On 23/08/2013 6:13 p.m., HillTopsGM wrote:
In trying to configure the squid.conf file to cache windows updates as per
the wiki on this page here:
http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
<http://wiki.squid-cache.org/SquidFaq/WindowsUpdate>
I am having trouble getting squid to run.
If I paste this code:
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com
acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
*
http_access allow CONNECT wuCONNECT localnet
*
*
http_access allow windowsupdate localnet
*
. . . into my squid.conf file and save it. Squid will not restart properly.
when I try to restart it i get this message:
stop: Unknown instance:
squid3 start/running, process 4374
If I run 'top' I don't see it running there either.
The only way I can get the squid3 service to show that it stops and restarts
(and to show running again when I type in 'top' ) is if the code that I have
in bold above is commented out . . . That would be these lines:
*
http_access allow CONNECT wuCONNECT localnet
*
*
http_access allow windowsupdate localnet
*
Under the section labelled "*How do I stop Squid popping up the
Authentication box for Windows Update?*"
The first line before the code says:
Add the following to your squid.conf, assuming you have defined localnet
to mean your local clients. It 'MUST' be added near the top before any ACL
that require authentication.
All I was doing was using the default ACL settings that come when Squid is
installed, and I entered the code immediately after this default setting in
the conf file:
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
Ah. I spot the mangling that Debian do to prevent Squid runngin with
default configuration file.
You need to uncomment whichever of those localnet lines are appropriate.
Add a new one if you have some other IP address range in your LAN.
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
Do I have to "*defined localnet to mean your local clients*"?
Yes.
Right now the DHCP network is assigning ips in this range: 192.168.1.0/24
Then the 192.168.*** line will probably be enough. If you have IPv6
enabled on the LAN you will also want the fe80:: one.
Amos
