems. How do your internal clients
resolve internal addresses -- do you have a DNS server setup for local
clients?
Yes, i have named on my openBSD box running, and yes, it works as it
should be....
2) I also usually have squid setup NOT to serve internal addresses -- so if
a client tries to go through squid to get to an internal address, it
will usually
get an 'access denied' -- since going through squid to get to a local
address is
just 'wrong'...
hm,mkey..
and how i adapt it to my condig, if i may ask..
It also helps prevent someone getting access to squid from the outside
-- (hypothetical)
then they would get an access denied for any ports on the inside of my net.
Those are things that would go wrong on my network. Now what can go
wrong on your
network depends on config's of clients, squid, how your network is
setup...etc...
Give you any ideas?
ideas enough.
as say, am using openBSD for nat, and serving local stats with mrtg and
smokeping (NO ACCESS TO EVIL WAN xD)
am not having squid configed as accelerator (it even wont let me, if i
add the tags, a check on config gives errors)
What errors?
All Squid since 2.6 have been able to do "accelerator" reverse-proxy by
defualt out of the box. There are no buid options to disable it even.
Amos
