On 9/08/19 1:57 am, Service MV wrote: > Hello everyone! > > I have a network 192.168.10.0/22 > I want to let the IP ranges 192.168.12.1 to 192.168.13.254 through my > proxy, but not the ranges 192.168.10.1 to 192.168.11.254. > If I don't misunderstand the documentation > <http://www.squid-cache.org/Versions/v4/cfgman/acl.html>, the correct > way to do this would be: > acl mylocalnet src 192.168.12.0/24 > acl mylocalnet src 192.168.13.0/24 > [...] > http_access allow mylocalnet > > Is this right? Close. But that would include the machines with *.0 and *.255 address outside the range you mention wanting to match. If your needed range does not map to nice CIDR range(s) you can set the start and end address instead: acl mylocalnet src 192.168.12.1-192.168.13.254 PS. setting the LAN range(s) you want to use the proxy is what the "localnet" ACL is there for. The values provided are just an example of standardized ranges that will let the proxy work on most networks by default. There is usually no need for a new custom name, just edit the list as necessary for your policy. Unless you mean something else for this custom ACL to be doing - in which case you might want to consider using a name that makes the access rules read in a more easily interpreted way. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
