solution found.. pf.conf op openBSD box as to tight written, it blocked to much for LAN services .grrrr On 23-6-2012 11:55, Ton Muller wrote: > On 23-6-2012 3:47, Linda W wrote: >> Ton Muller wrote: >>> access webmail is not possible when i use name lookup, i must use IP >>> adres for it. >>> >>> so, my question.. >>> where did i make a mistake , i used basic squid config, and added only >>> some ports for access. >> ---- >> >> lots of possibilities -- >> 1), I usually have clients setup to go direct to anything on my local net. >> If they can't resolve the other hostnames properly (internal DNS/hosts/NIS/ >> whatever). That could cause problems. How do your internal clients >> resolve internal addresses -- do you have a DNS server setup for local >> clients? >> > Yes, i have named on my openBSD box running, and yes, it works as it > should be.... > >> >> >> 2) I also usually have squid setup NOT to serve internal addresses -- so if >> a client tries to go through squid to get to an internal address, it >> will usually >> get an 'access denied' -- since going through squid to get to a local >> address is >> just 'wrong'... > hm,mkey.. > and how i adapt it to my condig, if i may ask.. > >> >> It also helps prevent someone getting access to squid from the outside >> -- (hypothetical) >> then they would get an access denied for any ports on the inside of my net. >> >> Those are things that would go wrong on my network. Now what can go >> wrong on your >> network depends on config's of clients, squid, how your network is >> setup...etc... >> >> Give you any ideas? >> >> > ideas enough. > as say, am using openBSD for nat, and serving local stats with mrtg and > smokeping (NO ACCESS TO EVIL WAN xD) > > am not having squid configed as accelerator (it even wont let me, if i > add the tags, a check on config gives errors) > > DNS is setup to serve local names only, and fetching DNS when needed extern. > >
