On 17/10/17 21:56, hoje wrote:
Hi Mr.Amos,
Thank you for helping in my previous post. I have a question. I’ve tried the
same squid.conf setup to a new topology, and it works only for all internal
users. But, external users that want to access my public web server, will
get an access denied error (’The requested URL could not be retrieved’).
Anything that i need to do to fix this problem? Please advice. Thank you
again.
My setup
———
debian 9, squid-3.5.26-20170702-r14182
Old topology (that works)
————
WAN +-->RT+—>(linux+SQUID+bridge)—>SW+---> INT USER
What are the WAN users supposed to be accessing in this "working" topology?
( the "->" indicates request flow).
New topology (ext user can’t access my web server)
———————
WAN +-->RT+—>(linux+SQUID+bridge)+—> FW+---> SW+---> INT USER
+
|
v
DMZ SW
+
|
v
WEB SRV
You seem to be describing WAN users accessing internal user accounts,
which relay to internal web server. That right ?
My squid.conf
—————
https://pastebin.com/AbU6nihK
This config only permits the LAN 10/8, fe80::/16, and fc00::/16 ranges -
though the ports are IPv4-only so those IPv6 ranges cannot even connect
in the first place.
To run Squid as a gateway for an internal server you need an accel port,
cache_peer and http_access + cache_peer_access to permit access to the
hosted domains.
see
<https://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator>
and <https://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting>
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
